Checkmarx / capital
A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Security vulnerabilities within your own API Security CTF.
☆281Updated 9 months ago
Alternatives and similar repositories for capital:
Users that are interested in capital are comparing it to the libraries listed below
- Websec interview questions by tib3rius answered☆306Updated last year
- Security Auditor Utility for GraphQL APIs☆409Updated this week
- GraphQL threat framework used by security professionals to research security gaps in GraphQL implementations☆300Updated last year
- GraphQL automated security testing toolkit☆309Updated 11 months ago
- Fast and customizable vulnerability scanner For JIRA written in Python☆318Updated 3 weeks ago
- FlowMate, a BurpSuite extension that brings taint analysis to web applications, by tracking all parameters send to a target application a…☆157Updated 2 months ago
- API Security Project aims to present unique attack & defense methods in API Security field☆281Updated 2 years ago
- BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for c…☆396Updated last week
- ☆184Updated last year
- Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/o…☆411Updated this week
- Security interview questions with possible explanation for roles in AppSec, Pentesting, Cloud Security, DevSecOps, Network Security and s…☆313Updated last month
- Awesome information for WebSockets security research☆258Updated 3 years ago
- This is a companion to the Security Engineer Questions☆202Updated last year
- Find authentication (authn) and authorization (authz) security bugs in web application routes.☆254Updated 7 months ago
- A Broken Application - Very Vulnerable!☆137Updated last week
- Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files☆216Updated last month
- ☆462Updated 9 months ago
- The Distributed Scanning Framework for Everybody! Control Your Infrastructure, Scale Your Scanning—On Your Terms. Easily distribute arbit…☆312Updated last week
- ☆195Updated 8 months ago
- This repo contains the code for my secure code review challenges☆78Updated this week
- openrisk is a tool that generates a risk score based on the results of a Nuclei scan.☆167Updated last week
- A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.☆573Updated 2 months ago
- Watch the latest awesome security talks around the globe☆270Updated 2 years ago
- A tool to scrape the AWS ranges looking for a keyword in SSL certificate data.☆229Updated last year
- Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝☆132Updated last year
- GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.☆233Updated this week
- Enumeration/exploit/analysis/download/etc pentesting framework for GCP; modeled like Pacu for AWS; a product of numerous hours via @Webbi…☆223Updated 4 months ago
- The AWS Enumerator was created for service enumeration and info dumping for investigations of penetration testers during Black-Box testin…☆194Updated 2 years ago
- vulnerable OAuth 2.0 applications: understand the security implications of your OAuth 2.0 decisions.☆308Updated 10 months ago
- ☆149Updated last year