Application Security
Essential tools and best practices for securing software applications throughout their lifecycle.Explore 312 curated tools and resources
Search by name, description, or purpose... (⌘+K)
RELATED TASKS
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
AppMon is a Frida-based automated framework for monitoring and tampering with system API calls across macOS, iOS, and Android applications.
AppMon is a Frida-based automated framework for monitoring and tampering with system API calls across macOS, iOS, and Android applications.
A low overhead rate limiter for your routes
A set of 48 practical programming exercises in cryptography and application security
A set of 48 practical programming exercises in cryptography and application security
RiskInDroid is a machine learning-based tool that performs quantitative risk analysis of Android applications by reverse engineering bytecode and analyzing permission usage to generate numeric risk scores.
RiskInDroid is a machine learning-based tool that performs quantitative risk analysis of Android applications by reverse engineering bytecode and analyzing permission usage to generate numeric risk scores.
A Node.js library for validating environment variables and providing immutable access to configuration values in applications.
A Node.js library for validating environment variables and providing immutable access to configuration values in applications.
A tool for identifying potential security vulnerabilities in web applications
A tool for identifying potential security vulnerabilities in web applications
NAXSI is a third-party nginx module that prevents XSS and SQL injection attacks by filtering HTTP traffic based on predefined security rules.
NAXSI is a third-party nginx module that prevents XSS and SQL injection attacks by filtering HTTP traffic based on predefined security rules.
CSRF crumb generation and validation tool for hapi framework.
A deliberately vulnerable Java web application designed for educational purposes to teach web application security concepts and common vulnerabilities.
A deliberately vulnerable Java web application designed for educational purposes to teach web application security concepts and common vulnerabilities.
Container image definitions that create standardized testing environments for software applications with consistent dependencies and configurations.
Container image definitions that create standardized testing environments for software applications with consistent dependencies and configurations.
An open-source framework that detects and prevents dependency confusion attacks across multiple package management systems and development environments.
An open-source framework that detects and prevents dependency confusion attacks across multiple package management systems and development environments.
DECAF++ is a fast whole-system dynamic taint analysis framework with improved performance and elasticity.
DECAF++ is a fast whole-system dynamic taint analysis framework with improved performance and elasticity.
Dependencies is an open-source modern replacement for Dependency Walker that helps Windows developers analyze and troubleshoot DLL load dependency issues.
Dependencies is an open-source modern replacement for Dependency Walker that helps Windows developers analyze and troubleshoot DLL load dependency issues.
A collection of vulnerable web application test cases designed to benchmark and evaluate the effectiveness of static security analyzers and penetration testing tools.
A collection of vulnerable web application test cases designed to benchmark and evaluate the effectiveness of static security analyzers and penetration testing tools.
A tool to profile web applications based on response time discrepancies.
A tool to profile web applications based on response time discrepancies.
A security policy enforcement framework for Android applications that uses bytecode rewriting and in-place reference monitoring to inject security controls into APK files.
A security policy enforcement framework for Android applications that uses bytecode rewriting and in-place reference monitoring to inject security controls into APK files.
QARK is a static analysis tool that scans Android applications for security vulnerabilities and can generate proof-of-concept exploits for discovered issues.
QARK is a static analysis tool that scans Android applications for security vulnerabilities and can generate proof-of-concept exploits for discovered issues.
OWASP WrongSecrets is an educational game that teaches proper secrets management by demonstrating common mistakes through interactive challenges across various deployment platforms.
OWASP WrongSecrets is an educational game that teaches proper secrets management by demonstrating common mistakes through interactive challenges across various deployment platforms.
DroidRA is an instrumentation-based Android security analysis tool that improves the accuracy of reflective call analysis through composite constant propagation techniques.
DroidRA is an instrumentation-based Android security analysis tool that improves the accuracy of reflective call analysis through composite constant propagation techniques.
A collection of mobile security resources with tools, white papers, ebooks, and webinars.
A collection of mobile security resources with tools, white papers, ebooks, and webinars.
A tool that safely installs packages with npm/yarn by auditing them as part of your install process.
A tool that safely installs packages with npm/yarn by auditing them as part of your install process.
A HackerOne-managed bug bounty program dedicated to identifying and fixing security vulnerabilities in the Node.js ecosystem.
A HackerOne-managed bug bounty program dedicated to identifying and fixing security vulnerabilities in the Node.js ecosystem.
A dependency security analysis tool that identifies potential risks in project dependencies including unsafe lock files, installation scripts, obfuscated code, and dangerous shell commands.
A dependency security analysis tool that identifies potential risks in project dependencies including unsafe lock files, installation scripts, obfuscated code, and dangerous shell commands.
