Vulnerability Management
Tools for identifying, prioritizing, and remediating security vulnerabilities in systems and applications.
Explore 166 curated tools and resources
RELATED TASKS
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Commercial
Resources
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Commercial
Application Security
Check Point CloudGuard WAF
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
Commercial
Application Security
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
Commercial
Cloud Security
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
Commercial
Application Security
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
LATEST ADDITIONS
A tool to run YARA rules against node_module folders to identify suspicious scripts
A JavaScript scanner built in PHP for scraping URLs and other information.
A demonstration site for the Acunetix Web Vulnerability Scanner, intentionally vulnerable to various web-based attacks.
A comprehensive open dictionary of fault injection patterns and predictable resource locations for dynamic application security testing
A vulnerable Android application demonstrating various security issues and vulnerabilities
A Pythonic interface to the Internet Storm Center / DShield API
A tool that assesses AWS accounts for subdomain hijacking vulnerabilities in Route53 and CloudFront configurations.
A presentation about the OWASP Top 10, a list of the most critical security risks to web applications.
A script that checks for common best-practices around deploying Docker containers in production.
A runtime threat management and attack path enumeration tool for cloud-native environments
Automate your reconnaissance process with AttackSurfaceMapper, a tool for mapping and analyzing network attack surfaces.
A repository of open-source plugins for Rapid7 InsightConnect
A framework for building code injection vulnerability testbeds
testssl.sh is a free command line tool for checking server's TLS/SSL configurations with clear and machine-readable output.