"topic:dast" — Search

155 results for “topic:dast”

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

Go27.4k3.3kUpdated just now

attack-surfacecve-scannerdasthacktoberfestnuclei-enginesecuritysecurity-scannersubdomain-takeovervulnerability-assessmentvulnerability-detectionvulnerability-scanner

zaproxy/zaproxy

The ZAP by Checkmarx Core project

Java14.9k2.5kUpdated 4 hours ago

appsecdasthacktoberfestopensourcesecuritysecurity-scannerzapzap-developmentzaproxy

analysis-tools-dev/dynamic-analysis

⚙️ A curated list of dynamic analysis tools and linters for all programming languages, binaries, and more.

Markdown1.1k114Updated 5 hours ago

analysisdastdynamicdynamic-analysisdynamic-code-analysis

zaproxy/zap-extensions

ZAP Add-ons

HTML920772Updated 1 hour ago

appsecdasthacktoberfestopensourcesecuritysecurity-scannerzapzaproxy

zaproxy/community-scripts

A collection of ZAP scripts and tips provided by the community - pull requests very welcome!

JavaScript868256Updated 6 days ago

appsecdastscriptstipswebappseczaproxy

FuzzingLabs/fuzzforge_ai

AI-powered workflow automation and AI Agents platform for AppSec, Fuzzing & Offensive Security. Automate vulnerability discovery with intelligent fuzzing, AI-driven analysis, and a marketplace of security tools.

Python76690Updated 1 day ago

agentaiappsecautomationdastdevsecopsfuzzingoffensive-securitysastsecuritysecurity-toolsvulnerabilitiesworkflowworkflow-automation

alipay/ant-application-security-testing-benchmark

xAST评价体系，让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".

Java46559Updated 11 hours ago

applicationbenchmarkdastevaluationiastsastscasecuritytesting

zaproxy/action-full-scan

A GitHub Action for running the ZAP Full scan

JavaScript36270Updated 4 days ago

actionsdastdevsecopsgithub-actionssecurity

mercedes-benz/sechubArchived

SecHub provides a central API to test software with different security tools.

Java35579Updated 3 weeks ago

apiappsecbuildclientcontinuous-integrationdastk8sorchestrationrestsastsdlcsecdevopssechubsecuritysecurity-automationsecurity-scannersecurity-testingsecurity-toolsservervulnerability-scanners

zaproxy/action-baseline

A GitHub Action for running the ZAP Baseline scan

JavaScript35258Updated 1 week ago

actionsdastdevsecopsgithub-actionssecurity

PortSwigger/dastardly-github-action

Runs a scan using Dastardly by Burp Suite against a target site and creates a JUnit XML report for the scan on completion.

Dockerfile295100Updated 3 weeks ago

automationdastdevsecopssecurity-tools

we45/ThreatPlaybook

A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration

Python28162Updated 6 days ago

application-securitydastdevsecopspythonsastthreat-model

cerberauth/vulnapi

API Security Vulnerability Scanner designed to help you secure your APIs.

Go24629Updated 2 days ago

api-securityapi-security-testingapi-testingauthenticationauthorizationcybersecuritydastgraphqljwtopenapiowasp-top-10securitysecurity-scannersecurity-toolsvulnerability-scanners

DenisPodgurskii/pentestkit

OWASP PTK - application security browser extension.

JavaScript18635Updated 2 days ago

command-injection-attackcommandinjectiondastiastjwtjwt-securityowaspsastsecuritysql-injection-attackssqlinjectionxssxss-exploitation

karthikuj/sasori

Sasori is a dynamic web crawler powered by Puppeteer, designed for lightning-fast endpoint discovery.

JavaScript14717Updated 1 month ago

automationcrawlercrawlingdastdynamicendpoint-discoveryinfosecpuppeteerscrapingsecurity

secdec/attack-surface-detector-burp

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

Java11033Updated 2 months ago

dastpentestingsecurityvulnerability

hahwul/mzap

⚡️ Multiple target ZAP Scanning

Crystal10617Updated 6 days ago

bugbountydasthackingsecurityzaproxyzaproxy-automation

Zigrin-Security/CakeFuzzer

Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based on specific frameworks with very limited false positives.

Python1049Updated 2 weeks ago

cybersecuritydasthackingiastsast

sidd-harth/kubernetes-devops-security

Udemy Course on DevSecOps

Java1001.8kUpdated 3 weeks ago

dastdevopsdevsecopsdockeristiojenkinskuberneteskubesealnodejssastsonarqubespringboottrivy

Zeronleft/lotus

:zap: Fast Web Security Scanner written in Rust based on Lua Scripts :waning_gibbous_moon: :crab:

Rust9113Updated 4 days ago

automationdastdevsecopslua-embeddingrustsecuritysecurity-tools

projectdiscovery/fuzzing-templatesArchived

Community curated list of nuclei templates for finding "unknown" security vulnerabilities.

9017Updated 1 day ago

apidastfuzzingnucleisecurity

matank001/Moxy

Moxy is an open-source DAST tool designed for modern web application security testing. It provides an easy-to-use interface with agentic capabilities to assist and automate pentesting workflows.

TypeScript865Updated 2 days ago

agentic-aiburp-alternativeburpsuitecaido-alternativedasthacking-toolmoxypentestingproxy

zaproxy/zaproxy-website

The source of ZAP website

HTML78124Updated 1 day ago

appsecdasthacktoberfestopensourcesecuritysecurity-scannerwebappsecwebsitezaproxy

AgentSecOps/SecOpsAgentKit

Security operations toolkit for AI coding agents. Give Claude Code 25+ skills to catch vulnerabilities, scan containers, detect secrets, and enforce policies automatically.

Open Policy Agent7413Updated 2 days ago

agentsai-agentsanthropicappsecclaude-codedastdevsecopsllm-toolssastsecuritysecurity-automationsecurity-toolsshift-leftvulnerability-scanning

zaproxy/action-api-scan

A GitHub Action for running the ZAP API scan

JavaScript6923Updated 1 week ago

actiondastdevsecopsgithub-actionssecurity

rmkanda/tools

Curated list of security tools

6816Updated 3 days ago

clouddastdevsecopskuberneteslistoscossoss-compliancesastscannersecuritysecurity-toolstools

secdec/attack-surface-detector-zap

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

Java6715Updated 1 week ago

dastpentestingsecurityvulnerability

ionutbalosin/java-application-security-practices

Application security best practices and code implementations for Java developers. This project is intended for didactic purposes only, supporting my training course.

Java6213Updated 2 months ago

api-securityauthorization-code-flowauthorization-code-flow-with-pkceclient-credentials-flowcorscspdastjava-process-securityjson-web-key-setjwksoauth-grant-typespassword-flowroles-based-access-controlsastscasecurity-design-principlessecurity-loggingsecurity-testingtoken-introspection

infobyte/faraday_plugins

Security tools report parsers for Faradaysec.com

Python5921Updated 1 week ago

dastdevsecopsfaradaysecpentestingsecurity-automationsecurity-testingsecurity-toolssecurity-vulnerabilityvulnerability-scanners

ncc-erik-steringer/Aerides

An implementation of infrastructure-as-code scanning using dynamic tooling.

HCL560Updated 1 year ago

awscloud-securitydastiaclocalstacksastterraform

Page 1 of 6