Application Security
Contents
Websites
Self-assessment quiz for web application security
An intentionally insecure Javascript Web Application.
Purposly vulnerable to the OWASP Top 10 Node.JS web application, with tutorials, security regression testing with the OWASP Zap API, docker image. With several options to get up and running fast.
OWASP ServerlessGoat is a deliberately insecure realistic AWS Lambda serverless application, maintained by OWASP and created by PureSec. You can install WebGoat, learn about the vulnerabilities, how to exploit them, and how to remediate each issue. The project also includes documentation explaining the issues and how they should be remediated with best-practices.
An intentionally insecure Javascript Web Application.
Repositories
Go
Useful libraries
Symmetric-key encryption library for PHP applications. (Recommended over rolling your own!)
If you're using PHP 5.3.7+ or 5.4, use this to hash passwords
Useful for generating random strings or numbers
A secure OAuth2 server implementation
PHP 7 offers a new set of CSPRNG functions: randombytes() and randomint(). This is a community effort to expose the same API in PHP 5 projects (forward compatibility layer). Permissively MIT licensed.
A secure authentication and authorization library that implements Role-Based Access Controls and Paragon Initiative Enterprises' recommendaitons for secure "remember me" checkboxes.