5 Repos
Security analysis performed on a running application to find flaws that only appear during execution.
Distinct from Web Application Penetration Testing: Existing candidates focus on penetration testing or general web security rather than the specific DAST methodology.
Explore 5 awesome GitHub repositories matching security & cryptography · Dynamic Application Security Testing. Refine with filters or upvote what's useful.
OWASP ZAP is a dynamic application security testing tool and intercepting HTTP proxy used to find vulnerabilities in web applications. It functions as a penetration testing framework that enables both automated security scanning and manual security testing of running web services. The tool provides a suite of capabilities for analyzing web applications from the outside in, including the ability to capture and modify traffic between a browser and a target application. It is designed to integrate into DevSecOps pipelines to provide consistent security checks across different environments.
Analyzes running web applications to identify security flaws that only appear during execution.
Security-101 is a vendor-agnostic, foundational cybersecurity learning curriculum organized into modular, framework-aligned modules. It is designed to build core knowledge across multiple security domains without tying content to specific products or platforms, making it suitable for both beginners and professionals seeking a structured introduction to the field. The curriculum is built around established security frameworks, including the MITRE ATT&CK framework for standardized threat analysis and the NIST Cybersecurity Framework for incident response workflows. It covers a broad range of do
Teaches sending input requests to live applications and analyzing responses to find security weaknesses.
Arachni is a dynamic application security testing vulnerability scanner and web application security tool. It functions as a distributed web audit framework that performs active and passive audits to identify security flaws such as SQL injection and cross-site scripting. The project features a JavaScript-aware web crawler that executes scripts and monitors DOM changes to analyze modern dynamic web applications. It utilizes server platform fingerprinting to target compatible security payloads and provides a grid-based system to distribute scanning workloads across multiple nodes. The tool cov
Performs security analysis on running applications to find flaws in modern web apps that rely on JavaScript and DOM changes.
APKLab is an integrated development environment designed for Android reverse engineering and mobile application security analysis. It provides a comprehensive workbench that enables users to decompile, analyze, modify, and repackage mobile application binaries directly within a code editor. The platform distinguishes itself by combining static code analysis with dynamic instrumentation capabilities. It transforms compiled packages into readable source code and assembly logic, while simultaneously offering tools to inject runtime hooks, patch application behavior, and intercept encrypted netwo
Performs dynamic runtime analysis and security testing by patching application binaries to bypass security controls.
Dieses Projekt ist ein umfassendes Bildungs-Repository, das darauf ausgelegt ist, DevOps-Praktiken durch strukturierte Lernpfade und praktische Übungen zu vermitteln. Es konzentriert sich auf die Beherrschung von Infrastrukturmanagement, Container-Orchestrierung und Systemadministration, indem es einen Lehrplan bereitstellt, der den gesamten Lebenszyklus Cloud-nativer Umgebungen abdeckt, von der anfänglichen Bereitstellung bis zur laufenden Wartung und Sicherheit. Das Repository zeichnet sich durch einen praktischen, aufgabenbasierten Ansatz für komplexe operative Domänen aus. Es führt Nutzer durch die Implementierung von Infrastructure-as-Code, die Konfiguration von Remote-State-Management für die Teamzusammenarbeit und die Bereitstellung mehrschichtiger Sicherheitshärtung. Durch die Betonung deklarativer Konfiguration und Befehlszeilenautomatisierung ermöglicht das Projekt Lernenden den Aufbau wiederholbarer, konsistenter Umgebungen über diverse Cloud-Plattformen hinweg. Die Lernmodule umfassen eine breite operative Oberfläche, einschließlich Datenbankadministration, automatisierter Bereitstellungspipelines und Observability-gesteuerter Systemüberwachung. Nutzer können das Konfigurieren von Netzwerkzugriffen, das Verwalten von Container-Ressourcenquoten und das Implementieren von Service-Meshes üben, während sie gleichzeitig Erfahrungen mit statischen und dynamischen Sicherheitstests sammeln. Die Inhalte sind in spezifische Tracks organisiert, die Entwicklern und Ingenieuren helfen, sich auf professionelle Zertifizierungen und reale Infrastrukturherausforderungen vorzubereiten.
Guides users through simulating external attacks against running applications to identify security vulnerabilities.