181 tools and resources
Showcase your innovative cybersecurity solution to our dedicated audience of security professionals.
Boost Your VisibilityA static analysis tool for Android apps that detects malware and other malicious code
Cross-site scripting labs for web application security enthusiasts
OWASP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application for client-server communication with numerous vulnerabilities.
A comprehensive cheatsheet for XSS filter evasion techniques.
A tool to conduct preliminary security checks in code, infrastructure, or IAM configurations using various open-source tools.
Static security code scanner (SAST) for Node.js applications with Docker support and integrations with Slack.
A plugin for viewing, detecting weak configurations, and generating Content Security Policy headers.
A lightweight web security auditing toolkit that simplifies security tasks and enhances productivity.
A free online tool that scans and fixes common security issues in WordPress websites.
A series of levels teaching about common mistakes and gotchas when using Amazon Web Services (AWS).
A popular free security tool for automatically finding security vulnerabilities in web applications
Lint lockfiles for improved security and trust policies.
ThreatLocker is an enterprise cybersecurity platform that provides comprehensive endpoint protection and zero-trust security to prevent ransomware, viruses, and other malicious software from running on endpoints.
A brute-force protection middleware for express routes that rate-limits incoming requests.
Firejail is a SUID sandbox program for restricting the running environment of untrusted applications on Linux.
A tool for detecting capabilities in executable files, providing insights into a program's behavior and potential malicious activities.
Deliberately vulnerable web application for educational purposes.
This article discusses the different types of remote timing attacks and provides defense strategies against them.
Enhance your Android experience with the AMAaaS Agent APK for better performance and improved user experience.
WackoPicko is a vulnerable website with known vulnerabilities, now available as a Docker image and included in the OWASP Broken Web Applications Project.
Emulates browser functionality to detect exploits targeting browser vulnerabilities.