Web Security
Explore 72 curated tools and resources
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
LATEST ADDITIONS
A web application security testing platform that combines manual and automated testing tools for conducting comprehensive security assessments and penetration testing.
A cloud-based web application firewall that provides protection against web attacks, DDoS mitigation, and performance optimization through CDN capabilities.
A Dynamic Application Security Testing (DAST) platform that provides automated security testing for web applications, APIs, and LLM-powered applications throughout the software development lifecycle.
A continuous threat exposure management platform that provides automated vulnerability scanning for internet-facing assets with varying service tiers for different organizational needs.
A security operations platform that provides automated threat detection, access control, and protection against various online attacks through Cloudflare integration.
An API security and monitoring platform that automatically discovers, validates, and protects API endpoints while providing comprehensive management and analytics capabilities.
Airlock Secure Access Hub is an integrated security platform that combines identity and access management with web application and API protection to secure digital applications while maintaining user experience.
An automated web application security scanner that evaluates JavaScript library vulnerabilities and HTTP security headers to assess website security posture.
A web application firewall and API security platform that combines API discovery, runtime protection, vulnerability testing, and security posture management.
WPMissionControl is a WordPress-focused security and uptime monitoring tool that offers continuous website checks, alerts, and malware cleanup services.
XBOW is an AI-driven tool that autonomously discovers and exploits web application vulnerabilities, aiming to match the capabilities of experienced human pentesters.
ffufai is an AI-enhanced wrapper for ffuf that automatically suggests file extensions for web fuzzing based on the target URL and headers.
Akamai Client-Side Protection & Compliance is a security tool that monitors and protects against client-side threats on websites, aiding in PCI DSS v4.0 compliance.
Akamai App & API Protector is an integrated security solution that safeguards web applications and APIs against various cyber threats using edge computing and adaptive technologies.
A tool to find XSS vulnerabilities in web applications
A tool to detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.
A multi-threaded scanner for identifying CORS flaws and misconfigurations
A simple XSS scanner tool for identifying Cross-Site Scripting vulnerabilities
A golang utility to spider through a website searching for additional links.
A multithreaded vulnerability scanner for web-based applications
Dalfox is a powerful open-source XSS scanner and utility focused on automation.
A command-line tool for taking screenshots of web pages using Chrome Headless
A better version of my xssfinder tool that scans for different types of XSS on a list of URLs.
A tool for brute-forcing GET and POST parameters to discover potential vulnerabilities in web applications.
A tool to bypass Content Security Policy (CSP) restrictions
A command-line tool for taking website screenshots and mobile emulations
A free online tool to scan for DOM-based XSS vulnerabilities in HTML, JavaScript, and CSS files.
A Python library for exploiting race conditions in web apps
Express middleware for detecting and redirecting Tor or Surface users.
A simple, fast web crawler for discovering endpoints and assets in a web application
Technique used to forward one URL to another.
A tool for scanning websites with open .git repositories and dumping their content for Bug Hunting/Pentesting Purposes.
A toolkit that transforms PHP applications into web-based high-interaction Honeypots for monitoring and analyzing attacks.
A demonstration site for the Acunetix Web Vulnerability Scanner, intentionally vulnerable to various web-based attacks.
A project developed for pentesters to practice SQL Injection concepts in a controlled environment.
A Yara ruleset for detecting PHP shells and other webserver malware.
Korean cyber-security challenge platform for exploiting and defending web application vulnerabilities.
A low overhead rate limiter for your routes
Galah is an LLM-powered web honeypot that mimics various web applications by dynamically responding to HTTP requests.
A third-party Nginx module that prevents common web attacks by reading a small subset of simple rules containing 99% of known patterns involved in website vulnerabilities.
A Python-based tool for detecting XSS vulnerabilities
Important security headers for Fastify with granular control over application routes.
A crawler-based low-interaction client honeypot for exposing website threats.
A collection of scripts for debugging SSRF, blind XSS, and XXE vulnerabilities
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
Finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.
A web security tool that scans for vulnerabilities and known attacks.
A deliberately vulnerable modern day app with lots of DOM related bugs
A free and open-source deliberately insecure web application for security enthusiasts, developers, and students to discover and prevent web vulnerabilities.
Python-based extension for integrating a Yara scanner into Burp Suite for on-demand website scans based on custom rules.
XSS Polyglot Challenge - XSS payload running in multiple contexts for testing XSS.
A website scanner that provides a sandbox for the web, allowing users to scan URLs and websites for potential threats and vulnerabilities.
A security feature to prevent unexpected manipulation of fetched resources.
Web inventory tool that captures screenshots of webpages and includes additional features for enhanced usability.
A tool that uses Apache mod_rewrite to redirect invalid URIs to a specified URL
Cybersecurity industry portal offering articles, tools, and resources.
Cross-site scripting labs for web application security enthusiasts
A lightweight web security auditing toolkit that simplifies security tasks and enhances productivity.
Amass by OWASP performs comprehensive attack surface mapping and asset discovery.
A popular free security tool for automatically finding security vulnerabilities in web applications
BotScout.com provides proactive bot detection, screening, and banning through a powerful API.
CLI tool for offensive and defensive security assessments on the Joi validator library with a wide range of attacks.
Wfuzz is a tool designed for bruteforcing Web Applications with multiple features like multiple injection points, recursion, and payload combinations.
A tool for automated security scanning of web applications and manual penetration testing.
Create deceptive webpages to deceive and redirect attackers away from real websites by cloning them.
A next-generation web scanner that identifies websites and recognizes web technologies, including content management systems, blogging platforms, and more.