A curated list of resources for learning about application security
-
Updated
Mar 9, 2020 - PHP
#
application-security
Here are 66 public repositories matching this topic...
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
javascript
hacking
owasp
application-security
pentesting
ctf
vulnerable
appsec
owasp-top-10
owasp-top-ten
vulnapp
-
Updated
Mar 9, 2020 - JavaScript
Next generation web scanner
ruby
security
web
scanner
hacking
owasp
penetration-testing
application-security
pentesting
recon
pentest
kali-linux
appsec
network-security
web-hacking
security-tools
penetration-test
hacking-tools
pentesting-tools
penetration-testing-tools
-
Updated
Mar 7, 2020 - Ruby
XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.
-
Updated
Mar 8, 2020 - PHP
A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
android
reverse-engineering
penetration-testing
application-security
malware-analyzer
mobile-security
-
Updated
Mar 7, 2020
victoriadrake
commented
Jan 22, 2020
What would you like added?
Add an article for Self DOM-Based Cross-Site Scripting Testing and ensure it meets the article standards.
Refer to: https://hackerone.com/reports/406587
Open-Source Security Architecture | 开源安全架构
security
security-audit
ids
application-security
security-vulnerability
vulnerabilities
ips
vulnerability-scanners
security-scanner
security-tools
code-audit
business-security
-
Updated
Mar 8, 2020
Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
security
static-code-analysis
penetration-testing
dynamic-analysis
application-security
wordpress-security
mobile-security
vulnerability-management
vulnerability-scanners
security-scanner
vulnerability-assessment
network-security
webappsec
vulnerability-scanning
source-code-analysis
penetration-testing-framework
security-vulnerability-assessment
-
Updated
Mar 7, 2020 - Java
Janusec Application Gateway, a Golang based application security solution which provides WAF (Web Application Firewall), CC attack defense, unified web administration portal, private key protection, web routing and scalable load balancing.
go
golang
security
gateway
waf
xss
reverse-proxy
sql-injection
application-security
web-application-firewall
web-console
web-application-security
web-ssh
application-gateway
load-balance
cc-attack-defense
sensitive-data-leakage
janusec-application-gateway
-
Updated
Mar 9, 2020 - Go
Awesome PHP Security Resources 🕶 🐘 🔐
-
Updated
Mar 9, 2020
paragonie-scott
commented
Nov 6, 2016
Post feature requests here. Backwards compatibility is optional.
Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.
-
Updated
Feb 16, 2020 - Java
windows
macos
linux
security
application
unix
command
os
injection
vulnerability
application-security
security-vulnerability
bugbounty
payload
command-injection
security-testing
security-research
vulnerability-research
payload-list
os-injection
-
Updated
Mar 7, 2020
Web application vulnerability scanner
security
security-audit
web
hacking
web-application
application-security
web-security
hacking-tool
security-scanner
security-automation
security-tools
web-security-research
web-sec-scanner
security-testing
taipan
-
Updated
Mar 6, 2020
1
Quitten
commented
Sep 15, 2019
Table filter tab should be changed to table settings and support which visible fields will be presented on results table, so clients can add or remove any columns.
In addition, support the following request:
it would be great to keep this issue open to implement the three new columns in the results table to show the status codes of the original, modified and unauthenticated responses.
by @r
Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
security
application-security
security-vulnerability
bugbounty
vulnerability-management
vulnerability-assessment
network-security
security-tools
pentest-tool
security-testing
penetration-testing-framework
cve-search
cve-databases
product-security
-
Updated
Mar 2, 2020 - Python
Fast Advanced Spam Analysis Tool
python
docker
security
ansible
ansible-playbook
docker-image
smtp
outlook
application-security
mail-analyzer
spam-analyzer
streamparse
apache-storm
dialect
spamscope
-
Updated
Mar 6, 2020 - Python
Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop
hacking
owasp
application-security
pentesting
ctf
capture-the-flag
ctfd
owasp-juice-shop
ctfd-database
ctfd-setup
-
Updated
Mar 4, 2020 - JavaScript
An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.
mobile-app
application-security
pentesting
android-app
android-security
mobile-security
vulnerable
ctf-platform
ctf-challenges
android-ctf
android-pentest
mobile-pentest
mobile-ctf
android-application-vulnerabilities
android-labs
-
Updated
Feb 25, 2020 - CMake
【iOS应用安全、安全攻防】hook及越狱的基本防护与检测(动态库注入检测、hook检测与防护、越狱检测、签名校验、IDA反编译分析加密协议示例)
-
Updated
Mar 9, 2020 - Objective-C
A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
-
Updated
Mar 6, 2020 - HTML
AresSec
commented
Aug 25, 2017
To show directly if all dependencies are up-to-date or code coverage of our tests, etc. We should add github badges:
security
bug-bounty
application-security
bugbounty
appsec
payload
payloads
lfi
rfi
web-hacking
websecurity
web-application-security
security-research
security-researcher
lfi-exploitation
payload-list
lfi-vulnerability
security-researchers
rfi-exploiton
rfi-vulnerabillity
-
Updated
Mar 2, 2020
Tool for breaking into web applications.
-
Updated
Feb 13, 2020 - Python
A Continuous Threat Modeling methodology
-
Updated
Mar 6, 2020
VyAPI - A cloud based vulnerable hybrid Android App
-
Updated
Mar 9, 2020 - Java
Repository for all the workshop content delivered at nullcon X on 1st of March 2019
-
Updated
Mar 6, 2020 - CSS
-
Updated
Jan 4, 2020
Identifying Open-Source License Violation and 1-day Security Risk at Large Scale
-
Updated
Jan 23, 2020 - Python
Improve this page
Add a description, image, and links to the application-security topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the application-security topic, visit your repo's landing page and select "manage topics."
Description of problem:
I have never written SCAP content before, and am looking at how to get started. I would like to write SCAP content to test compliance on Photon OS against DISA SRGs. I have been all over the wiki pages, but I am still not sure how to get started. The main page makes it look super easy for writing OVAL and XCCDF files using YAML, but I am not sure where to build those