Highlights
PracticalDevSec
Vulnerable app with examples showing how to not use secrets
Practical Cryptography for Developers: Hashes, MAC, Key Derivation, DHKE, Symmetric and Asymmetric Ciphers, Public Key Cryptosystems, RSA, Elliptic Curves, ECC, secp256k1, ECDH, ECIES, Digital Sign…
🐶 A curated list of Web Security materials and resources.
The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
Implementation of a bulletproof node.js API 🛡️
Select proof-of-concept exploits for software vulnerabilities to aid in identifying and testing vulnerable systems.
How to systematically secure anything: a repository about security engineering
This challenge is Inon Shkedy's 31 days API Security Tips.
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Checklist of the most important security countermeasures when designing, testing, and releasing your API
A lab to play with authentication and authorisation problems
A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.
WebGoat is a deliberately insecure application
Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practising GraphQL Security.
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, s…
Host and manage multiple Juice Shop instances for security trainings and Capture The Flags
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
A GitHub Security Lab initiative, providing an in-repo learning experience, where learners secure intentionally vulnerable code.
Vulnerable Python Application To Learn Secure Development
Example implementations of storing tokens in vanilla JS
The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to pen testing.
An online multiplayer version of the Elevation of Privilege (EoP) threat modeling card game
An open source threat modeling tool from OWASP