Web Application Security
Explore 44 curated tools and resources
LATEST ADDITIONS
Tenable One Exposure Management Platform is a comprehensive platform for vulnerability management and exposure management.
A hosted web application security testing tool that enables security researchers to register, activate their accounts, and scan web applications for vulnerabilities.
The DShield Raspberry Pi Sensor is a tool that turns a Raspberry Pi into a honeypot to collect and submit security logs to the DShield project for analysis.
A tool to find XSS vulnerabilities in web applications
A next-generation crawling and spidering framework for extracting data from websites
A multithreaded vulnerability scanner for web-based applications
Automatic tool for DNS rebinding-based SSRF attacks
A smart SSRF scanner using different methods like parameter brute forcing in post and get requests.
Automated web application testing tool
A tool for automated HTTP header injection
A fast and flexible web fuzzer for identifying vulnerabilities in web applications
A free and open-source tool for identifying vulnerabilities in Joomla-based websites.
A DNS rebinding attack framework for security researchers and penetration testers.
A tool for mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
A portable version of XSSHunter.com for finding and exploiting Cross-Site Scripting (XSS) vulnerabilities.
A fuzzer for detecting open redirect vulnerabilities
A PHP port of Rack::Honeypot, a spam trap that detects and blocks spambots
DOM-based XSS vulnerability scanner
Dynamic application security testing tool for identifying and fixing web application vulnerabilities.
A presentation about the OWASP Top 10, a list of the most critical security risks to web applications.
The OWASP AppSec Europe '16 Conference is a leading gathering in web application security, featuring keynote speakers and in-depth trainings in application security topics.
A third-party Nginx module that prevents common web attacks by reading a small subset of simple rules containing 99% of known patterns involved in website vulnerabilities.
A Python web application honeypot that provides simple statistics for the Glastopf.
Offensive security tool for reconnaissance and information gathering with a wide range of features and future roadmap.
A tool to profile web applications based on response time discrepancies.
A vulnerable web site in NodeJS for testing security source code analyzers.
OpenRASP directly integrates its protection engine into the application server by instrumentation, providing context-aware protection and detailed stack trace logging.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
A list of useful payloads and bypasses for Web Application Security.
NoSQLMap is a Python tool for auditing and automating injection attacks on NoSQL databases.
Python web application honeypot with vulnerability type emulation and modular design.
Modlishka is a reverse proxy tool for intercepting and manipulating HTTP traffic, ideal for penetration testers, security researchers, and developers to analyze and test web applications.
A highly interactive honeypot for observing access from attackers by building easily targeted and compromised web applications, forwarding logs to Google BigQuery for accumulation and visualization.
A free and open-source deliberately insecure web application for security enthusiasts, developers, and students to discover and prevent web vulnerabilities.
A ruby script that scans for vulnerable 3rd-party web applications
Open source web application security scanner with 200+ vulnerability identification capabilities.
A web application honeypot sensor attracting malicious traffic from the Internet
Deliberately vulnerable web application for educational purposes.
Wfuzz is a tool designed for bruteforcing Web Applications with multiple features like multiple injection points, recursion, and payload combinations.
A modular web application honeypot framework with automation and logging capabilities.
BeEF is a specialized penetration testing tool for exploiting web browser vulnerabilities to assess security.
An open-source web application security scanner framework that identifies vulnerabilities in web applications.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Free
Security Operations
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Free
Blogs and News
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security