Checkmarx / capital
A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Security vulnerabilities within your own API Security CTF.
☆285Updated 11 months ago
Alternatives and similar repositories for capital:
Users that are interested in capital are comparing it to the libraries listed below
- Websec interview questions by tib3rius answered☆307Updated last year
- API Security Project aims to present unique attack & defense methods in API Security field☆284Updated 3 years ago
- ☆186Updated 2 years ago
- GraphQL automated security testing toolkit☆313Updated last year
- ☆475Updated 11 months ago
- A curated list of Awesome Security Challenges.☆179Updated 4 months ago
- BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for c…☆405Updated 2 months ago
- Awesome information for WebSockets security research☆264Updated 3 years ago
- A tool to scrape the AWS ranges looking for a keyword in SSL certificate data.☆230Updated last year
- Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files☆216Updated 3 weeks ago
- This repo contains IOC, malware and malware analysis associated with Public cloud☆249Updated 4 months ago
- Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝☆132Updated this week
- Fast and customizable vulnerability scanner For JIRA written in Python☆317Updated 3 months ago
- Find authentication (authn) and authorization (authz) security bugs in web application routes.☆258Updated 2 weeks ago
- OWASP Foundation Web Respository☆19Updated 3 weeks ago
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagrams☆103Updated 2 months ago
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …☆629Updated last year
- ☆186Updated 4 months ago
- Security Auditor Utility for GraphQL APIs☆436Updated last month
- Security interview questions with possible explanation for roles in AppSec, Pentesting, Cloud Security, DevSecOps, Network Security and s…☆332Updated 3 months ago
- OWASP Code Review Guide Web Repository☆132Updated 2 years ago
- GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.☆265Updated this week
- Burp Suite Extension useful to verify OAUTHv2 and OpenID security☆186Updated 4 months ago
- Enumeration/exploit/analysis/download/etc pentesting framework for GCP; modeled like Pacu for AWS; a product of numerous hours via @Webbi…☆238Updated 2 weeks ago
- The OWASP DevSecOps Guideline explains how we can implement a secure pipeline and use best practices and introduce tools that we can use …☆66Updated 9 months ago
- Purposely vulnerable Java application to help lead secure coding workshops☆179Updated 9 months ago
- 🚀 Join us for 30days of daily API security tests. #30days30tests We've spent last 120days building amazing API security tests for the c…☆211Updated last year
- Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts.☆269Updated 6 months ago
- GCPGoat : A Damn Vulnerable GCP Infrastructure☆379Updated 5 months ago
- FlowMate, a BurpSuite extension that brings taint analysis to web applications, by tracking all parameters send to a target application a…☆156Updated 4 months ago