Essential tools and best practices for securing software applications throughout their lifecycle.Explore 312 curated tools and resources
Want your tool featured here?
Get maximum visibility with pinned placement
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
A tool for dynamic analysis of mobile applications in a controlled environment.
A tool for dynamic analysis of mobile applications in a controlled environment.
FSquaDRA detects repackaged Android applications by computing Jaccard similarity over file digests within APK packages using pre-computed signing digests for improved performance.
FSquaDRA detects repackaged Android applications by computing Jaccard similarity over file digests within APK packages using pre-computed signing digests for improved performance.
Websecurify provides efficient ways to protect organizations with sophisticated technology and expert consultancy.
Websecurify provides efficient ways to protect organizations with sophisticated technology and expert consultancy.
A command-line tool that scans websites to detect publicly known security vulnerabilities in frontend JavaScript libraries using Snyk's vulnerability database.
A command-line tool that scans websites to detect publicly known security vulnerabilities in frontend JavaScript libraries using Snyk's vulnerability database.
A Fastify plugin that provides utilities and middleware to protect web applications against Cross-Site Request Forgery (CSRF) attacks.
A Fastify plugin that provides utilities and middleware to protect web applications against Cross-Site Request Forgery (CSRF) attacks.
Reformat and re-indent bookmarklets, ugly JavaScript, and unpack scripts with options available via UI.
Reformat and re-indent bookmarklets, ugly JavaScript, and unpack scripts with options available via UI.
Dynamic Java code instrumentation kit for Android applications.
Yaramod is a library for parsing YARA rules into AST and building new YARA rulesets with C++ programming interface.
Yaramod is a library for parsing YARA rules into AST and building new YARA rulesets with C++ programming interface.
A web security tool that scans for vulnerabilities and known attacks.
A web security tool that scans for vulnerabilities and known attacks.
Kiterunner is a tool for lightning-fast traditional content discovery and bruteforcing API endpoints in modern applications.
Kiterunner is a tool for lightning-fast traditional content discovery and bruteforcing API endpoints in modern applications.
A honeypot trap for Symfony2 forms to reduce spam submissions.
A honeypot trap for Symfony2 forms to reduce spam submissions.
Lambda-Proxy is a utility that enables SQL injection testing of AWS Lambda functions by converting SQLMap HTTP attacks into Lambda invoke calls through a local proxy.
Lambda-Proxy is a utility that enables SQL injection testing of AWS Lambda functions by converting SQLMap HTTP attacks into Lambda invoke calls through a local proxy.
DOMPurify is a fast XSS sanitizer for HTML, MathML, and SVG.
Real-time, eBPF-based Security Observability and Runtime Enforcement component
Real-time, eBPF-based Security Observability and Runtime Enforcement component
A browser with XSS detection capabilities
Mobile Audit is a Docker-based SAST and malware analysis tool that performs comprehensive security analysis of Android APK files, including vulnerability detection, certificate verification, and Virus Total integration.
Mobile Audit is a Docker-based SAST and malware analysis tool that performs comprehensive security analysis of Android APK files, including vulnerability detection, certificate verification, and Virus Total integration.
DVTA is a Vulnerable Thick Client Application with various security vulnerabilities.
DVTA is a Vulnerable Thick Client Application with various security vulnerabilities.
A tool that combines multiple open source Git scanning utilities to detect and list secrets stored in Git repositories for security audits and compliance checks.
A tool that combines multiple open source Git scanning utilities to detect and list secrets stored in Git repositories for security audits and compliance checks.
A security-focused general purpose memory allocator providing the malloc API with hardening against heap corruption vulnerabilities.
A security-focused general purpose memory allocator providing the malloc API with hardening against heap corruption vulnerabilities.
A deliberately vulnerable PHP/MySQL web application designed for security training, testing, and educational purposes in controlled environments.
A deliberately vulnerable PHP/MySQL web application designed for security training, testing, and educational purposes in controlled environments.
Argus-SAF is a static analysis framework for security vetting Android applications.
Argus-SAF is a static analysis framework for security vetting Android applications.
Detect trojan source attacks that employ unicode bidi attacks to inject malicious code.
Detect trojan source attacks that employ unicode bidi attacks to inject malicious code.
Automatic tool for pentesting XSS attacks against different applications
Automatic tool for pentesting XSS attacks against different applications