Explore 44 curated tools and resources
Tenable One Exposure Management Platform is a comprehensive platform for vulnerability management and exposure management.
A hosted web application security testing tool that enables security researchers to register, activate their accounts, and scan web applications for vulnerabilities.
The DShield Raspberry Pi Sensor is a tool that turns a Raspberry Pi into a honeypot to collect and submit security logs to the DShield project for analysis.
A tool to find XSS vulnerabilities in web applications
A next-generation crawling and spidering framework for extracting data from websites
A multithreaded vulnerability scanner for web-based applications
Automatic tool for DNS rebinding-based SSRF attacks
A smart SSRF scanner using different methods like parameter brute forcing in post and get requests.
Automated web application testing tool
A tool for automated HTTP header injection
A fast and flexible web fuzzer for identifying vulnerabilities in web applications
A free and open-source tool for identifying vulnerabilities in Joomla-based websites.
A DNS rebinding attack framework for security researchers and penetration testers.
A tool for mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
A portable version of XSSHunter.com for finding and exploiting Cross-Site Scripting (XSS) vulnerabilities.
A fuzzer for detecting open redirect vulnerabilities
A PHP port of Rack::Honeypot, a spam trap that detects and blocks spambots
DOM-based XSS vulnerability scanner
Dynamic application security testing tool for identifying and fixing web application vulnerabilities.
A presentation about the OWASP Top 10, a list of the most critical security risks to web applications.
The OWASP AppSec Europe '16 Conference is a leading gathering in web application security, featuring keynote speakers and in-depth trainings in application security topics.
A third-party Nginx module that prevents common web attacks by reading a small subset of simple rules containing 99% of known patterns involved in website vulnerabilities.
A Python web application honeypot that provides simple statistics for the Glastopf.
Offensive security tool for reconnaissance and information gathering with a wide range of features and future roadmap.
A tool to profile web applications based on response time discrepancies.
A vulnerable web site in NodeJS for testing security source code analyzers.
OpenRASP directly integrates its protection engine into the application server by instrumentation, providing context-aware protection and detailed stack trace logging.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
A list of useful payloads and bypasses for Web Application Security.
NoSQLMap is a Python tool for auditing and automating injection attacks on NoSQL databases.
Python web application honeypot with vulnerability type emulation and modular design.
Modlishka is a reverse proxy tool for intercepting and manipulating HTTP traffic, ideal for penetration testers, security researchers, and developers to analyze and test web applications.
A highly interactive honeypot for observing access from attackers by building easily targeted and compromised web applications, forwarding logs to Google BigQuery for accumulation and visualization.
A free and open-source deliberately insecure web application for security enthusiasts, developers, and students to discover and prevent web vulnerabilities.
A ruby script that scans for vulnerable 3rd-party web applications
Open source web application security scanner with 200+ vulnerability identification capabilities.
A web application honeypot sensor attracting malicious traffic from the Internet
Deliberately vulnerable web application for educational purposes.
Wfuzz is a tool designed for bruteforcing Web Applications with multiple features like multiple injection points, recursion, and payload combinations.
A modular web application honeypot framework with automation and logging capabilities.
BeEF is a specialized penetration testing tool for exploiting web browser vulnerabilities to assess security.
An open-source web application security scanner framework that identifies vulnerabilities in web applications.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.