Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)
Bypass 4xx HTTP response status codes and more. The tool is based on Python Requests, PycURL, and HTTP Client.
IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.
PromptMe is an educational project that showcases security vulnerabilities in large language models (LLMs) and their web integrations. It includes 10 hands-on challenges inspired by the OWASP LLM Top 10, demonstrating how these vulnerabilities can be discovered and exploited in real-world scenarios.
Automated API security testing
The Security Dependency Orchestrator Service
Non-official write up for the Juice-Shop CTF
My notes from courses,books ..etc
AI Robustness Evaluation System
Kevlar Benchmark: OWASP Top 10 for Agentic Apps (AI-Agents) 2026 a Red Team Benchmark
A curated collection of three cybersecurity learning roadmaps covering web penetration testing, ethical hacking, and foundational security skills. Each roadmap breaks learning into clear stages, tools, labs, and resources, helping beginners progress step-by-step from basics to hands-on offensive security practice.
All Type Of Tools written in multipule language .
PromptMe is an educational project that showcases security vulnerabilities in large language models (LLMs) and their web integrations. It includes 10 hands-on challenges inspired by the OWASP LLM Top 10, demonstrating how these vulnerabilities can be discovered and exploited in real-world scenarios.
Automated Discovery of Parsing Discrepancy Related Bypasses in Web Application Firewalls Using HTTP Request Fuzzing.
Лабораторные работы по курсам для AppSec, Risk Analysis, Securty Champion: Toolchain, Orchestration, CI/CD, UML, etc.
Vulnerable FastAPI in reference to Opensource Web Application Security Project (OWASP) TOP 10: 2021
App with Server Side Template Injection (SSTI) vulnerability - possible RCE - in Flask. Free vulnerable app for ethical hacking / penetration testing training.
A (purpousely) vulnerable, social-media-like, django web application
Comprehensive security scanner for Model Context Protocol (MCP) servers
Java Security Education Framework (JSEF) 是基于Spring Boot 3.x构建的Web安全实践平台,专为开发者、安全研究员、高校学生及企业培训设计。通过35+种真实业务场景下的安全漏洞实例(含注入攻击、越权访问、敏感信息泄露等核心类型),提供“原理讲解→漏洞复现→代码对比→修复验证”的完整学习闭环,帮助学习者从“理论”到“实战”快速掌握Web安全核心能力。
Add a description, image, and links to the owasp-top-10 topic page so that developers can more easily learn about it.
To associate your repository with the owasp-top-10 topic, visit your repo's landing page and select "manage topics."