OWASP Zed Attack Proxy(ZAP)是世界上最受欢迎的免费安全工具之一。ZAP可以帮助我们在开发和测试应用程序过程中,自动发现 Web应用程序中的安全漏洞。另外,它也是一款提供给具备丰富经验的渗透测试人员进行人工安全测试的优秀工具。
⚙️ A curated list of dynamic analysis tools and linters for all programming languages, binaries, and more.
xAST评价体系,让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".
SecHub provides a central API to test software with different security tools.
Runs a scan using Dastardly by Burp Suite against a target site and creates a JUnit XML report for the scan on completion.
A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
OWASP PTK - application security browser extension.
API Security Vulnerability Scanner designed to help you secure your APIs.
#网络爬虫#Sasori is a dynamic web crawler powered by Puppeteer, designed for lightning-fast endpoint discovery.
The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters
Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based on specific frameworks with very limited false positives.
Udemy Course on DevSecOps
Community curated list of nuclei templates for finding "unknown" security vulnerabilities.