Application Security
Showing 31 of 31 projects
A fast, customizable vulnerability scanner with a YAML-based DSL, powered by a global security community.
A free, open-source web application security scanner for finding vulnerabilities during development and testing.
A comprehensive manual for mobile app security testing and reverse engineering, aligned with OWASP MASVS and MASWE.
The most comprehensive open dictionary of attack patterns, predictable resource locations, and regex for black-box application security testing.
A static analysis security vulnerability scanner for Ruby on Rails applications.
A curated list of books, articles, websites, and tools for learning application security across multiple programming languages.
A curated list of books, articles, websites, and tools for learning application security across multiple programming languages.
Open source Runtime Application Self-Protection (RASP) solution that integrates security directly into application servers via instrumentation.
Security-focused static analysis tool for Elixir and Phoenix applications, detecting common vulnerabilities.
A curated list of DevSecOps tools, resources, and training materials for integrating security into the development lifecycle.
A machine learning security engine that preemptively prevents web app and API threats using supervised and unsupervised models.
An AI-powered tool that analyzes source code to discover every endpoint, exposing shadow APIs and mapping the complete attack surface for security testing.
A virtual machine for Android application security assessment, reverse engineering, and malware analysis.
A static analysis tool to identify security misconfigurations and anti-patterns in Electron applications.
A curated collection of resources for security research, vulnerability discovery, and pentesting of Electron.js applications.
A comprehensive mobile application reverse engineering and analysis framework for security testing against OWASP mobile threats.
A security tool that identifies DTDs in filesystem snapshots and generates XXE payloads using those local DTDs.
Route-level file upload security for Node.js, scanning files for malware, spoofing, and risky archives before storage.
A free, open-source, cross-platform desktop application for threat modeling with system diagramming and automated threat generation.
Research presentation and paper analyzing prototype pollution attacks in Node.js, presented at NorthSec 2018.
A CLI tool to export OWASP Juice Shop security challenges into CTFd, RootTheBox, or FBCTF compatible formats.
An open-source guide with 16 thematic sheets to help developers implement GDPR compliance in web and application projects.
An in-memory application-driven jailer written in Go, inspired by fail2ban, to deter system probing and attacks.
An ASP.NET Core middleware that injects OWASP-recommended HTTP security headers with a single line of code.
A curated collection of CVEs, research, tools, and resources for WebSocket security testing and vulnerability research.
An open-source runtime application self-protection (RASP) framework that defends Java web apps against OWASP Top 10 threats.
A curated list of security card games and tabletop exercises for training and discussion.
A curated collection of threat modeling resources, including methodologies, tools, books, and conference talks.
An automated IAST fuzzer for discovering vulnerabilities in CakePHP web applications with minimal false positives.
Open-source application security training materials including presentations and hands-on labs from Duo Security.
A vulnerable Android application demonstrating common security flaws for educational purposes.
Related Tags
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.