Any contemporary software company must have environments, procedures, and systems for continuous integration and continuous delivery. They transport the code written at an engineer’s workstation to the production environment. The engineering ecosystem has been significantly reformed as a result of the proliferation of CI/CD systems and procedures, which has also been accompanied by the growth […]
The Open Web Application Security Project (OWASP) announced the fixing of a critical vulnerability in its Enterprise Security API (ESAPI) whose exploitation could have allowed threat actors to run path traversal attacks. The flaw, which involved the ESAPI validator interface, was addressed with the release of version 2.3.0.0. OWASP ESAPI offers a security controls library […]
The Open Web Application Security Project (OWASP) is celebrating its second decade of life and a 24-hour webinar has been organized to commemorate the occasion, present various security topics. One of the topics of the most interest was the presentation of its Top 10 for the worst security threats for OWASP implementations in 2021. During […]
OWASP Juice Shop OWASP Juice Shop is an intentionally insecure web app for security training written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws. For a detailed introduction, full list of features and architecture overview please visit the official project page here. Setup Deploy on Heroku (free ($0/month) dyno) Click […]
Maryam is a full-featured open-source intelligence(OSINT) framework written in Python. Complete with independent modules, built in functions, interactive help, and command completion, provides a command-line environment for used forensic and open-source intelligence(OSINT). Maryam is a completely modular framework and makes it easy for even the newest of Python developers to contribute. Each module is a […]
OWASP ZSC is open source software written in python which lets you generate customized shellcode and convert scripts to an obfuscated script. This software can be run on Windows/Linux/OSX with python. Shellcodes are small codes in Assembly language which could be used as the payload in software exploitation. Other usages are in malwares, bypassing antiviruses, […]
Proactive Controls for Software developers describing the more critical areas that software developers must focus to develop a secure application. The OWASP Top 10 Proactive Controls 2018 contains a list of security techniques that every developer should consider for every software project development. “OWASP Top Ten Proactive Controls similar to OWASP Top 10 but it […]
The OWASP SecureTea Project is a application designed to help Secure a person’s laptop or computer with IoT (Internet Of Things) for notify users via twitter, whenever anyone accessing his laptop or computer. Description The OWASP SecureTea Project that was developed to be used by anyone who is interested in Security IOT (Internet of Things) […]
OWASP JoomScan (short for [Joom]la Vulnerability [Scan]ner) is an opensource project in perl programming language to detect Joomla CMS vulnerabilities and analysis them. WHY OWASP JOOMSCAN ? If you want to do a penetration test on a Joomla CMS, OWASP JoomScan is Your best shot ever! This Project is being faster than ever and updated with the latest Joomla vulnerabilities. INSTALL git clone […]
OWASP Nettacker project is created to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software will utilize TCP, SYN, ACK, ICMP and many other protocols in order to detect and bypass Firewall/IDS/IPS devices. By leveraging a unique method in OWASP Nettacker for […]
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use […]
OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiest.Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP for users who do not want to administrate a webserver. It is pre-installed on SamuraiWTF, Rapid7 Metasploitable-2, and OWASP BWA. The existing version can be updated on […]
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use […]
OWASP Seraphimdroid is a privacy and security protection app for Android devices. It enables users to protect their devices against malicious software (viruses, trojans, worms, etc.), phishing SMS, MMS messages, execution of dangerous USSD codes, theft and loosing. Also, it enables user to protect their privacy and to control the usage of applications and services […]
OWASP Passfault evaluates passwords and enforces password policy in a completely different way. https://passfault-hrd.appspot.com Running the Command-line Interface: install java 8 jdk cd core ../gradlew installDist run build/install/core/bin/core Running the jsonWebService: cd jsonService ../gradlew build jettyRunWar browse to localhost:8080/jsonService Note the war will be located in jsonService/build/lib/passfault-jsonService-[version].war Running in Docker: Pull the Passfault image: docker […]
The OWASP Security Shepherd Project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or experienced engineers and sharpen their penetration testing skill set to security expert status. Where […]
OWASP Passfault evaluates passwords and enforces password policy in a completely different way. Running the Command-line Interface Step 1: install javaStep 2: cd coreStep 3: gradlew installDistStep 4: run build/install/core/bin/core Step 1: cd jsonServiceStep 2: gradlew build jettyRunWarStep 3: browse to localhost:8080/jsonService Note the war will be located in jsonService/build/lib/passfault-jsonService-[version].war
OpenDoor is an open-source software that scans the site directories and find all possible ways to login, empty directories and entry points. Scans conducted in the dictionary that is included in this application. System Requirements: Python 2.7.x sudo pip install -r requirements.txt multithreading filesystem log detect redirects random user agent random proxy from […]