https://owasp.org/www-project-application-security-verification-standard/?fbclid=IwAR3Z1WEAqkfyIN4_LTNFY7_AEPg7_-Zhq5ZFaKu_QTWgrcdg4YjMRuRnlpU
OWASP ZAP is a web app vulnerability scanner (https://www.zaproxy.org/download/)
