Security Testing

A self-managed static code analysis platform that conducts continuous inspection of codebases to identify security vulnerabilities, bugs, and code quality issues.

A mapping tool that correlates MITRE ATT&CK techniques with atomic tests and detection rules to analyze security detection coverage.

An API security platform that discovers, documents, and tests APIs throughout the development lifecycle while maintaining a centralized catalog of all API assets.

An automated red teaming and security testing platform that continuously evaluates conversational AI applications for vulnerabilities and compliance with security standards.

A DAST solution that performs automated security testing of APIs and web applications within development workflows and CI/CD pipelines.

An agentless API security platform that discovers, tests, and secures APIs through source code analysis without requiring traffic monitoring.

EvoMaster is an AI-driven tool that automatically generates system-level test cases for web APIs and enterprise applications using evolutionary algorithms and dynamic program analysis.

API Security is a comprehensive solution that provides continuous discovery, vulnerability assessment, threat detection, compliance monitoring, dynamic testing, and remediation capabilities to protect APIs against various threats and vulnerabilities.

Checkmarx One SAST is a static application security testing tool that combines speed and security to improve developer experience.

Veracode is an intelligent software security platform that helps developers and security teams secure code, find and fix flaws, and automate remediation.

Node.js Goof is a vulnerable Node.js demo application containing multiple security vulnerabilities for testing and educational purposes.

A tool to find XSS vulnerabilities in web applications

A collection of XSS payloads designed to turn alert(1) into P1

A tool to detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.

A tool for testing and exploiting Cross-Site Scripting (XSS) vulnerabilities.

A scripting engine for interacting with GraphQL endpoints for pentesting purposes.

A command-line script that tests multiple domains from a list for open redirect vulnerabilities and reports findings.

A collection of payloads and methodologies for web pentesting.

A powerful XSS scanning and parameter analysis tool

A Python tool that tests multiple AWS S3 buckets for security misconfigurations including directory listing and upload permissions.

qsfuzz is a rule-based fuzzing tool for testing query string parameters in web applications to identify security vulnerabilities.

A tool for enumerating and analyzing Amazon S3 buckets associated with specific targets to identify potential security misconfigurations.

A tool for identifying and exploiting SSRF vulnerabilities in modern cloud environments by filtering host lists to find viable attack candidates.

LinksDumper extracts links and endpoints from HTTP responses to support web application security testing and reconnaissance activities.