owasp-top-10

A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.

collection hacking resources owasp bug-bounty bugbounty ethical-hacking owasp-top-10 bugbountytips xalgord

UpdatedSep 20, 2024

OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.

training security application web owasp cybersecurity penetration-testing top appsec 10 owasp-top-10

UpdatedFeb 26, 2025
PHP

akto-api-security /akto

Star1.2k

Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure

security authentication authorization api-testing hacktoberfest api-discovery owasp-top-10 devsecops security-testing api-security sensitive-data-exposure threat-detection idor devsecops-pipeline hacktoberfest2023 api-security-testing api-security-posture

UpdatedMar 18, 2025
Java

roottusk /vapi

Star1.2k

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

api docker php cors owasp postman exercises bugbounty appsec hacktoberfest vulnerable-application owasp-top-10 owasp-top-ten appsec-tutorials apitop10 hacktoberfest-accepted

UpdatedJan 10, 2025
HTML

Zeyad-Azima /Offensive-Resources

Sponsor

Star952

A Huge Learning Resources with Labs For Offensive Security Players

api infrastructure learning security mobile web hack hacking owasp cybersecurity web-security mobile-security offensive offensive-security red-team owasp-top-10 cloud-security redteam api-security red-teaming

UpdatedJul 13, 2022

globocom /secDevLabs

Star923

A laboratory for learning secure web and mobile development in a practical manner.

training security development labs vulnerability hacktoberfest owasp-top-10 hacktoberfest2022

UpdatedSep 25, 2024
PHP

appsecco /dvna

Star719

Damn Vulnerable NodeJS Application

nodejs testing security hack owasp vulnerable owasp-top-10 vulnerable-apps dvna

UpdatedMar 27, 2024
SCSS

bmarsh9 /gapps

Star520

Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking.https://gapps.darkbanner.com

security nist csc owasp pci-dss pci compliance grc hipaa iso27001 owasp-top-10 nist800-53 nist-csf soc2 asvs cmmc 27002 cis18

UpdatedJan 13, 2025
HTML

OWASP /iGoat-Swift

Sponsor

Star422

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS

ios-swift ipa ios-security owasp-top-10 insecure-data-storage runtime-security owasp-igoat

UpdatedJul 19, 2024
C

ghostery /local-sheriff

Star307

Think of Local sheriff as a recon tool in your browser (WebExtension). While you normally browse the internet, Local Sheriff works in the background to empower you in identifying what data points (PII) are being shared / leaked to which all third-parties.

web-extension owasp-top-10 privacy-tools sensitive-data-exposure gdpr-checklist data-leakage

UpdatedDec 11, 2022
JavaScript

ossamayasserr /WebAppPentestRoadmap

Star264

Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)

security roadmap penetration-testing web-security pentest information-security burpsuite owasp-top-10 tryhackme portswigger

UpdatedAug 25, 2023
Python

globaldatanet /aws-firewall-factory

Star243

Enhance the security of your web applications effortlessly with AWS Firewall Factory. Safeguard your valuable assets through seamless WAF deployment, updates, and staging, all centrally managed with AWS Firewall Manager.

aws security typescript firewall waf owasp amazon-web-services hacktoberfest governance cdk owasp-top-10 devsecops wafv2

UpdatedMar 17, 2025
TypeScript

ivan-sincek /forbidden

Sponsor

Star240

Bypass 4xx HTTP response status codes and more. The tool is based on Python Requests, PycURL, and HTTP Client.

python security web curl penetration-testing brute-force bug-bounty fuzzing bypass pycurl offensive-security python-requests ethical-hacking web-penetration-testing owasp-top-10 red-team-engagement 401 403 open-redirect broken-access-controls

UpdatedMar 17, 2025
Python

akto-api-security /30-API-security-tests

Star211

🚀 Join us for 30days of daily API security tests. #30days30tests We've spent last 120days building amazing API security tests for the community. Next 30 days we will post test tutorials here.

testing security owasp-top-10 bola

UpdatedMay 22, 2023

OWASP /ASST

Sponsor

Star166

OWASP ASST (Automated Software Security Toolkit) | A Novel Open Source Web Security Scanner.

security-audit owasp cybersecurity web-vulnerability-scanner security-hardening vulnerability-detection vulnerability-scanners vulnerability-assessment owasp-top-10 vulnerability-scanner security-testing security-assessments web-vulnerability-scanners asst security-assesment-security-tools

UpdatedJan 22, 2025
JavaScript

moeinfatehi /Backup-Finder

Star161

A burp suite extension that reviews backup, old, temporary and unreferenced files on web server for sensitive information (OWASP WSTG-CONF-04, OTG-CONFIG-004)

owasp penetration-testing application-security pentesting burp burpsuite owasp-top-10 owasp-top-ten burp-extensions sensitive-data-exposure burpsuite-extender data-leakage portswigger appsecurity backupfinder