OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
🎯 SQL Injection Payload List
A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.
Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure
vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
A Huge Learning Resources with Labs For Offensive Security Players
A laboratory for learning secure web and mobile development in a practical manner.
Damn Vulnerable NodeJS Application
OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)
Think of Local sheriff as a recon tool in your browser (WebExtension). While you normally browse the internet, Local Sheriff works in the background to empower you in identifying what data points (PII) are being shared / leaked to which all third-parties.
🚀 Join us for 30days of daily API security tests. #30days30tests We've spent last 120days building amazing API security tests for the community. Next 30 days we will post test tutorials here.
OWASP ASST (Automated Software Security Toolkit) | A Novel Open Source Web Security Scanner.
API Security Vulnerability Scanner designed to help you secure your APIs.
Vulnerable code snippets with fixes for Web2, Web3, API, iOS, Android and Infrastructure-as-Code (IaC)
A burp suite extension that reviews backup, old, temporary and unreferenced files on web server for sensitive information (OWASP WSTG-CONF-04, OTG-CONFIG-004)
Top 10 for Agentic AI (AI Agent Security) serves as the core for OWASP and CSA Red teaming work
A simple PHP application to learn SQL Injection detection and exploitation techniques.
Add a description, image, and links to the owasp-top-10 topic page so that developers can more easily learn about it.
To associate your repository with the owasp-top-10 topic, visit your repo's landing page and select "manage topics."