dast

The OWASP ZAP core project

OWASP ZAP Add-ons

⚙️ A curated list of dynamic analysis tools and linters for all programming languages, binaries, and more.

A GitHub Action for running the OWASP ZAP Baseline scan

A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration

A GitHub Action for running the OWASP ZAP Full scan

SecHub provides a central API to test software with different security tools.

Runs a scan using Dastardly by Burp Suite against a target site and creates a JUnit XML report for the scan on completion.

⚡️ Multiple target ZAP Scanning

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

An implementation of infrastructure-as-code scanning using dynamic tooling.

⚡ Fast Web Security Scanner written in Rust based on Lua Scripts 🌖 🦀

Udemy Course on DevSecOps

Curated list of security tools

CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.

《深入理解DAST动态应用程序安全测试》Dynamic Application Security Testing.

Security tools report parsers for Faradaysec.com

A GitHub Action for running the OWASP ZAP API scan

Vulnerability consolidation and management tool, enhances scan results by merging different findings of the same weakness across multiple static/dynamic scans