A collection of ZAP scripts and tips provided by the community - pull requests very welcome!

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

Simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects.

Session Hijacking Visual Exploitation

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

A Tool for Domain Flyovers

Documentation for Essential Node.js Security

Presentations, training modules, and other education materials from Duo Security's Application Security team.

Audit your GitHub Actions workflow runs to see exactly which Actions were downloaded

Additional Resources For Securing The Stack Tutorials

Web Browser Hooking Framework. Manage, execute and assess web browser vulnerabilities

Checkmarx Scan Github Action

A low-cost approach to testing AI chat experiences and security concepts

Zero trust. Zero security. Total exposure. A deliberately vulnerable health tech platform with AI Chatbot for learning about application security and ethical hacking. It contains vulnerabilities from OWASP top 10 Web, API and AI/LLM Security Vulnerabilities. Highly vulnerable, never use in production.

A hands-on AppSec fundamentals workshop where we explore protecting API's and Web apps

A JavaScript-based SDK for delivering secure browser-based web applications over a Ziti Network

Akamai CLI for Application Security

A simple web app software supply chain monitoring toolkit

Fortify Software Security JavaScript sandbox

Core componentry for the Ziti browZer ecosystem (used internally by ziti-browzer-runtime and ziti-sdk-browzer)