Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
-
Updated
Jul 21, 2021 - Python
#
owasp
Here are 432 public repositories matching this topic...
A collection of hacking / penetration testing resources to make you better!
exploit
reverse-engineering
malware
mitm
hacking
owasp
penetration-testing
ctf
privilege-escalation
buffer-overflow
windows-privilege-escalation
privilege-escalation-linux
-
Updated
Nov 11, 2020
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
python
rest
static-analysis
apk
owasp
dynamic-analysis
web-security
malware-analysis
mobsf
android-security
mobile-security
windows-mobile-security
ios-security
mobile-security-framework
api-testing
cwe
devsecops
runtime-security
mstg
masvs
-
Updated
Jul 20, 2021 - Python
In-depth Attack Surface Mapping and Asset Discovery
go
dns
osint
owasp
subdomain
enumeration
recon
maltego
network-security
information-gathering
osint-reconnaissance
attack-surfaces
-
Updated
Jul 19, 2021 - Go
snowbear
commented
Jun 11, 2021
⭐ Challenge idea
Description
Several users originally missing security question answers - most notably bjoern.k
A curated list of resources for learning about application security
-
Updated
Apr 12, 2021 - PHP
jespunya
commented
Jun 29, 2020
What would you like to happen?
The sections 4.7.11.1 Testing for Local File Inclusion & 4.7.11.2 Testing for Remote File Inclusion address two attack vectors that are very similar one to the other. Given this situation and the few documentation on the Remote injection one, my proposal would be to merge both in a single section called Testing for File Injection.
Next generation web scanner
ruby
security
web
scanner
hacking
owasp
penetration-testing
application-security
pentesting
recon
pentest
kali-linux
appsec
network-security
web-hacking
security-tools
penetration-test
hacking-tools
pentesting-tools
penetration-testing-tools
-
Updated
Jun 30, 2021 - Ruby
bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
go
html
sanitization
security
whitelist
risk
xss
data-uri
owasp
html-element
scenario
turns
nofollow
bluemonday
-
Updated
Jul 17, 2021 - Go
Automated Security Testing For REST API's
python
security
owasp
ci-cd
penetration-testing
postman-collection
sdlc
security-automation
penetration-testing-framework
restapiautomation
-
Updated
Dec 30, 2020 - Python
zakrush
commented
Jun 30, 2021
Slack us first!
Hello. I write about problem here:
https://owasp.slack.com/archives/C2P5BA8MN/p1624892081234100
Be informative
As additional into slack I find the same behaviour with Risk Accepted findings. Into Metrics I see 0 Risk Accepted findings, but I have 1 Risk Accepted finding
Bug description
No error. Metrics into product, or metrics dushboard has incorrect info
h3xstream
commented
Oct 5, 2020
Description
BeanUtils is a library that is doing automatic mapping to Java object.
It can cause arm when the attack controls part of the list of properties being sets. BeanUtils does not blacklist properties like class, classloader or other objects that are likely to load arbitrary classes and possibly run code.
Code
import org.apache.commons.beanutils.BeanUtils;
publicAwesome Node.js Security resources
-
Updated
Jul 14, 2021 - JavaScript
Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp
python
linux
security
nist
framework
passive
mozilla
traffic
owasp
pentest
impact
kali-linux
owtf
semi-passive
web-application-security
-
Updated
Jul 22, 2021 - Python
Kubernetes Goat is "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.
docker
kubernetes
infrastructure
security
microservices
helm
container
hacking
owasp
cloud-native
pentesting
cloudsecurity
devsecops
cloud-security
container-security
vulnerable-app
kubernetes-security
kubernetes-goat
-
Updated
Jul 5, 2021 - HTML
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
javascript
ruby
python
java
swift
rust
golang
php
security
ios
cryptography
encryption
authentication
objective-c
owasp
cryptography-library
secure-messenger
asymmetric-cryptography
symmetric-cryptography
secure-storage
-
Updated
Jul 22, 2021 - C
Automated Penetration Testing Framework
python
automation
bruteforce
owasp
penetration-testing
network-analysis
vulnerability-scanners
information-gathering
portscanner
penetration-testing-framework
-
Updated
Jul 22, 2021 - Python
hackers
hacking
resources
owasp
penetration-testing
exploitation
youtube-channel
web-hacking
vulnerable-applications
learning-hacking
-
Updated
Oct 1, 2020
stephenjohnwilliams
commented
Feb 23, 2021
Current Behavior:
When viewing vulns in the Audit Vulnerabilities tab. the Analysis column appears to contain code (enum?) names, e.g. NOT_SET, FALSE_POSITIVE. This problem also occurs in Policy Violations tab.
Steps to Reproduce:
Open the Audit Vulnerabilities tab.
Expected Behavior:
The Analysis column contains language specific analysis values, e.g. Not Set, False Positive
1
OWASP Joomla Vulnerability Scanner Project
-
Updated
Jul 13, 2021 - Raku
OWASP WEB Directory Scanner
proxy
scanner
bruteforce
proxies
dirscanner
owasp
dir-scanner
dir-search
pentest
directories-scanner
blackarch
dirsearch
-
Updated
Feb 24, 2021 - Python
OWASP ZAP Add-ons
-
Updated
Jul 22, 2021 - Java
The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
-
Updated
Jul 18, 2021
kingthorin
commented
Nov 9, 2020
https://github.com/OWASP/www-community/blob/master/pages/CRV2_AppThreatModeling.md
Contains a bunch of HTML based tables that need attention. They did not auto-migrate well and at a certain point break the rendering of the majority of the page.
Improve this page
Add a description, image, and links to the owasp topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the owasp topic, visit your repo's landing page and select "manage topics."
Decimal numbers like
52.5702100309281,trigger the PII scan rule, and they shouldnt.Example page: https://www.discoverireland.ie/limerick/glin-heritage-trails-knight-s-walk
They could be excluded using a similar check to https://github.com/zaproxy/zap-extensions/blob/master/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/PiiScanRule.java#L118-L139
cc @HugoBar