Application Security

A Node.js library for validating environment variables and providing immutable access to configuration values in applications.

A suite of secret scanners built in Rust for performance.

A tool for identifying potential security vulnerabilities in web applications

Pac-resolver, a popular NPM package with 3 million weekly downloads, has a severe remote code execution flaw.

Node library for calling Google Play APIs with Nexus device behavior.

NAXSI is a third-party nginx module that prevents XSS and SQL injection attacks by filtering HTTP traffic based on predefined security rules.

Patch-level verification tool for bundler to check for vulnerable gems and insecure sources.

CSRF crumb generation and validation tool for hapi framework.

A set of tools for securing JavaScript projects against software supply chain attacks.

Container image definitions that create standardized testing environments for software applications with consistent dependencies and configurations.

An open-source framework that detects and prevents dependency confusion attacks across multiple package management systems and development environments.

Andromeda makes reverse engineering of Android applications faster and easier.

A CLI tool for signing and verifying npm and yarn packages.

Original SmaliHook Java source for Android cracking and reversing.

Dependencies is an open-source modern replacement for Dependency Walker that helps Windows developers analyze and troubleshoot DLL load dependency issues.

A collection of vulnerable web application test cases designed to benchmark and evaluate the effectiveness of static security analyzers and penetration testing tools.

A security policy enforcement framework for Android applications that uses bytecode rewriting and in-place reference monitoring to inject security controls into APK files.

QARK is a static analysis tool that scans Android applications for security vulnerabilities and can generate proof-of-concept exploits for discovered issues.

OWASP WrongSecrets is an educational game that teaches proper secrets management by demonstrating common mistakes through interactive challenges across various deployment platforms.

A VM for mobile application security testing, Android and iOS applications, with custom-made tools and scripts.

Docker file for building Androguard dependencies with an optional interactive shell environment.

DroidRA is an instrumentation-based Android security analysis tool that improves the accuracy of reflective call analysis through composite constant propagation techniques.

A tool that safely installs packages with npm/yarn by auditing them as part of your install process.

Android security virtual machine with updated tools and frameworks for reverse engineering and malware analysis.