Owasp Top 10 Collection

◆

◆

◆

◆

💎Aqua

★★★

“OWASP Juice Shop: Probably the most modern and sophisticated insecure web application”

◆

◆

◆

◆

📦Normal

★★

“A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.”

◆

◆

◆

◆

☠️Poison

★★

“OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.”

◆

◆

◆

◆

⚡Thunder

★★

“Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure”

◆

◆

◆

◆

🔥Flame

★★

“vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.”

◆

◆

◆

◆

📦Normal

★★

“A Huge Learning Resources with Labs For Offensive Security Players”

◆

◆

◆

◆

☠️Poison

★★

“A laboratory for learning secure web and mobile development in a practical manner.”

◆

◆

◆

◆

📦Normal

★★

“Damn Vulnerable NodeJS Application”

◆

◆

◆

◆

🔥Flame

★★

“Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking”

◆

◆

◆

◆

⚔️Fighting

★

“OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS”

◆

◆

◆

◆

🔮Psychic

★

“Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)”

◆

◆

◆

◆

⚡Electric

★

“Think of Local sheriff as a recon tool in your browser (WebExtension). While you normally browse the internet, Local Sheriff works in the background to empower you in identifying what data points (PII) are being shared / leaked to which all third-parties.”

◆

◆

◆

◆

🌊Water

★

“API Security Vulnerability Scanner designed to help you secure your APIs.”

◆

◆

◆

◆

🔮Psychic

★

“Bypass 4xx HTTP response status codes and more. The tool is based on Python Requests, PycURL, and HTTP Client.”

◆

◆

◆

◆

💎Aqua

★

“Enhance the security of your web applications effortlessly with AWS Firewall Factory. Safeguard your valuable assets through seamless WAF deployment, updates, and staging, all centrally managed with AWS Firewall Manager.”

◆

◆

◆

◆

🔮Psychic

★

“IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.”

◆

◆

◆

◆

📦Normal

★

“🚀 Join us for 30days of daily API security tests. #30days30tests We've spent last 120days building amazing API security tests for the community. Next 30 days we will post test tutorials here. ”

◆

◆

◆

◆

📦Normal

★

“Top 10 for Agentic AI (AI Agent Security) serves as the core for OWASP and CSA Red teaming work”