appsec-tutorials

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

Some good resources for getting started with application security

Additional Resources For Securing The Stack Tutorials

Interactive IPython Notebook to demonstrate OWASP ZAP's API and Scripting Functions - OWASP ZAP 2.8.0

Contrast Security Instrumentation for Dockerized Webgoat, with lab instructions.

DongTai-engine used to analyze the method data collected by the probe, analyze whether there are vulnerabilities in API requests through the algorithm of taint tracking, and is also responsible for timing tasks, including: expired log cleaning, probe state maintenance, data packet replay processing, etc.

Dongtai-plugin-idea is an IDEA plug-in developed by DongTai team for Java Web application developers. This plug-in provides functions such as vulnerability detection and code audit during application development, enabling developers to find application vulnerabilities more intuitively, quickly and in real time during application development.

React Native AppSec Sample

A playful introduction to web application vulnerabilities in the OWASP Top 10 while relying only on developer tools offered by modern web browsers.

The Good Parts of Application Security: learn how to build and test secure webapps

AppsecStudy - open-source elearning management system for information security

Гайды на русском