Explore 24 curated tools and resources
Snyk Code is a real-time SAST tool that provides secure code analysis and actionable remediation advice to prevent code delays and ensure secure development.
VIDOC is an AI-powered security tool that automates code review, detects and fixes vulnerabilities, and monitors external security, ensuring the integrity of both human-written and AI-generated code in software development pipelines.
A Python-based tool for identifying and exploiting file inclusion and directory traversal vulnerabilities in web applications.
A Burp extension to detect alias traversal via NGINX misconfiguration at scale.
A company that helps organizations create security-aware teams and produce bug-free software.
A comprehensive guide to hardening OpenLDAP on Linux using AppArmor and systemd, providing a defense in depth approach to securing LDAP deployments.
A collection of Android Fakebank and Tizi samples for analyzing spyware on Android devices.
Hackazon is a free, vulnerable test site with an online storefront to train and test IT security professionals on various vulnerabilities like SQL Injection and cross-site scripting.
Mitigate security concerns of Dependency Confusion supply chain security risks.
A series of small test cases designed to exercise different parts of a static security analyzer
A collection of real-world scenarios to evaluate command injection detection and exploitation abilities
Protect your Fastify server against CSRF attacks with a series of utilities and recommendations for secure application development.
A web-based tool for instrumenting and analyzing Android applications using Flask, Jinja, and Redis.
Comprehensive security training platform for web developers, offering hands-on experience with real, vulnerable applications and concrete advice for securing code.
Learn how to secure applications in Kubernetes Engine by granting varying levels of privilege based on requirements.
DueDLLigence is an open-source tool for identifying and analyzing DLL hijacking vulnerabilities in Windows applications, providing automated analysis and remediation guidance.
A tool to conduct preliminary security checks in code, infrastructure, or IAM configurations using various open-source tools.
Firejail is a SUID sandbox program for restricting the running environment of untrusted applications on Linux.
Inceptor is a template-driven framework for evading Anti-Virus and Endpoint Detection and Response solutions, allowing users to create custom evasion techniques and test their security controls.
A web application security testing platform that helps you test your knowledge on web application security through realistic scenarios with known vulnerabilities.
Utilizes dirtyc0w kernel exploit for privilege escalation in a Docker container.
A quick and dirty dynamic redirect.rules generator for penetration testers and security professionals.
Custom AppArmor profile generator for Docker containers with file globbing.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.