Appsec
Showing 19 of 19 projects
An open-source penetration testing tool that automates SQL injection detection and database takeover.
A free, open-source web application security scanner for finding vulnerabilities during development and testing.
A curated list of resources for learning and practicing web application security, including tools, books, courses, and vulnerable labs.
An open-source web application security scanner that identifies and exploits 200+ vulnerabilities for developers and penetration testers.
An open-source zero-trust networking platform that makes network services invisible to unauthorized users with cryptographic identity and end-to-end encryption.
Static application security testing (SAST) tool that scans source code to discover, filter, and prioritize security and privacy risks.
A static application security testing (SAST) tool that scans source code to discover, filter, and prioritize security and privacy risks.
KICS is an open-source static analysis tool that finds security vulnerabilities, compliance issues, and misconfigurations in Infrastructure as Code.
A deliberately vulnerable CI/CD environment with 11 challenges to learn and practice CI/CD security.
A curated list of threat modeling resources including books, courses, videos, tools, tutorials, and examples for learning and practicing threat modeling.
A machine learning security engine that preemptively prevents web app and API threats using supervised and unsupervised models.
The largest open-source database of regex patterns for detecting secrets, API keys, passwords, and tokens in code.
A professional-grade web security scanner for penetration testing with intelligent, context-aware scanning and proof-based vulnerability detection.
A comprehensive checklist for designing, testing, and releasing secure Android applications based on OWASP standards.
A vulnerable Android app aggregating known security vulnerabilities for testing and educational purposes.
A curated collection of offensive security research, techniques, and tools for attacking CI/CD pipelines and software supply chains.
A dependency-aware GraphQL API fuzzing tool that automatically generates and executes security tests based on schema introspection.
An open-source, modular framework to detect and prevent dependency confusion attacks across multiple package managers.
Open-source application security training materials including presentations and hands-on labs from Duo Security.
Related Tags
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.