OWASP - OWASP Amass
Description
The OWASP Amass tool is designed to help developers and security professionals enumerate and discover subdomains. It can be used for conducting reconnaissance during security assessments and can be integrated into automated workflows. Amass uses publicly available data sources to enumerate subdomains and perform DNS lookups. It can identify wildcard DNS records, perform brute force discovery, and resolve IP addresses to domain names. Amass also has features for visualizing the data it collects, which can be
More Information
https://owasp.org/www-project-amass/
Description
The OWASP Application Security Verification Standard (ASVS) is an open source, community-developed standard that provides a framework for testing the security of web applications. The ASVS covers a wide range of security topics, including authentication, authorization, access control, input validation, session management, and more. The standard is designed to be used by organizations of all sizes, and can be customized to fit the needs of specific applications.
More Information
https://owasp.org/www-project-application-security-verification-standard/
Description
The OWASP Cheat Sheet Series is a set of documents that provide information on various topics related to web security. The series includes cheat sheets on topics such as SQL injection, cross-site scripting, and password management. The aim of the series is to provide concise, task-oriented information that can be used to improve the security of web applications.
More Information
https://owasp.org/www-project-cheat-sheets/
Description
The OWASP CSRFGuard is a tool that helps protect web applications from cross-site request forgery (CSRF) attacks. CSRF attacks exploit vulnerabilities in web applications that allow an attacker to inject malicious code that is executed by the victim's browser. This can allow the attacker to perform unauthorized actions, such as stealing data or taking over the victim's account.
CSRFGuard works by adding a randomly generated token to each web page that is generated by the server.
More Information
https://owasp.org/www-project-csrfguard/
Description
OWASP CycloneDX is a tool that creates a Software Bill of Materials (SBOM) from a software project, which can be used to understand the dependencies and components used in the project. The tool can be used to create an SBOM for any software project, regardless of size or programming language.
More Information
https://owasp.org/www-project-cyclonedx/
Description
OWASP Defectdojo is a security tool that helps organizations manage and track software vulnerabilities. It provides a streamlined way to track flaws and batteryHistory pacing of remediation efforts. Defectdojo also makes it easy to submit, track, and measure the effectiveness of third-party security tools.
More Information
https://owasp.org/www-project-defectdojo/
Description
The tool OWASP Dependency-Check is a command line tool that can be used to check dependencies for known vulnerabilities. The tool will look through all of the dependencies for a project and report any known vulnerabilities. The goal of the tool is to help developers identify and fix vulnerabilities in their dependencies. The tool is open source and is available for free.
More Information
https://owasp.org/www-project-dependency-check/
Description
Dependency-Track is a tool that helps organizations track and manage software dependencies. It can be used to identify which dependencies are used by which applications, and to track the security vulnerabilities associated with those dependencies. Dependency-Track can also be used to monitor the health of dependencies, and to identify which dependencies are no longer being used by an organization.
More Information
https://owasp.org/www-project-dependency-track/
Description
The OWASP Juice Shop is an open source web application security testing tool written in Node.js. It is designed to be used by both developers and penetration testers. The tool can be used to test for a wide range of security vulnerabilities, including cross-site scripting, SQL injection, and session hijacking. The Juice Shop is also a very popular training tool, as it provides a wide range of challenges that can be used to help teach web application security.
More Information
https://owasp.org/www-project-juice-shop/
Description
The OWASP Mobile Application Security project is a collaborative effort to improve the security of mobile applications. The project provides resources and tools to help developers secure their mobile apps. The project also educates developers about common security risks and how to avoid them.
More Information
https://owasp.org/www-project-mobile-app-security/
Description
OWASP ModSecurity Core Rule Set is a free and open source web application firewall (WAF) rule set. It implementation is based on an open source web application firewall called ModSecurity. Core Rule Set provides protection against a variety of common attacks, such as SQL injection, cross-site scripting, and directory traversal. The project is led by a team of volunteer security experts from around the world.
More Information
https://owasp.org/www-project-modsecurity-core-rule-set/
Description
The OWASP OWTF tool is designed to help developers and pentesters assess the security of web applications. It does this by providing a comprehensive and extensible framework that can be used to test the security of web applications. OWASP OWTF is also designed to be modular, so that it can be easily extended and customized to meet the needs of specific projects.
More Information
https://owasp.org/www-project-owtf/
Description
The OWASP SAMM tool is designed to help developers and organizations create and maintain secure software development processes. It provides a framework for creating security policies and procedures, and provides guidance on how to implement these policies and procedures effectively. SAMM is divided into four main phases: Assess, Plan, Implement, and Monitor. Each phase contains a set of activities that should be completed in order to effectively secure software development.
More Information
https://owasp.org/www-project-samm/
Description
The OWASP Security Knowledge Framework (SKF) is a free and open source tool that helps organizations create and maintain a comprehensive security program. The SKF includes a security policy template, a security baseline, security controls, and guidance on how to implement a security program. The SKF is designed to be flexible and easily adaptable to the specific needs of an organization.
More Information
https://owasp.org/www-project-security-knowledge-framework/
Description
Security Shepherd is an open-source web application security training platform. It is designed to provide a realistic hacking environment where users can test their hacking skills by trying to exploit various vulnerabilities in web applications. The platform contains a wide range of challenges, from basic to advanced, covering key web application security topics such as SQL injection, cross-site scripting, and session hijacking.
More Information
https://owasp.org/www-project-security-shepherd/
Description
OWASP Top 10 is a classification of the most common attacks on the web. It has 10 entries, and these are:
Injection: Injection flaws, such as SQL injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s goal is to trick the interpreter into executing unintended commands or accessing data without proper authorization.
Broken Authentication and Session Management: Attackers can exploit poorly implemented authentication and
More Information
https://owasp.org/Top10/A00_2021_Introduction/
Description
The OWASP Web Security Testing Guide is a guide for web security testing that covers the most common web security risks and how to test for them. The guide covers common issues such as cross-site scripting (XSS), SQL injection, and session hijacking, and provides detailed instructions on how to test for each. The guide also includes a section on tools and resources that can help with web security testing.
More Information
https://owasp.org/www-project-web-security-testing-guide/
Description
ZAP (Zed Attack Proxy) is an intercepting proxy that enables one to analyze, modify and replay web traffic. It can be used to find vulnerabilities in web applications and to help developers to understand and fix them. ZAP is easy to use and extend, and can be integrated with a wide variety of tools.