Awesome Application Security

Classes

Developed from the materials of NYU Poly's old Penetration Testing and Vulnerability Analysis course, Hack Night is a sobering introduction to offensive security. A lot of complex technical content is covered very quickly as students are introduced to a wide variety of complex and immersive topics over thirteen weeks.

Websites

Web App Sec Quiz

Self-assessment quiz for web application security

Juice Shop

An intentionally insecure Javascript Web Application.

OWASP NodeGoat 2.0k updated 1y ago

Purposly vulnerable to the OWASP Top 10 Node.JS web application, with tutorials, security regression testing with the OWASP Zap API, docker image. With several options to get up and running fast.

OWASP ServerlessGoat

OWASP ServerlessGoat is a deliberately insecure realistic AWS Lambda serverless application, maintained by OWASP and created by PureSec. You can install WebGoat, learn about the vulnerabilities, how to exploit them, and how to remediate each issue. The project also includes documentation explaining the issues and how they should be remediated with best-practices.

Juice Shop

An intentionally insecure Javascript Web Application.

Web App Sec Quiz

Self-assessment quiz for web application security

Repositories

Clojure OWASP 39 updated 1y ago

(2020) Repository with Clojure examples of OWASP top 10 vulnerabilities.

Go

Articles

Awesome Electron.js hacking & pentesting resources 661 updated 11mo ago

(2020) A curated list of resources to secure Electron.js-based applications.

Useful libraries

defuse/php-encryption 3.9k updated 2y ago

Symmetric-key encryption library for PHP applications. (Recommended over rolling your own!)

ircmaxell/password_compat 2.1k updated 2y ago

If you're using PHP 5.3.7+ or 5.4, use this to hash passwords

ircmaxell/RandomLib 841 updated 7y ago

Useful for generating random strings or numbers

thephpleague/oauth2-server 6.6k updated 2mo ago

A secure OAuth2 server implementation

paragonie/random_compat 8.2k updated 2mo ago

PHP 7 offers a new set of CSPRNG functions: randombytes() and randomint(). This is a community effort to expose the same API in PHP 5 projects (forward compatibility layer). Permissively MIT licensed.

psecio/gatekeeper 362 updated 9y ago

A secure authentication and authorization library that implements Role-Based Access Controls and Paragon Initiative Enterprises' recommendaitons for secure "remember me" checkboxes.

Websites

OWASP Python Security Wiki 412 updated 4y ago

(2014) A wiki maintained by the OWASP Python project.

Books and ebooks

Github 10 updated 10y ago

A guide to secure Ruby development by the Fedora Security Team. Also available on

Application Security

Contents

Classes

Websites

Repositories

Go

Articles

Useful libraries

Websites

Books and ebooks