Application Security

A Scriptable Android Debugger for reverse engineers and developers.

Hapi is a Node.js web application framework that provides built-in functionality for building scalable server-side applications and APIs with security features and plugin architecture.

StaCoAn is a cross-platform tool for static code analysis on mobile applications, emphasizing the identification of security vulnerabilities.

Track postMessage usage with this Chrome Extension

Needle is a discontinued open source modular framework for iOS application security assessments that was compatible with iOS 9 and iOS 10 before being replaced by Objection.

A Node.js middleware module that automatically enforces HTTPS connections by redirecting HTTP requests to HTTPS URLs in Express.js applications.

DOM-based XSS vulnerability scanner

A comprehensive Android application analysis tool that provides device management, logcat analysis, file examination, and integration with security frameworks like MobSF and JD-GUI.

AuditJS is a command-line tool that scans JavaScript projects for known vulnerabilities and outdated packages in npm dependencies using the OSS Index API or Nexus IQ Server.

Automates the process of preparing Android APK files for HTTPS inspection

APKLeaks is a command-line tool that scans Android APK files to identify embedded URIs, endpoints, and secrets for security assessment purposes.

An extensible, heuristic-based vulnerability scanning tool for installed npm packages.

SearchCode is an extensive code search engine that indexes 75 billion lines of code from millions of projects to help developers find coding examples and libraries.

CorsMe is a specialized scanner that identifies Cross-Origin Resource Sharing (CORS) misconfigurations in web applications and provides remediation recommendations.

An unofficial Python API that enables programmatic searching, browsing, and downloading of Android apps from Google Play Store.

A tool to run YARA rules against node_module folders to identify suspicious scripts

Comprehensive suite for advanced file analysis and software supply chain security.

A guide to secure Ruby development, providing guidelines and recommendations for secure coding practices.

Preflight is a Go-based verification tool that helps organizations validate scripts and executables to prevent supply chain attacks by enabling secure self-compilation and trusted distribution methods.

A free book providing design and implementation guidelines for writing secure programs in various languages.

Automatic authorization enforcement detection extension for Burp Suite

The best security training environment for Developers and AppSec Professionals.

Betterscan is an orchestration toolchain that coordinates multiple security tools to scan source code and infrastructure as code for security vulnerabilities, compliance risks, secrets, and misconfigurations.

A deliberately vulnerable Android application containing multiple security flaws designed for educational purposes and security training.