Damn Vulnerable Web Services
Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities. The aim of this project is to help security professionals learn about Web Application Security through the use of a practical lab environment. This application includes the following vulnerabilities: - WSDL Enumeration - XML External Entity Injection - XML Bomb Denial-of-Service - XPATH Injection - WSDL Scanning - Cross Site-Tracing - OS Command Injection - Server Side Request Forgery - REST API SQL Injection - Same Origin Method Execution - JSON Web Token (JWT) Secret Key Brute Force - Cross-Origin Resource Sharing Instructions: DVWS can be used with a XAMPP setup. XAMPP is a free and open source cross-platform web server solution which mainly consists of an Apache Web Server and MySQL database. To setup, download and install the XAMPP setup first. Next, download the dvws folder and copy the folder to your htdocs directory. Lastly, Setup or reset the database by going to http://localhost/dvws/instructions.php
FEATURES
ALTERNATIVES
A technology lookup and lead generation tool that identifies the technology stack of any website and provides features for market research, competitor analysis, and data enrichment.
Akamai Client-Side Protection & Compliance is a security tool that monitors and protects against client-side threats on websites, aiding in PCI DSS v4.0 compliance.
A lightweight web security auditing toolkit that simplifies security tasks and enhances productivity.
A Burp Suite content discovery plugin that adds smart functionality to the Buster plugin.
Detect trojan source attacks that employ unicode bidi attacks to inject malicious code.
A series of levels teaching about common mistakes and gotchas when using Amazon Web Services (AWS).
Snyk Code is a real-time SAST tool that provides secure code analysis and actionable remediation advice to prevent code delays and ensure secure development.
A DAST solution that performs automated security testing of APIs and web applications within development workflows and CI/CD pipelines.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.