Dynamic Application Security Testing - DAST

Collection of tools

Web

https://github.com/projectdiscovery/nuclei
https://portswigger.net/burp/dastardly
https://github.com/zaproxy/zaproxy
https://github.com/sullo/nikto
https://wapiti-scanner.github.io/

Web API

https://github.com/akto-api-security/akto
https://www.pynt.io/

# Corey Ball tool
https://apisecscan.com/
https://github.com/marketplace/actions/apisec-scan
https://github.com/apisec-university/free-API-security-test-action

# Automating with postman + ZAP
https://haymiz.dev/security/2024/04/27/automating-apis-with-postman-workflows/

Mobile

https://github.com/MobSF/Mobile-Security-Framework-MobSF

PreviousInfrastructure as Code - IaC NextStatic Application Security Testing - SAST

Last updated 2 months ago