awesome-repositories.com
المدونة
awesome-repositories.com

اكتشف أفضل مستودعات المصادر المفتوحة باستخدام بحث مدعوم بالذكاء الاصطناعي.

استكشفعمليات بحث منسقةبدائل مفتوحة المصدربرمجيات ذاتية الاستضافةالمدونةخريطة الموقع
المشروعحولكيفية ترتيب النتائجالصحافةخادم MCP
قانونيالخصوصيةالشروط
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

72 مستودعات

Awesome GitHub RepositoriesWeb Application Security

Frameworks and middleware for securing web applications through authentication, authorization, and data protection.

Distinguishing note: Focuses on web-specific security layers rather than generic cryptographic primitives.

Explore 72 awesome GitHub repositories matching security & cryptography · Web Application Security. Refine with filters or upvote what's useful.

Awesome Web Application Security GitHub Repositories

اعثر على أفضل المستودعات باستخدام الذكاء الاصطناعي.سنبحث عن أفضل المستودعات المطابقة باستخدام الذكاء الاصطناعي.
  • awesome-selfhosted/awesome-selfhostedالصورة الرمزية لـ awesome-selfhosted

    awesome-selfhosted/awesome-selfhosted

    299,516عرض على GitHub↗

    هذا المشروع عبارة عن دليل منسق من قبل المجتمع للبرمجيات مفتوحة المصدر المصممة للنشر في بيئات الخوادم الخاصة والمختبرات المنزلية. يعمل كمورد شامل لاكتشاف بدائل مستقلة ذاتية الاستضافة لخدمات السحابة السائدة، مما يمكن المستخدمين من الحفاظ على ملكية كاملة للبيانات والتحكم في بنيتهم التحتية الرقمية. يتم تنظيم الدليل من خلال تصنيف هرمي ينظم مجموعة واسعة من التطبيقات في فئات منطقية، تتراوح من إدارة الوسائط وتحليل البيانات إلى التواصل الخاص وأدوات إنتاجية الفريق. يتميز بعملية مراجعة أقران تعاونية، حيث يقوم أعضاء المجتمع بالتحقق من جودة وملاءمة كل طلب لضمان بقاء الدليل دقيقاً وموثوقاً. يغطي المشروع نطاقاً واسعاً من القدرات، بما في ذلك أتمتة البنية التحتية، ونشر الخدمات القائمة على الحاويات، وإدارة التكوين التصريحي. تساعد هذه الأدوات المستخدمين في الحفاظ على بيئات خادم قابلة للتكرار وإدارة تبعيات الخدمات المعقدة عبر الأجهزة الخاصة. يتم الحفاظ على الدليل كمستودع خاضع للتحكم في الإصدار، مما يضمن تتبع جميع التحديثات والتغييرات التي يقودها المجتمع وأنها شفافة.

    Inspects incoming web traffic using artificial intelligence and semantic analysis to block malicious requests.

    awesomeawesome-listcloud
    عرض على GitHub↗299,516
  • dotnet/aspnetcoreالصورة الرمزية لـ dotnet

    dotnet/aspnetcore

    38,143عرض على GitHub↗

    This project is a comprehensive server-side web framework designed for building scalable web applications and services. It provides a structured, component-based architecture that integrates a dependency injection container to manage service lifecycles and promote loose coupling across the software stack. The framework enables the creation of interactive client-side interfaces through a component-based model that synchronizes state directly with the browser. The platform distinguishes itself through a highly configurable middleware-based request pipeline and an attribute-based routing engine

    Protecting sensitive user data and system resources by implementing robust authentication and authorization layers within a web environment.

    C#aspnetcoredotnethacktoberfest
    عرض على GitHub↗38,143
  • nextauthjs/next-authالصورة الرمزية لـ nextauthjs

    nextauthjs/next-auth

    28,277عرض على GitHub↗

    Next-auth is an authentication and identity management library for web frameworks. It provides a unified system for handling user sign-in and session state across server and client environments, functioning as a session management framework and an OIDC authentication library. The project distinguishes itself through a provider-based identity abstraction that supports multiple authentication methods, including OAuth, email magic links, traditional credentials, and passwordless passkeys. It allows for the registration of custom OAuth or OIDC compliant providers and offers tools to define branda

    Provides security middleware to protect web applications using CSRF token validation and restrictive cookie policies.

    TypeScriptauthauthenticationcsrf
    عرض على GitHub↗28,277
  • iaincollins/next-authالصورة الرمزية لـ iaincollins

    iaincollins/next-auth

    28,272عرض على GitHub↗

    Next-auth is an authentication library and identity framework used to manage user sign-in and session state across web applications. It provides a system for handling user identity through OAuth, OpenID Connect, and passwordless sign-in flows. The project features a multi-provider framework that integrates third-party identity services and custom directory backends. It supports passwordless authentication via email magic links or hardware keys and utilizes a database-agnostic storage layer to persist authentication states across different database types or in-memory. Security is managed thro

    Secures web applications by protecting sign-in routes from CSRF and encrypting session tokens.

    TypeScript
    عرض على GitHub↗28,272
  • locustio/locustالصورة الرمزية لـ locustio

    locustio/locust

    27,516عرض على GitHub↗

    Locust is a distributed performance testing framework that allows users to define complex system stress scenarios using standard Python code. By modeling concurrent users as classes with weighted tasks and lifecycle hooks, it enables the simulation of realistic user behavior across large-scale environments. The tool functions as a scalable load generator capable of orchestrating traffic across multiple worker nodes to measure system stability and responsiveness under heavy, real-world conditions. The framework is distinguished by its protocol-agnostic architecture, which supports diverse comm

    Secures the web dashboard with custom authentication mechanisms like username-password validation or SSO.

    Pythonbenchmarkinghttpload-generator
    عرض على GitHub↗27,516
  • fallibleinc/security-guide-for-developersالصورة الرمزية لـ FallibleInc

    FallibleInc/security-guide-for-developers

    21,090عرض على GitHub↗

    This project is a web application security guide and developer training resource. It serves as a secure coding framework and vulnerability remediation manual, providing software engineers with the tools to identify, prioritize, and fix common security holes across different application layers. The resource utilizes a structured verification framework and security audit checklists to systematically find vulnerabilities. It features a technical reference that maps specific security flaws to step-by-step instructions for remediation, supported by vulnerability statistics to help determine which

    Offers a comprehensive security framework for web applications covering authentication, authorization, and data protection layers.

    عرض على GitHub↗21,090
  • gravitational/teleportالصورة الرمزية لـ gravitational

    gravitational/teleport

    19,863عرض على GitHub↗

    Teleport is a zero-trust access platform designed to provide secure, identity-based connectivity to servers, databases, and Kubernetes clusters. It functions as a centralized gateway that replaces static credentials with short-lived, identity-bound cryptographic certificates, effectively eliminating the need for traditional VPNs and long-term secret exposure. The platform distinguishes itself by orchestrating access through a unified control plane that maps external identity provider claims to granular, role-based infrastructure permissions. It enforces security through mutual TLS gateways an

    Exposes internal web applications through a secure gateway using unique subdomains and automated certificate management.

    Goauditbastioncertificate
    عرض على GitHub↗19,863
  • moientajik/aspnetcore-developer-roadmapالصورة الرمزية لـ MoienTajik

    MoienTajik/AspNetCore-Developer-Roadmap

    19,536عرض على GitHub↗

    This project provides a structured curriculum and visual guide for mastering web development within the ASP.NET Core ecosystem. It serves as a comprehensive roadmap that maps out the essential technologies, milestones, and proficiency sequences required for developers to progress from beginner to advanced levels. The repository distinguishes itself by curating high-quality learning resources and technical documentation into a logical progression. It visualizes complex development paths through structured diagrams, helping users navigate the technical requirements of building and maintaining m

    Covers secure web application development practices including identity management and authorization.

    asp-net-coreaspnet-coreaspnetcore
    عرض على GitHub↗19,536
  • micropoor/micro8الصورة الرمزية لـ Micropoor

    Micropoor/Micro8

    18,060عرض على GitHub↗

    Micro8 is a security auditing knowledge base and penetration testing resource library. It serves as a curated collection of guides and documentation focused on vulnerability assessment. The project provides educational content and study guides for manual source code review, domain escalation, and internal network auditing. It includes a toolkit of reference materials for analyzing network traffic logs and identifying brute-force patterns. The library covers technical domains including web penetration testing and privilege escalation. It organizes these materials through PDF-based knowledge r

    Includes educational materials on the systematic process of auditing web application security.

    micro8micropoorpenetration
    عرض على GitHub↗18,060
  • dotnet/runtimeالصورة الرمزية لـ dotnet

    dotnet/runtime

    17,966عرض على GitHub↗

    This project is a cross-platform managed execution environment and general-purpose application framework designed for building high-performance software. It provides a unified runtime that handles memory management, type safety, and code execution across diverse operating systems. By integrating a native code compilation toolchain, the platform enables developers to convert managed code into optimized machine instructions, significantly improving startup performance and reducing runtime dependencies for production environments. The framework distinguishes itself through a comprehensive toolch

    Secures web applications through built-in identity management and authentication policies.

    C#dotnethacktoberfesthelp-wanted
    عرض على GitHub↗17,966
  • vxcontrol/pentagiالصورة الرمزية لـ vxcontrol

    vxcontrol/pentagi

    17,766عرض على GitHub↗

    Pentagi is an autonomous security testing framework and agent orchestrator designed to plan and execute end-to-end security assessments. It utilizes a coordination engine to decompose complex goals into actionable subtasks, performing automated penetration testing and vulnerability research within isolated container environments. The system distinguishes itself through a temporal knowledge graph that tracks semantic relationships between entities and vulnerabilities to reuse intelligence across projects. It includes a web intelligence reconnaissance tool for automated data gathering and agent

    Includes tools for automated web reconnaissance to gather intelligence and map targets for security workflows.

    Goai-agentsai-security-toolanthropic
    عرض على GitHub↗17,766
  • projectdiscovery/katanaالصورة الرمزية لـ projectdiscovery

    projectdiscovery/katana

    15,584عرض على GitHub↗

    Katana is a web crawler and spider designed for security reconnaissance and web application mapping. It functions as a utility for identifying endpoints, forms, and API structures across web targets by combining standard HTTP request traversal with headless browser automation to render dynamic, JavaScript-heavy content. The tool distinguishes itself through its ability to maintain authenticated sessions and handle complex web interactions, such as automated form submission and captcha resolution. It provides granular control over the discovery process, allowing users to define specific crawl

    Maps web application structures and endpoints to identify hidden resources during security assessments.

    Goclicrawlergocrawler
    عرض على GitHub↗15,584
  • quarkusio/quarkusالصورة الرمزية لـ quarkusio

    quarkusio/quarkus

    15,479عرض على GitHub↗

    Quarkus is a Kubernetes-native Java framework designed for building high-performance, memory-efficient applications. It utilizes ahead-of-time native compilation to transform Java code into standalone, optimized binaries that eliminate the need for a virtual machine, enabling rapid startup and reduced memory consumption. By performing code augmentation during the build phase, it shifts heavy processing tasks away from runtime, ensuring that applications are optimized for cloud-native environments. The framework distinguishes itself through a unified approach to reactive and imperative program

    Implements comprehensive web security mechanisms including OpenID Connect, OAuth2, and Basic authentication to protect application resources.

    Javacloud-nativehacktoberfestjava
    عرض على GitHub↗15,479
  • s0md3v/xsstrikeالصورة الرمزية لـ s0md3v

    s0md3v/XSStrike

    14,752عرض على GitHub↗

    XSStrike is an automated security scanning engine designed for web application discovery, input

    Mapping web application structures and discovering hidden paths to identify potential injection points for comprehensive security analysis.

    Pythonwaf-detectionxssxss-bruteforce
    عرض على GitHub↗14,752
  • oauth2-proxy/oauth2-proxyالصورة الرمزية لـ oauth2-proxy

    oauth2-proxy/oauth2-proxy

    14,576عرض على GitHub↗

    This project is a reverse proxy server that secures internal web services by enforcing authentication against external identity providers. It acts as a gatekeeper for incoming HTTP traffic, validating user identity before forwarding requests to protected backend applications. By integrating with OAuth2 and OIDC providers, the proxy ensures that only authorized users can access internal resources. The proxy distinguishes itself through its flexible session management and granular access control. It maintains authenticated user state across requests using either encrypted client-side cookies or

    Secures internal web applications by enforcing mandatory authentication against external identity providers.

    Gocloud-infrastructurehacktoberfestoauth2-proxy
    عرض على GitHub↗14,576
  • maurosoria/dirsearchالصورة الرمزية لـ maurosoria

    maurosoria/dirsearch

    14,403عرض على GitHub↗

    dirsearch is a command-line security tool and web path scanner used for discovering hidden directories and files on web servers. It functions as a recursive directory fuzzer and brute-force utility that identifies undocumented paths and sensitive files using wordlists and HTTP status codes. The tool distinguishes itself through template-driven path generation and an automated HTTP response filter that uses status codes, content length, and regex patterns to isolate valid targets. It supports recursive directory crawling to map complex web structures and provides state-persistence serializatio

    Implements utilities for mapping and discovering the structure of web applications through active reconnaissance.

    Python
    عرض على GitHub↗14,403
  • casdoor/casdoorالصورة الرمزية لـ casdoor

    casdoor/casdoor

    13,814عرض على GitHub↗

    Casdoor is a centralized identity and access management platform that functions as an OAuth 2.0 authorization server. It provides a comprehensive suite of services for managing user identities, authentication sessions, and access policies across both web and machine-to-machine applications. Built with a decoupled frontend-backend architecture in Go, the platform supports high-concurrency environments and offers a web-based management interface for administrative tasks. The platform distinguishes itself through its extensive support for federated identity management, allowing integration with

    Applies distinct security policies by categorizing traffic between user-facing web applications and machine-to-machine services.

    Goai-gatewayauthauthentication
    عرض على GitHub↗13,814
  • dotnet/aspnetcore.docsالصورة الرمزية لـ dotnet

    dotnet/AspNetCore.Docs

    13,115عرض على GitHub↗

    ASP.NET Core is a unified, cross-platform framework designed for building scalable web applications and services. It provides a comprehensive environment for constructing server-side rendered applications, real-time communication services, and interactive web components using C# and .NET. The framework distinguishes itself through a modular architecture that centers on a built-in dependency injection container, which manages service lifecycles and component modularity to improve testability. It utilizes a middleware pipeline to process requests and employs policy-based authorization to secure

    Protects services with built-in mechanisms for authentication, authorization, and data encryption.

    C#aspaspnetaspnet-core
    عرض على GitHub↗13,115
  • spatie/laravel-permissionالصورة الرمزية لـ spatie

    spatie/laravel-permission

    12,911عرض على GitHub↗

    This is a role-based access control system for Laravel applications that manages user permissions and roles within a database. It provides a database permissions manager to assign specific abilities to users and roles, utilizing authorization gates to restrict access to routes and interface elements. The project features a wildcard permission system that uses pattern matching to grant broad access across multiple related permissions. It also supports team-scoped access control, allowing users to maintain different roles and permission levels across separate organizational contexts or teams.

    Secures Laravel applications by implementing route guards and middleware to protect sensitive application areas.

    PHP
    عرض على GitHub↗12,911
  • crowdsecurity/crowdsecالصورة الرمزية لـ crowdsecurity

    crowdsecurity/crowdsec

    12,574عرض على GitHub↗

    CrowdSec is a collaborative, distributed security engine designed for threat detection and infrastructure protection. It functions as an intrusion detection system that parses logs and network traffic to identify malicious patterns, utilizing a bucket-based threshold detection model to aggregate events and trigger alerts. The platform is built on a modular architecture that includes a centralized local API server for managing security signals and a relational database for persistent storage of remediation decisions. What distinguishes the project is its decoupled enforcement model, which offl

    Integrates security inspection components with web applications to enforce request filtering and blocking.

    Goattacks-preventiondetectionids
    عرض على GitHub↗12,574
السابق123…4التالي
  1. Home
  2. Security & Cryptography
  3. Web Application Security

استكشف الوسوم الفرعية

  • CORS IntegrationsUsing cross-origin resource sharing to allow web applications to interact with remote file servers. **Distinct from Web Application Security:** Focuses specifically on the CORS-based connectivity between web apps and servers.
  • Java Security Manager PoliciesFine-grained permission control over web application behavior using the Java Security Manager. **Distinct from Web Application Security:** Distinct from general Web Application Security: specifically uses the Java Security Manager for fine-grained permission control.
  • Reconnaissance ToolsUtilities for mapping and discovering the structure of web applications. **Distinct from Web Application Security:** Distinct from Web Application Security: focuses on active discovery and mapping of endpoints rather than defensive security layers.
  • Secure Web Gateways1 وسم فرعيExposes internal web applications through a secure proxy with automated certificate management. **Distinct from Web Application Security:** Distinct from Web Application Security: focuses on the proxying and gateway functionality rather than application-level vulnerability protection.
  • Web Application AnalysisActive probing and fuzzing of web applications to identify endpoints and secrets. **Distinct from Web Application Security:** Focuses on the analysis and discovery of application flaws rather than the implementation of security middleware.
  • Web Security Auditing2 وسوم فرعيةProcesses and toolsets for systematically verifying the security posture of web applications. **Distinct from Web Application Security:** Distinct from general Web Application Security by focusing on the auditing and verification process rather than the protective middleware.