Showcase your innovative cybersecurity solution to our dedicated audience of security professionals.
Reach out!
Goof is a vulnerable Node.js demo application that includes a series of vulnerabilities and exploits
A Burp extension for scanning JavaScript files for endpoint links
Automated web application testing tool
A tool for identifying and extracting parameters from HTTP requests and responses
Open Redirection Analyzer
A tool for brute-forcing GET and POST parameters to discover potential vulnerabilities in web applications.
IronBee is an open source project building a universal web application security sensor.
An insecure web application with multiple vulnerable web service components for learning real-world web service vulnerabilities.
Dynamic application security testing tool for identifying and fixing web application vulnerabilities.
A tool to scan for CORS misconfigurations in web applications
Orchestration toolchain for scanning source code and infrastructure IaC against security risks.
Static application security testing (SAST) tool for scanning source code against security and privacy risks.
App-Ray offers comprehensive security analysis and compliance solutions for mobile applications.
Hackazon is a free, vulnerable test site with an online storefront to train and test IT security professionals on various vulnerabilities like SQL Injection and cross-site scripting.
Mitigate security concerns of Dependency Confusion supply chain security risks.
Automated framework for monitoring and tampering system API calls of native macOS, iOS, and Android apps.
A third-party Nginx module that prevents common web attacks by reading a small subset of simple rules containing 99% of known patterns involved in website vulnerabilities.
Open-Source framework for detecting and preventing dependency confusion leakage with a holistic approach and wide technology support.
Instrumentation-based approach for resolving reflective calls in Android apps.
A web application designed to be 'Xtremely Vulnerable' for security enthusiasts to learn application security.
Important security headers for Fastify with granular control over application routes.
A comprehensive web application security testing solution that offers built-in vulnerability assessment and management, as well as integration options with popular software development tools.
OpenRASP directly integrates its protection engine into the application server by instrumentation, providing context-aware protection and detailed stack trace logging.
An open-source tool for detecting and analyzing Android apps' vulnerabilities and security issues.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
A tool for dynamic analysis of mobile applications in a controlled environment.
Websecurify provides efficient ways to protect organizations with sophisticated technology and expert consultancy.
Protect your Fastify server against CSRF attacks with a series of utilities and recommendations for secure application development.
Static code analyzer for Infrastructure as Code with 500+ security policies and support for various IaC tools and cloud platforms.
A web-based tool for instrumenting and analyzing Android applications using Flask, Jinja, and Redis.
A web security tool that scans for vulnerabilities and known attacks.
SAST and malware analysis tool for Android APKs with detailed scan information.
A vulnerable by design infrastructure on Azure featuring the latest released OWASP Top 10 web application security risks (2021) and other misconfigurations.
A PHP/MySQL web application designed to aid security professionals in testing their skills and tools in a legal environment.
A deliberately vulnerable modern day app with lots of DOM related bugs
Utility for comparing control flow graph signatures to Android methods with scanning capabilities for malicious applications.
ConDroid performs concolic execution of Android apps to observe 'interesting' behavior in dynamic analysis.
Curiefense is an application security platform that protects against various threats and offers community involvement.
A static analysis tool for Android apps that detects malware and other malicious code
OWASP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application for client-server communication with numerous vulnerabilities.
A tool to conduct preliminary security checks in code, infrastructure, or IAM configurations using various open-source tools.
A lightweight web security auditing toolkit that simplifies security tasks and enhances productivity.
A popular free security tool for automatically finding security vulnerabilities in web applications
Deliberately vulnerable web application for educational purposes.
WackoPicko is a vulnerable website with known vulnerabilities, now available as a Docker image and included in the OWASP Broken Web Applications Project.
A web application security testing platform that helps you test your knowledge on web application security through realistic scenarios with known vulnerabilities.
A technology lookup and lead generation tool that identifies the technology stack of any website and provides features for market research, competitor analysis, and data enrichment.
An open-source web application security scanner framework that identifies vulnerabilities in web applications.
A Burp Suite content discovery plugin that adds smart functionality to the Buster plugin.
