OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.

Datadog PHP Clients

Security testing toolkit for Claude Code: curated SecLists wordlists, injection payloads, and expert agents for authorized pentesting, CTFs, and bug bounties

Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.

A simple PHP application to learn SQL Injection detection and exploitation techniques.

Application with SQL Injection vulnerability and possible privilege escalation. Free vulnerable app for ethical hacking / penetration testing training.

OWASP Application Security Verification Standard 4.0 Checklist

webshells written with malice

Vulnerable Application written in PHP

Interactive SQL injection lab with real SQLite execution, 6 attack scenarios, CTF flags, and glassmorphic UI. Zero config — just PHP.

A simple static application security testing (SAST) tool for locating dangerous sinks in php applications.

PHP Implementation of SafeURL (Anti-SSRF lib)

Intentionally vulnerable web application built as a portfolio lab and integrated with a controlled Active Directory environment to demonstrate web exploitation, trust boundaries, and attack-chain risk in an isolated setting.

A self-hosted web application for managing OpenGrep security rules, running scans against your projects, and reviewing findings - all from a single dashboard.

Demonstration videos and presentation regarding the talk given at the VOXXED LU 2022 conference.

🕶️ Explore JumpBox, an intentionally vulnerable PHP web application on Ubuntu, designed for testing common web weaknesses in a safe lab environment.

This is the demo application of my talk "Defensive Coding Reloaded" held at the Securi-Tay 2022 conference in Dundee, Scotland.

A PHP library for creating typed values (Value Objects) with integrated validation via Respect\Validation. Built according to the principles of the Application Security Manifesto to ensure secure data processing.

AppSec engineering portfolio: OWASP Top 10 case studies in Python & PHP (threat → repro → impact → fix → tests) plus Secure SDLC & AWS security notes.

Simulate SQL injection attacks with a zero-config PHP tool to help security professionals test and understand database vulnerabilities safely.