23 tools and resources
VIDOC is an AI-powered security tool that automates code review, detects and fixes vulnerabilities, and monitors external security, ensuring the integrity of both human-written and AI-generated code in software development pipelines.
A Python-based tool for identifying and exploiting file inclusion and directory traversal vulnerabilities in web applications.
A Burp extension to detect alias traversal via NGINX misconfiguration at scale.
A company that helps organizations create security-aware teams and produce bug-free software.
A comprehensive guide to hardening OpenLDAP on Linux using AppArmor and systemd, providing a defense in depth approach to securing LDAP deployments.
Hidden parameters discovery suite
A collection of Android Fakebank and Tizi samples for analyzing spyware on Android devices.
Hackazon is a free, vulnerable test site with an online storefront to train and test IT security professionals on various vulnerabilities like SQL Injection and cross-site scripting.
Mitigate security concerns of Dependency Confusion supply chain security risks.
A series of small test cases designed to exercise different parts of a static security analyzer
A collection of real-world scenarios to evaluate command injection detection and exploitation abilities
Protect your Fastify server against CSRF attacks with a series of utilities and recommendations for secure application development.
A web-based tool for instrumenting and analyzing Android applications using Flask, Jinja, and Redis.
Comprehensive security training platform for web developers, offering hands-on experience with real, vulnerable applications and concrete advice for securing code.
Learn how to secure applications in Kubernetes Engine by granting varying levels of privilege based on requirements.
DueDLLigence is an open-source tool for identifying and analyzing DLL hijacking vulnerabilities in Windows applications, providing automated analysis and remediation guidance.
A tool to conduct preliminary security checks in code, infrastructure, or IAM configurations using various open-source tools.
Firejail is a SUID sandbox program for restricting the running environment of untrusted applications on Linux.
Inceptor is a template-driven framework for evading Anti-Virus and Endpoint Detection and Response solutions, allowing users to create custom evasion techniques and test their security controls.
A web application security testing platform that helps you test your knowledge on web application security through realistic scenarios with known vulnerabilities.
Utilizes dirtyc0w kernel exploit for privilege escalation in a Docker container.
A quick and dirty dynamic redirect.rules generator for penetration testers and security professionals.
Custom AppArmor profile generator for Docker containers with file globbing.
