Web Application Security
Explore 44 curated tools and resources
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Commercial
Resources
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Free
Resources
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Commercial
Application Security
Check Point CloudGuard WAF
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
Commercial
Application Security
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
Commercial
Cloud Security
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
Commercial
Application Security
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
LATEST ADDITIONS
Tenable One Exposure Management Platform is a comprehensive platform for vulnerability management and exposure management.
A hosted web application security testing tool that enables security researchers to register, activate their accounts, and scan web applications for vulnerabilities.
The DShield Raspberry Pi Sensor is a tool that turns a Raspberry Pi into a honeypot to collect and submit security logs to the DShield project for analysis.
A tool to find XSS vulnerabilities in web applications
A next-generation crawling and spidering framework for extracting data from websites
A multithreaded vulnerability scanner for web-based applications
Automatic tool for DNS rebinding-based SSRF attacks
A smart SSRF scanner using different methods like parameter brute forcing in post and get requests.
Automated web application testing tool
A tool for automated HTTP header injection
A fast and flexible web fuzzer for identifying vulnerabilities in web applications
A free and open-source tool for identifying vulnerabilities in Joomla-based websites.
A DNS rebinding attack framework for security researchers and penetration testers.
A tool for mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
A portable version of XSSHunter.com for finding and exploiting Cross-Site Scripting (XSS) vulnerabilities.
A fuzzer for detecting open redirect vulnerabilities
A PHP port of Rack::Honeypot, a spam trap that detects and blocks spambots
DOM-based XSS vulnerability scanner
Dynamic application security testing tool for identifying and fixing web application vulnerabilities.
A presentation about the OWASP Top 10, a list of the most critical security risks to web applications.
The OWASP AppSec Europe '16 Conference is a leading gathering in web application security, featuring keynote speakers and in-depth trainings in application security topics.
A third-party Nginx module that prevents common web attacks by reading a small subset of simple rules containing 99% of known patterns involved in website vulnerabilities.
A Python web application honeypot that provides simple statistics for the Glastopf.
Offensive security tool for reconnaissance and information gathering with a wide range of features and future roadmap.
A tool to profile web applications based on response time discrepancies.
A vulnerable web site in NodeJS for testing security source code analyzers.
OpenRASP directly integrates its protection engine into the application server by instrumentation, providing context-aware protection and detailed stack trace logging.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
A list of useful payloads and bypasses for Web Application Security.
NoSQLMap is a Python tool for auditing and automating injection attacks on NoSQL databases.
Python web application honeypot with vulnerability type emulation and modular design.
Modlishka is a reverse proxy tool for intercepting and manipulating HTTP traffic, ideal for penetration testers, security researchers, and developers to analyze and test web applications.
A highly interactive honeypot for observing access from attackers by building easily targeted and compromised web applications, forwarding logs to Google BigQuery for accumulation and visualization.
A free and open-source deliberately insecure web application for security enthusiasts, developers, and students to discover and prevent web vulnerabilities.
A ruby script that scans for vulnerable 3rd-party web applications
Open source web application security scanner with 200+ vulnerability identification capabilities.
A web application honeypot sensor attracting malicious traffic from the Internet
Deliberately vulnerable web application for educational purposes.
Wfuzz is a tool designed for bruteforcing Web Applications with multiple features like multiple injection points, recursion, and payload combinations.
A modular web application honeypot framework with automation and logging capabilities.
BeEF is a specialized penetration testing tool for exploiting web browser vulnerabilities to assess security.
An open-source web application security scanner framework that identifies vulnerabilities in web applications.