The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWA…

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

🥧 Savoury implementation of the QUIC transport protocol and HTTP/3

Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.

😱 A curated list of amazingly awesome OSINT

😎 Awesome lists about all kinds of interesting topics

Web Attack Cheat Sheet

In-depth attack surface mapping and asset discovery

An experimentation and research platform to investigate the interaction of automated agents in an abstract simulated network environments.

ESLint rules for Node Security

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

A list of public penetration test reports published by several consulting firms and academic security groups.

Application Security Verification Standard

⚠️ This repo is no longer in use. Please refer to https://github.com/OWASP/www-project-vulnerable-web-applications-directory

Collection of links to Security stuff

Web application fuzzer

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

OWASP API Security Project

Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Security Remediation Guides

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

Checklist for container security - devsecops practices

A collection of real-world threat model examples across various technologies, providing practical insights into identifying and mitigating security risks.

ASOC, ASPM, DevSecOps, Vulnerability Management Using ArcherySec.

💣 Impulse Denial-of-service ToolKit

This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with the AWAE course. This repo will likely contain custom code by…

Deserialization payload generator for a variety of .NET formatters

Application Layer Tunnel

External monitoring for organization assets