Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

This challenge is Inon Shkedy's 31 days API Security Tips.

APIKit：Discovery, Scan and Audit APIs Toolkit All In One.

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

Metlo is an open-source API security platform.

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.

Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure

A Huge Learning Resources with Labs For Offensive Security Players

open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

Organize your API security assessment by using MindAPI. It's free and open for community collaboration.

🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)

A industry-leading free, high-performance, AI and semantic technology web application and API security protection product - uuWAF. 一款工业级免费、高性能、高扩展，支持AI和语义引擎的Web应用和API安全防护产品-南墙。Web应用防火墙、WAF、WAAP

Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.

An API security tool to capture and analyze API traffic, test API endpoints, reconstruct Open API specification, and identify API security risks. 

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.

Ultra lightweight, dependency free and standalone JSON web token (JWT) library for PHP5.6 to PHP8.2. This library makes JWT a cheese. It is a minimal JWT integration for PHP.

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

A FREE comprehensive online Go hacking tutorial utilizing the x64, ARM64 and ARM32 architectures going step-by-step into the world of reverse engineering Golang from scratch.