OWASP – The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Portswigger – PortSwigger offers tools for web application security, testing & scanning. Choose from a wide range of security tools & identify the very latest vulnerabilities. Let’s Encrypt – Let’s Encrypt is a […]


API Security in Action – Book covering API security including secure development, token-based authentication, JSON Web Tokens, OAuth 2, and Macaroons. (early access, published continuously, final release summer 2020) Secure by Design – Book that identifies design patterns and coding styles that make lots of security vulnerabilities less likely. (early access, published continuously, final release […]

Docker Images for Penetration Testing & Security

docker pull owasp/zap2docker-stable – official OWASP ZAP docker pull wpscanteam/wpscan – official WPScan docker pull citizenstig/dvwa – Damn Vulnerable Web Application (DVWA) docker pull hmlio/vaas-cve-2014-6271 – Vulnerability as a service: Shellshock docker pull hmlio/vaas-cve-2014-0160 – Vulnerability as a service: Heartbleed docker pull opendns/security-ninjas – Security Ninjas docker pull diogomonica/docker-bench-security – Docker Bench for Security docker […]