GitHub topics: dast

Repositories

soos-io/soos-dast

SOOS DAST Scanning - Register for a Free Trial at https://app.soos.io/register

Language: Python - Size: 598 KB - Last synced at: about 16 hours ago - Pushed at: about 17 hours ago - Stars: 6 - Forks: 2

zaproxy/zaproxy

The ZAP by Checkmarx Core project

Language: Java - Size: 192 MB - Last synced at: 2 days ago - Pushed at: 8 days ago - Stars: 13,511 - Forks: 2,359

analysis-tools-dev/dynamic-analysis

⚙️ A curated list of dynamic analysis tools and linters for all programming languages, binaries, and more.

Language: Markdown - Size: 1.02 MB - Last synced at: 3 days ago - Pushed at: 10 days ago - Stars: 991 - Forks: 106

kh4sh3i/Awesome-Code-Review

Awesome list of code review resources and tools

Language: Shell - Size: 43 KB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 0 - Forks: 1

cerberauth/vulnapi

API Security Vulnerability Scanner designed to help you secure your APIs.

Language: Go - Size: 2.85 MB - Last synced at: 4 days ago - Pushed at: 5 days ago - Stars: 130 - Forks: 15

DenisPodgurskii/pentestkit

OWASP PTK - application security browser extension.

Language: JavaScript - Size: 54 MB - Last synced at: 3 days ago - Pushed at: 3 months ago - Stars: 143 - Forks: 25

karthikuj/sasori

Sasori is a dynamic web crawler powered by Puppeteer, designed for lightning-fast endpoint discovery.

Language: JavaScript - Size: 4.89 MB - Last synced at: 5 days ago - Pushed at: 9 months ago - Stars: 140 - Forks: 17

PortSwigger/dastardly-github-action

Runs a scan using Dastardly by Burp Suite against a target site and creates a JUnit XML report for the scan on completion.

Language: Dockerfile - Size: 8.79 KB - Last synced at: 6 days ago - Pushed at: 9 months ago - Stars: 288 - Forks: 102

zaproxy/zap-extensions

ZAP Add-ons

Language: HTML - Size: 949 MB - Last synced at: 7 days ago - Pushed at: 7 days ago - Stars: 864 - Forks: 724

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

Language: Go - Size: 38.7 MB - Last synced at: 7 days ago - Pushed at: 7 days ago - Stars: 22,951 - Forks: 2,665

mercedes-benz/sechub

SecHub provides a central API to test software with different security tools.

Language: Java - Size: 66.2 MB - Last synced at: 5 days ago - Pushed at: 7 days ago - Stars: 301 - Forks: 73

projectdiscovery/fuzzing-templates 📦

Community curated list of nuclei templates for finding "unknown" security vulnerabilities.

Size: 50.8 KB - Last synced at: 1 day ago - Pushed at: 12 months ago - Stars: 65 - Forks: 12

Van-1337/AutoEASM

Tool for automated scanning of the common vulnerabilities of company subdomains

Language: Python - Size: 2.76 MB - Last synced at: 11 days ago - Pushed at: 11 days ago - Stars: 7 - Forks: 1

ionutbalosin/java-application-security-practices

Application security best practices and code implementations for Java developers. This project is intended for didactic purposes only, supporting my training course.

Language: Java - Size: 3.92 MB - Last synced at: 2 days ago - Pushed at: 11 days ago - Stars: 37 - Forks: 9

zaproxy/action-full-scan

A GitHub Action for running the ZAP Full scan

Language: JavaScript - Size: 2.73 MB - Last synced at: 3 days ago - Pushed at: 5 months ago - Stars: 304 - Forks: 59

zaproxy/action-baseline

A GitHub Action for running the ZAP Baseline scan

Language: JavaScript - Size: 2.52 MB - Last synced at: 6 days ago - Pushed at: 5 months ago - Stars: 326 - Forks: 58

Probely/probely-github-action

Probely's GitHub Action

Language: Python - Size: 22.5 KB - Last synced at: 16 days ago - Pushed at: 16 days ago - Stars: 17 - Forks: 0

secdec/attack-surface-detector-burp

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

Language: Java - Size: 13.7 MB - Last synced at: 5 days ago - Pushed at: over 1 year ago - Stars: 102 - Forks: 31

alipay/ant-application-security-testing-benchmark

xAST评价体系，让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".

Language: Java - Size: 10.6 MB - Last synced at: 16 days ago - Pushed at: 23 days ago - Stars: 381 - Forks: 49

fabasoad/reusable-workflows

Collection of reusable workflows

Size: 117 KB - Last synced at: 15 days ago - Pushed at: 23 days ago - Stars: 1 - Forks: 0

zaproxy/community-scripts

A collection of ZAP scripts and tips provided by the community - pull requests very welcome!

Language: JavaScript - Size: 1.81 MB - Last synced at: 28 days ago - Pushed at: 28 days ago - Stars: 818 - Forks: 242

HCL-TECH-SOFTWARE/appscan-dast-action

A GitHub Action for running DAST scans in AppScan on Cloud

Language: PowerShell - Size: 1.47 MB - Last synced at: 4 days ago - Pushed at: 7 months ago - Stars: 3 - Forks: 3

paulveillard/cybersecurity-static-analysis

An ongoing & curated collection of awesome vulnerability scanning software, libraries and frameworks, best guidelines, technical resources and most important static application security testing (SAST)

Language: Makefile - Size: 1000 KB - Last synced at: 27 days ago - Pushed at: about 3 years ago - Stars: 13 - Forks: 1

BreakOnCrash/OpenDAST

The DAST Handbook🚧

Language: Go - Size: 96.7 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 0 - Forks: 0

infobyte/faraday_plugins

Security tools report parsers for Faradaysec.com

Language: Python - Size: 2.83 MB - Last synced at: 18 days ago - Pushed at: 30 days ago - Stars: 53 - Forks: 20

arainho/secure-git-workshop

(in)secure git workshop 🔓+🔑 = 🔐

Language: Python - Size: 22.4 MB - Last synced at: 17 days ago - Pushed at: 5 months ago - Stars: 8 - Forks: 86

arall/vulnerabilities

Examples of different vulnerabilities, in a variety of languages, shapes and sizes.

Language: HTML - Size: 5.13 MB - Last synced at: 4 days ago - Pushed at: about 1 year ago - Stars: 28 - Forks: 16

zaproxy/action-api-scan

A GitHub Action for running the ZAP API scan

Language: JavaScript - Size: 2.38 MB - Last synced at: about 1 month ago - Pushed at: 5 months ago - Stars: 54 - Forks: 20

hahwul/mzap

⚡️ Multiple target ZAP Scanning

Language: Go - Size: 138 KB - Last synced at: 10 days ago - Pushed at: over 1 year ago - Stars: 104 - Forks: 18

kadraman/InsecureWebApp

An insecure Python/Flask Web application

Language: CSS - Size: 5.57 MB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 1 - Forks: 1

fadhilthomas/zap-reporter

run summary report of owasp zap findings

Language: Go - Size: 84 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 4 - Forks: 0

fadhilthomas/nuclei-reporter

run summary report of nuclei findings

Language: Go - Size: 95.7 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 3 - Forks: 1

zaproxy/action-af

A GitHub Action for running ZAP Automation Framework plans

Language: JavaScript - Size: 30.3 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 15 - Forks: 8

sam8k/Dynamic-and-Static-Analysis-of-SOUPs

Automates the function name extraction from the list of CVEs of a given SOUP and perform search operation against the static and dynamic function trace database.

Language: Python - Size: 22.5 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 1 - Forks: 0

paulveillard/cybersecurity-dynamic-analysis

An ongoing & curated collection of awesome vulnerability scanning software, libraries and frameworks, best guidelines and technical resources and most important dynamic application security testing (DAST)

Size: 549 KB - Last synced at: 27 days ago - Pushed at: about 3 years ago - Stars: 11 - Forks: 2

rmkanda/tools

Curated list of security tools

Size: 26.4 KB - Last synced at: 2 days ago - Pushed at: over 1 year ago - Stars: 64 - Forks: 17

adamlahbib/devsecops-boilerplate

DevSecOps boilerplate that syncs the AWS Infrastrcuture, performs comprehensive SAST and DAST checks of the application, and entails advanced out-of-the-box Cloud Native Monitoring and Security solutions, as well as, implementing Kubernetes Policies as Code.

Language: HCL - Size: 3.67 MB - Last synced at: about 2 months ago - Pushed at: 3 months ago - Stars: 1 - Forks: 0

simonkowallik/irulescan

:shield: irulescan - security analyzer for iRules

Language: Rust - Size: 124 KB - Last synced at: 1 day ago - Pushed at: 4 months ago - Stars: 6 - Forks: 1

ASTTeam/DAST

《深入理解DAST动态应用程序安全测试》Dynamic Application Security Testing.

Size: 4.88 KB - Last synced at: 2 months ago - Pushed at: over 2 years ago - Stars: 49 - Forks: 2

lesis-lat/sentra

The first autonomous source code posture risk score tool

Language: Perl - Size: 126 KB - Last synced at: 2 months ago - Pushed at: 4 months ago - Stars: 3 - Forks: 1

we45/ThreatPlaybook

A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration

Language: Python - Size: 2.92 MB - Last synced at: 4 months ago - Pushed at: 4 months ago - Stars: 275 - Forks: 56

CyAxe/lotus

:zap: Fast Web Security Scanner written in Rust based on Lua Scripts :waning_gibbous_moon: :crab:

Language: Rust - Size: 12 MB - Last synced at: 5 months ago - Pushed at: 5 months ago - Stars: 79 - Forks: 12

fluidattacks/benchmark-infrastructure

The infrastructure for the benchmark includes a set of Vulnerable by Design (VbD) Targets of Evaluation (ToEs) used to measure the speed and accuracy of automated Application Security Testing (AST) tools.

Language: HCL - Size: 13.7 KB - Last synced at: about 1 month ago - Pushed at: 5 months ago - Stars: 0 - Forks: 3

jenkinsci/probely-security-plugin Fork of Probely/jenkins-plugin

Integrate our security scans with your Jenkins CI/CD pipeline

Language: Java - Size: 6.06 MB - Last synced at: 3 months ago - Pushed at: 6 months ago - Stars: 5 - Forks: 3

kingthorin/neonmarker

Continuation of the ZAP Neonmarker add-on previously by Juha Kivekäs

Language: Java - Size: 389 KB - Last synced at: 6 months ago - Pushed at: 10 months ago - Stars: 10 - Forks: 4

secdec/attack-surface-detector-zap

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

Language: Java - Size: 15.7 MB - Last synced at: 5 months ago - Pushed at: about 2 years ago - Stars: 61 - Forks: 14

secdec/astam-correlator

Vulnerability consolidation and management tool, enhances scan results by merging different findings of the same weakness across multiple static/dynamic scans

Language: Java - Size: 133 MB - Last synced at: 2 days ago - Pushed at: over 2 years ago - Stars: 24 - Forks: 9

DiMarcoSK/simple_dast

This DAST project is designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Language: Python - Size: 21.5 KB - Last synced at: 5 months ago - Pushed at: 9 months ago - Stars: 3 - Forks: 0

SasanLabs/owasp-zap-fileupload-addon

OWASP ZAP add-on for finding vulnerabilities in File Upload functionality.

Language: Java - Size: 803 KB - Last synced at: 4 days ago - Pushed at: 9 months ago - Stars: 22 - Forks: 6

jmessiass/devsecops

Exemplo de workflow de segurança que realiza testes SAST, SCA, DAST, Secrets Scan e IaC Scan via GitHub Actions utilizando ferramentas open source.

Language: Python - Size: 359 KB - Last synced at: 8 months ago - Pushed at: 8 months ago - Stars: 7 - Forks: 0

CloudDefenseAI/cd

CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.

Language: Shell - Size: 31.2 GB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 47 - Forks: 4

Zigrin-Security/CakeFuzzer

Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based on specific frameworks with very limited false positives.

Language: Python - Size: 273 KB - Last synced at: 9 months ago - Pushed at: over 1 year ago - Stars: 93 - Forks: 8

Momotoculteur/DAST-owasp-zap-authentication-httpsender-oidc-oauth-kong

Tests dynamiques de sécurité (DAST) sous OWASP Zap avec authentification via JWT/bearer token (OpenID Connect/OAuth & Kong)

Language: Python - Size: 3.91 KB - Last synced at: 11 months ago - Pushed at: about 4 years ago - Stars: 2 - Forks: 0

Aristeia-ynov/gamify

Streaming Platform - Development

Language: PHP - Size: 62.1 MB - Last synced at: 11 months ago - Pushed at: almost 3 years ago - Stars: 0 - Forks: 1

uday160386/cn-secops-spring-boot

Enabling and configuring security gates for a spring boot application.

Language: Java - Size: 303 KB - Last synced at: about 2 months ago - Pushed at: almost 3 years ago - Stars: 0 - Forks: 0

esidate/security-ci-cd-pipelines

A bunch of security CI/CD pipelines cooked and ready

Size: 13.7 KB - Last synced at: 9 months ago - Pushed at: over 2 years ago - Stars: 12 - Forks: 3

Molemmat-Oy/opalopc-scan-action

Runs a vulnerability scan using OpalOPC against a target server and creates an HTML and a SARIF report for the scan on completion.

Language: Dockerfile - Size: 5.86 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 0 - Forks: 0

ErdemOzgen/DevSecOpsBuilder

Automatic DevSecOps builder

Language: Python - Size: 1.52 MB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 6 - Forks: 2

ci-fuzz/Use-Case-Playground 📦

This project has been created by Code Intelligence to allow you to learn and explore fuzzing for various use cases and technologies.

Language: C - Size: 519 KB - Last synced at: 9 months ago - Pushed at: over 2 years ago - Stars: 2 - Forks: 5

Myskiv-Ivan/devsecops-pipeline

Pipeline SAST, DAST, SCA in GitLab CI\CD and push reports to VM

Size: 19.5 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 1 - Forks: 0

fortify/WebInspectAutomation

Sample Python script for automating WebInspect scans and pushing results to SSC

Language: Python - Size: 5.54 MB - Last synced at: about 1 year ago - Pushed at: almost 3 years ago - Stars: 19 - Forks: 12

injcristianrojas/swsec-intro-spring-boot

Same vulnerable app as swsec-intro, but in a more modern framework.

Language: Java - Size: 224 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 0 - Forks: 1

k11h-de/zap-jenkins

Jenkins Pipeline for security scanning with owasp zap

Language: Shell - Size: 21.5 KB - Last synced at: 6 days ago - Pushed at: over 3 years ago - Stars: 4 - Forks: 4

piypil/LUN903

Совместное использование инструментов SAST, DAST и SCA для повышения эффективности обнаружения и устранения уязвимостей программных модулей ─=≡Σ((( つ＞＜)つ📊📊📊

Language: TypeScript - Size: 23.4 MB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 1 - Forks: 0

Crushoverride007/Project-Sigma

A compliance automation platform. Scale GRC, and enhance security and compliance program.

Language: JavaScript - Size: 13.7 MB - Last synced at: 1 day ago - Pushed at: 1 day ago - Stars: 0 - Forks: 1

0xtiago/qualysapi

qualysapi is a simple API Qualys client written in shell script 🐧.

Language: Shell - Size: 2.34 MB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 2 - Forks: 1

sidd-harth/kubernetes-devops-security

Udemy Course on DevSecOps

Language: Java - Size: 313 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 51 - Forks: 1,205

TartarusLabs/tsukumogami

Suite of web browser fuzzing tools aimed at optimising code coverage. Test case generation from a built-in Context-Free Grammar, mutation fuzzing from a corpus of scraped web pages, DOM fuzzing and more.

Language: Python - Size: 1.28 MB - Last synced at: 9 months ago - Pushed at: about 3 years ago - Stars: 8 - Forks: 0

csalab-id/dast-images

Dynamic Application Security Testing images builder

Language: Dockerfile - Size: 6.85 MB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0

CyAxe/lotus-scripts

Lotus Lua Scripts is a repository containing a collection of Lua scripts designed to scan for various vulnerabilities.

Language: Lua - Size: 64.5 KB - Last synced at: 5 months ago - Pushed at: about 1 year ago - Stars: 6 - Forks: 1

ErdemOzgen/DevSecOps-Vault

Collection of roadmaps, tools, best practice, resources about DevSecOps

Size: 1.64 MB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 7 - Forks: 2

NeuraLegion/issue-linker

A CLI tool to link between SAST issues and BrightSec issues

Language: Crystal - Size: 54.7 KB - Last synced at: about 1 month ago - Pushed at: about 1 year ago - Stars: 0 - Forks: 0

devops-0002/dso-demo Fork of rmkanda/secure-pipeline-java-demo

Learn DevSecOps with this Demo Application.

Language: Java - Size: 1.83 MB - Last synced at: over 1 year ago - Pushed at: over 3 years ago - Stars: 0 - Forks: 1

deepak-0/Python_App_Demo

DevSecOps Framework - Python application

Language: Python - Size: 22.5 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0

AmitKulkarni9/AutomatedSecurityTesting_OwaspZapPythonAPI

Automated Security testing using ZAP Python API. This can be used with any functional UI automation tool.

Language: Python - Size: 20.5 KB - Last synced at: over 1 year ago - Pushed at: almost 2 years ago - Stars: 6 - Forks: 6

kh4sh3i/DevSecOps

Collection and Roadmap for everyone who wants DevSecOps, contains list of tools and methodologies

Size: 5 MB - Last synced at: about 2 years ago - Pushed at: almost 3 years ago - Stars: 5 - Forks: 2

ncc-erik-steringer/Aerides

An implementation of infrastructure-as-code scanning using dynamic tooling.

Language: HCL - Size: 58.6 KB - Last synced at: about 2 years ago - Pushed at: over 3 years ago - Stars: 53 - Forks: 0

Hack23/talks 📦

How to secure your development pipeline with static application security test (SAST) / Dynamic application security test (DAST), software composition analysis (SCA) using Sonarqube.

Size: 16 MB - Last synced at: about 2 years ago - Pushed at: over 2 years ago - Stars: 3 - Forks: 0