Web Security

A Flask-based honeypot that simulates Outlook Web App (OWA) environments to attract and analyze malicious activities targeting OWA systems.

PhoneyC is a client-side honeypot that emulates vulnerable web browsers to detect and analyze malicious web content and browser-based exploits.

A free and open-source deliberately insecure web application for security enthusiasts, developers, and students to discover and prevent web vulnerabilities.

Collection of URLs for vulnerable web applications and systems for cybersecurity practice.

ModSecurity is an open-source web application firewall that provides a flexible and scalable way to monitor and control HTTP traffic.

A Ruby script that scans networks for vulnerable third-party web applications and front-ends with known exploitable security flaws.

w3af is an open source web application security scanner that identifies over 200 types of vulnerabilities including XSS, SQL injection, and OS commanding in web applications.

CakeFuzzer is an automated vulnerability discovery tool specifically designed for identifying security issues in CakePHP web applications with minimal false positives.

XSS Polyglot Challenge - XSS payload running in multiple contexts for testing XSS.

A website scanner that provides a sandbox for the web, allowing users to scan URLs and websites for potential threats and vulnerabilities.

A collection of Yara rules for the Burp Yara-Scanner extension that helps identify malicious software and infected web pages during web application security assessments.

NodeGoat provides an environment to learn and address OWASP Top 10 security risks in Node.js web applications.

A security feature to prevent unexpected manipulation of fetched resources.

Web inventory tool that captures screenshots of webpages and includes additional features for enhanced usability.

A tool that uses Apache mod_rewrite to redirect invalid URIs to a specified URL

Cybersecurity industry portal offering articles, tools, and resources.

A collection of 20 cross-site scripting challenges covering various XSS attack vectors and filtering bypass techniques for educational purposes.

A deliberately vulnerable web application that uses WebSocket communication to provide a training environment for learning about WebSocket-related security vulnerabilities.

A lightweight web security auditing toolkit that simplifies security tasks and enhances productivity.

secrepo.com is a curated repository providing access to various cybersecurity datasets including Snort logs, LANL datasets, and other security research data for analysis and testing purposes.

A free online tool that scans and fixes common security issues in WordPress websites.

ZAP is an open-source web application security scanner that helps identify vulnerabilities through automated scanning and manual testing capabilities.

A deliberately vulnerable web application written in under 100 lines of Python code for educational purposes and web security testing.

An educational codelab that demonstrates web application vulnerabilities including XSS, XSRF, and code execution attacks along with their corresponding defensive measures.