This is a vulnerable web application developed by Cyber Security and Privacy Foundation for Java programmers and individuals interested in learning about web application vulnerabilities. The full course content is available on GitHub for free at https://github.com/CSPF-Founder/JavaSecurityCourse. It is recommended to run this app in a virtual machine due to its vulnerabilities. The easiest way to set it up is by using Docker with a single command line.
FEATURES
SIMILAR TOOLS
A comprehensive guide to using Metasploit, including searching for modules, specifying exploits and payloads, and using auxiliary modules.
Free and open-source cybersecurity training classes with multi-class learning paths for high-skill, high-pay job skills.
A condensed field guide for cyber security incident responders, covering incident response processes, attacker tactics, and practical techniques for handling incidents.
A comprehensive guide to network security monitoring, teaching readers how to detect and respond to intrusions using open source software and vendor-neutral tools.
A practical guide to enhancing digital investigations with cutting-edge memory forensics techniques, covering fundamental concepts, tools, and techniques for memory forensics.
A comprehensive guide to understanding and responding to modern ransomware attacks, covering incident response, cyber threat intelligence, and forensic analysis.
A comprehensive SQL injection cheat sheet covering various database management systems and techniques.
A repository of cybersecurity conference presentation slides from Black Hat, Offensivecon, and REcon.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.