Welcome to OWASP Coraza Web Application Firewall, OWASP Coraza is a golang enterprise-grade Web Application Firewall framework that supports Modsecurity’s seclang language and is 100% compatible with OWASP Core Ruleset. Prerequisites Linux distribution (Debian and Centos are recommended, Windows is not supported yet) Golang compiler v1.16+ Migrate from v1 Rollback SecAuditLog to theRead More
vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios in the means of Exercises. Requirements PHP MySQL PostMan MITM Proxy Installation (Docker) docker-compose up -d Installation (Manual) Copying the Code cd <your-hosting-directory> git clone https://github.com/roottusk/vapi.git Setting up the Database Import vapi.sql into MySQL Database Configure the DBRead More
FiddleZAP is a simplified version of EKFiddle for OWASP ZAP. With ZAP as your web proxy, you are able to flag malicious traffic based on predefined regular expressions. Example: Alert, highlighting and tagging when a regex matches on a string within the HTML source code of a compromised website Installation Download and install ZAP: https://www.zaproxy.org/download/Read More
中文版本(Chinese version) About DongTai IAST DongTai IAST is an open-source passive interactive security testing (IAST) product. It uses dynamic hooks and taint tracking algorithms to achieve universal vulnerability detection and multiples request associated with vulnerability detection (including but not limited to unauthorized vulnerabilities, overpower vulnerabilities), Third-party component vulnerability detection, etc. Currently, applications in Java andRead More
WWWGrep is a rapid search “grepping” mechanism that examines HTML elements by type and permits focused (single), multiple (file based URLs) and recursive (with respect to root domain or not) searches to be performed. Header names and values may also be recursively searched in this manner. WWWGrep was designed to help both breakers and buildersRead More
OWASP ASST (Automated Software Security Toolkit) | A Novel Open Source Web Security Scanner. Note: AWSS is the older name of ASST Introduction Web applications have become an integral part of everyday life, but many of these applications are deployed with critical vulnerabilities that can be fatally exploited. As the technology used to develop theseRead More
The HUD is new interface that provides the functionality of ZAP directly in the browser. Learn more: Blog: Hacking with a Heads Up Display Video: The OWASP ZAP HUD – Usable Security Tooling Wiki: Inside the HUD Using the HUD Downloading You can try out ZAP enabled with the HUD via any of: Download andRead More
Threat Dragon is a free, open-source, cross-platform threat modeling application including system diagramming and a rule engine to auto-generate threats/mitigations. It is an OWASP Incubator Project. The focus of the project is on great UX, a powerful rule engine and integration with other development lifecycle tools.There is a good overview of threat modeling and riskRead More
Running CTFs and Security Trainings with OWASP Juice Shop is usually quite tricky, Juice Shop just isn’t intended to be used by multiple users at a time. Instructing everybody how to start Juice Shop on their own machine works ok, but takes away too much valuable time.MultiJuicer gives you the ability to run separate JuiceRead More
It’s an information security audit tool that creates intelligent wordlists based on the content of the target page.Help usSee some calculations usedInstallNeed to: Python3.6, Bash (GNU Bourne-Again SHell)Optional: Git, Groff git clone https://github.com/owasp/D4N155.gitcd D4N155pip3 install -r requirements.txtbash main Or whithout git wget -qO- https://github.com/owasp/D4N155/archive/master.zip | bsdtar -xf-cd D4N155-masterpip3 install -r requirements.txtbash main Manual D4N155: ToolRead More
