- Ethical Hacker Easy Way - Introduction to ethical hacking principles and methodologies.
- Threat Modeling - Learn how to create a threat model for a given system.
- NMAP Practical Labs - Network scanner to identify open ports, services, and other network information.
- Security Engineering Fundamentals - Understanding the core principles of security engineering and how to apply them to real-world scenarios.
- Zero Trust Architecture - Exploring security model that assumes all users, devices, and applications are potentially hostile and must be verified.
- Safeguarding the AI Frontier: An In-Depth Analysis of Straiker's Revolutionary Security Solutions - Exploring how Straiker secures enterprise AI applications.
- OWASP - The Open Worldwide Application Security Project is dedicated to improving software security with tools, documents, and communities.
- Metasploit - Advanced open-source penetration testing platform that enables you to find, exploit, and validate vulnerabilities.
- Kali Linux - Linux distribution designed for digital forensics and penetration testing with hundreds of pre-installed tools.
- Nmap - Network mapper that discovers hosts and services on a computer network by sending packets and analyzing responses.
- Snort - Open-source network intrusion prevention and detection system capable of real-time traffic analysis.
- Wireshark - Network protocol analyzer that lets you see what's happening on your network at a microscopic level.
- Burp Suite - Integrated platform for performing security testing of web applications with various tools for the entire testing process.
- OWASP ZAP - Open-source web application security scanner for finding vulnerabilities in web applications.
- Nikto - Open-source web server scanner that performs comprehensive tests against web servers for multiple vulnerabilities.
- W3af - An open-source web application security scanner that helps secure web applications by finding and exploiting all web application vulnerabilities.
- Arachni - A feature-rich, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate web application security.
- Wapiti - A web application vulnerability scanner that performs black-box scans to audit the security of web applications.
- Vega - An open-source web security scanner and testing platform to test the security of web applications.
- OSSEC - Open-source host-based intrusion detection system that performs log analysis, integrity checking, and more.
- OpenVAS - Open-source vulnerability scanner and manager for detecting security issues in systems and web applications.
- Nuclei - A fast and customizable vulnerability scanner based on simple YAML-based DSL.
- Qualys VMDR - Combines vulnerability scanning with AI-driven risk prioritization, ideal for large IT infrastructures.
- Lynis - Security auditing tool for systems running Linux, macOS, or Unix-based operating systems.
- ModSecurity - Open-source web application firewall (WAF) that monitors HTTP traffic and protects against attacks.
- Hashcat - World's fastest and most advanced password recovery utility supporting over 300 hash types.
- Aircrack-ng - Network software suite for assessment of WiFi network security with monitoring, testing, and attacking capabilities.
- Shodan - Search engine for Internet-connected devices, allowing searches for specific types of computers and services.
- Falco - Cloud-native runtime security tool designed to detect anomalous activity in containerized applications.
- Trivy - Comprehensive vulnerability scanner for container images, file systems, and Git repositories.
- DefectDojo - Open-source vulnerability management tool that streamlines the testing process and offers metrics and reporting.
- MISP - Open-source threat intelligence platform for sharing, storing, and correlating IOCs and threat intelligence.
- OWASP Top Ten - A standard awareness document for developers and web application security, representing broad consensus about the most critical security risks to web applications.
- OWASP ASVS - The OWASP Application Security Verification Standard provides a framework for testing web application security controls.
- OWASP ZAP - A full-featured, free, and open-source DAST tool that includes both automated scanning for vulnerabilities and tools for manual web app penetration testing.
- Acunetix - A commercial tool focusing on web application vulnerability scanning, identifying issues such as SQL injection and XSS.
- Nikto - An open-source web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/CGIs.
- XSStrike - The most advanced XSS detection suite with a powerful fuzzing engine and context analysis engine.
- Sqlmap - An open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws.
- SANS Institute Training - Comprehensive cybersecurity training offering more than 60 courses across all practice areas including web security.
- Web Security Academy - A free online training center for web application security, including content from PortSwigger's in-house research team.
- TCM Security Academy - Practical, job-focused cybersecurity training designed by industry-leading instructors.
- Cybrary - Online cybersecurity courses and training for individuals and teams, including certification preparation.
- OWASP ASVS - The OWASP Application Security Verification Standard provides a framework for testing web application security controls.
- OWASP API Security Top 10 - A standard reference guide highlighting the most critical web API vulnerabilities.
- Paragonie Awesome AppSec - A curated list of resources for learning about application security, including books, websites, blog posts, and self-assessment quizzes.
- bumpgen - An AI agent that upgrades npm packages.