Web Security
Browse 526 web security tools
FEATURED
A collection of 20 cross-site scripting challenges covering various XSS attack vectors and filtering bypass techniques for educational purposes.
A deliberately vulnerable web application that uses WebSocket communication to provide a training environment for learning about WebSocket-related security vulnerabilities.
A lightweight web security auditing toolkit that simplifies security tasks and enhances productivity.
A free online tool that scans and fixes common security issues in WordPress websites.
ZAP is an open-source web application security scanner that helps identify vulnerabilities through automated scanning and manual testing capabilities.
A deliberately vulnerable web application written in under 100 lines of Python code for educational purposes and web security testing.
An educational codelab that demonstrates web application vulnerabilities including XSS, XSRF, and code execution attacks along with their corresponding defensive measures.
ezXSS is a testing framework that helps penetration testers and bug bounty hunters identify Cross Site Scripting vulnerabilities, especially blind XSS attacks.
BotScout.com provides proactive bot detection, screening, and banning through a powerful API.
Web-application vulnerability scanner with extensive coverage of security testing modules.
A blog post discussing the often overlooked dangers of CSV injection in applications.
Wfuzz is a tool designed for bruteforcing Web Applications with multiple features like multiple injection points, recursion, and payload combinations.
A tool for automated security scanning of web applications and manual penetration testing.
A Java based HTTP/HTTPS proxy for assessing web application vulnerability with various useful features.
Create deceptive webpages to deceive and redirect attackers away from real websites by cloning them.
Ensnare is a Ruby on Rails gem that deploys honey traps and automated responses to detect and interfere with malicious behavior in web applications.
An open-source web application security scanner framework that identifies vulnerabilities in web applications.
A Burp Suite plugin that performs intelligent content discovery by analyzing current requests to identify directories, files, and variations based on the application's structure.
A next-generation web scanner that identifies websites and recognizes web technologies, including content management systems, blogging platforms, and more.
Vulnerable web application for beginners in penetration testing.
