safely install npm packages by auditing them pre-install stage

A collection of ZAP scripts and tips provided by the community - pull requests very welcome!

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

Simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects.

Session Hijacking Visual Exploitation

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

A Tool for Domain Flyovers

Documentation for Essential Node.js Security

Presentations, training modules, and other education materials from Duo Security's Application Security team.

Audit your GitHub Actions workflow runs to see exactly which Actions were downloaded

Additional Resources For Securing The Stack Tutorials

Web Browser Hooking Framework. Manage, execute and assess web browser vulnerabilities

A low-cost approach to testing AI chat experiences and security concepts

Checkmarx Scan Github Action

Zero trust. Zero security. Total exposure. A deliberately vulnerable health tech platform with AI Chatbot for learning about application security and ethical hacking. It contains vulnerabilities from OWASP top 10 Web, API and AI/LLM Security Vulnerabilities. Highly vulnerable, never use in production.

✨ A customizable copilot-instructions.md ruleset & prompts to guide GitHub Copilot toward secure coding defaults in Java, Node.js, C# and Python. Blocks risky patterns, teaches safe habits.

A JavaScript-based SDK for delivering secure browser-based web applications over a Ziti Network

A hands-on AppSec fundamentals workshop where we explore protecting API's and Web apps

Akamai CLI for Application Security

A simple web app software supply chain monitoring toolkit