Web Application Security
Explore 44 curated tools and resources
Search tools and resources by name, description, or purpose... (⌘+K)
PINNED
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
LATEST ADDITIONS
Tenable One Exposure Management Platform is a comprehensive platform for vulnerability management and exposure management.
Tenable One Exposure Management Platform is a comprehensive platform for vulnerability management and exposure management.
A hosted web application security testing tool that enables security researchers to register, activate their accounts, and scan web applications for vulnerabilities.
A hosted web application security testing tool that enables security researchers to register, activate their accounts, and scan web applications for vulnerabilities.
The DShield Raspberry Pi Sensor is a tool that turns a Raspberry Pi into a honeypot to collect and submit security logs to the DShield project for analysis.
The DShield Raspberry Pi Sensor is a tool that turns a Raspberry Pi into a honeypot to collect and submit security logs to the DShield project for analysis.
A tool to find XSS vulnerabilities in web applications
A local file inclusion exploitation tool
A next-generation crawling and spidering framework for extracting data from websites
A next-generation crawling and spidering framework for extracting data from websites
A multithreaded vulnerability scanner for web-based applications
Automatic tool for DNS rebinding-based SSRF attacks
A smart SSRF scanner using different methods like parameter brute forcing in post and get requests.
A smart SSRF scanner using different methods like parameter brute forcing in post and get requests.
Automated web application testing tool
A tool for automated HTTP header injection
A fast and flexible web fuzzer for identifying vulnerabilities in web applications
A fast and flexible web fuzzer for identifying vulnerabilities in web applications
A free and open-source tool for identifying vulnerabilities in Joomla-based websites.
A free and open-source tool for identifying vulnerabilities in Joomla-based websites.
A DNS rebinding attack framework for security researchers and penetration testers.
A DNS rebinding attack framework for security researchers and penetration testers.
A tool for mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
A tool for mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
A portable version of XSSHunter.com for finding and exploiting Cross-Site Scripting (XSS) vulnerabilities.
A portable version of XSSHunter.com for finding and exploiting Cross-Site Scripting (XSS) vulnerabilities.
A fuzzer for detecting open redirect vulnerabilities
A PHP port of Rack::Honeypot, a spam trap that detects and blocks spambots
A PHP port of Rack::Honeypot, a spam trap that detects and blocks spambots
DOM-based XSS vulnerability scanner
Dynamic application security testing tool for identifying and fixing web application vulnerabilities.
Dynamic application security testing tool for identifying and fixing web application vulnerabilities.
A presentation about the OWASP Top 10, a list of the most critical security risks to web applications.
A presentation about the OWASP Top 10, a list of the most critical security risks to web applications.
The OWASP AppSec Europe '16 Conference is a leading gathering in web application security, featuring keynote speakers and in-depth trainings in application security topics.
The OWASP AppSec Europe '16 Conference is a leading gathering in web application security, featuring keynote speakers and in-depth trainings in application security topics.
A third-party Nginx module that prevents common web attacks by reading a small subset of simple rules containing 99% of known patterns involved in website vulnerabilities.
A third-party Nginx module that prevents common web attacks by reading a small subset of simple rules containing 99% of known patterns involved in website vulnerabilities.
A Python web application honeypot that provides simple statistics for the Glastopf.
Offensive security tool for reconnaissance and information gathering with a wide range of features and future roadmap.
Offensive security tool for reconnaissance and information gathering with a wide range of features and future roadmap.
A tool to profile web applications based on response time discrepancies.
A tool to profile web applications based on response time discrepancies.
A vulnerable web site in NodeJS for testing security source code analyzers.
A vulnerable web site in NodeJS for testing security source code analyzers.
OpenRASP directly integrates its protection engine into the application server by instrumentation, providing context-aware protection and detailed stack trace logging.
OpenRASP directly integrates its protection engine into the application server by instrumentation, providing context-aware protection and detailed stack trace logging.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
A list of useful payloads and bypasses for Web Application Security.
A list of useful payloads and bypasses for Web Application Security.
NoSQLMap is a Python tool for auditing and automating injection attacks on NoSQL databases.
Python web application honeypot with vulnerability type emulation and modular design.
Modlishka is a reverse proxy tool for intercepting and manipulating HTTP traffic, ideal for penetration testers, security researchers, and developers to analyze and test web applications.
Modlishka is a reverse proxy tool for intercepting and manipulating HTTP traffic, ideal for penetration testers, security researchers, and developers to analyze and test web applications.
A highly interactive honeypot for observing access from attackers by building easily targeted and compromised web applications, forwarding logs to Google BigQuery for accumulation and visualization.
A highly interactive honeypot for observing access from attackers by building easily targeted and compromised web applications, forwarding logs to Google BigQuery for accumulation and visualization.
A free and open-source deliberately insecure web application for security enthusiasts, developers, and students to discover and prevent web vulnerabilities.
A free and open-source deliberately insecure web application for security enthusiasts, developers, and students to discover and prevent web vulnerabilities.
A ruby script that scans for vulnerable 3rd-party web applications
A ruby script that scans for vulnerable 3rd-party web applications
Open source web application security scanner with 200+ vulnerability identification capabilities.
Open source web application security scanner with 200+ vulnerability identification capabilities.
A web application honeypot sensor attracting malicious traffic from the Internet
Deliberately vulnerable web application for educational purposes.
Deliberately vulnerable web application for educational purposes.
Wfuzz is a tool designed for bruteforcing Web Applications with multiple features like multiple injection points, recursion, and payload combinations.
Wfuzz is a tool designed for bruteforcing Web Applications with multiple features like multiple injection points, recursion, and payload combinations.
A modular web application honeypot framework with automation and logging capabilities.
BeEF is a specialized penetration testing tool for exploiting web browser vulnerabilities to assess security.
BeEF is a specialized penetration testing tool for exploiting web browser vulnerabilities to assess security.
An open-source web application security scanner framework that identifies vulnerabilities in web applications.
An open-source web application security scanner framework that identifies vulnerabilities in web applications.