OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

A language designed for the web that integrates with TypeScript

Gram is Klarna's own threat model diagramming tool

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

bumpgen is an AI agent that upgrades npm packages

CodeBreakers: From Dev to Hacker - Teaching developers to how become a app sec ninja !

Stop leaks. Safeguard your secrets with GitGuardian. GitGuardian actively prevents accidental exposure of sensitive information in your code, allowing you to code confidently and maintain the integrity of your data.

This is a demo project for the SecTester JS SDK framework, with some installation and usage examples.

Agile Threat Modeling as Code

Deep-TreatModel is an advanced threat modeling tool that leverages multiple AI agents to craft comprehensive and reliable threat models.

SecTester is a new tool that integrates our enterprise-grade scan engine directly into your unit tests.

Open Source ASPM Platform

🐋 Customize your own StackHawk docker images

A Caido extension written in Typescript that makes an OPTIONS request and determines if other HTTP methods than the original request are available. If there are other methods available, findings are created on the fly which will be enhanced based on pending further capabilities from the Caido SDK.

A JavaScript Shell PowerApps PCF component for education and research

An insecure NodeJS/Express/MongoDB REST API for educational purposes.

A POC showing how to use Snyk IaC product in PR checks

A simple projection calculator to estimate ASU consumption in your Dynatrace Environment prior to enabling Application Security

postMessage() vulnerability tester

AppSec/DevSecOps work: CI/CD security pipelines, custom SAST/DAST rules, threat models & contributor docs.