The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.
ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
PhantomJS-based web performance metrics collector and monitoring tool
North is a set of standards and best practices for developing modern web based properties. Included are standards and best practices for all aspects of a project, from kick off through development. North encourages an agile, content-first, approach to product development and a mobile-first, in-browser, system based approach to design and development.
localForage is a handy library that improves the offline experience of your web app by using asynchronous storage (via IndexedDB or WebSQL where available) but with a simple, localStorage-like API.
Beautiful text chat for your community.
Scrollback hosts rooms that can be easily embedded on any website.
Turn websites into structured APIs from your browser in seconds
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
A flexible web app showing vulnerabilities such as cross site scripting, sql injections, and session management issues. Helpful to IT auditors honing web security skills and setting up 'capture the flag'.
YSlow for PhantomJS
Catches mail and serves it through a dream.
MailCatcher runs a super simple SMTP server which catches any message sent to it to display in a web interface.
Phalcon is a web framework implemented as a C extension offering high performance and lower resource consumption.
Web Platform Docs is a community-driven site that aims to become a comprehensive and authoritative source for web developer documentation.
A Dark Pattern is a type of user interface that has been carefully crafted to trick users into doing things, such as buying insurance with their purchase or signing up for recurring bills.
Nice write-up on techniques for scaling up a web application.
WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols.
Flask is a microframework for Python based on Werkzeug, Jinja 2 and good intentions. And before you ask: It's BSD licensed!
Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.
Sitespeed.io is an open source tool that helps you analyze and optimize your website speed and performance based on performance best practices. It collects data from multiple pages on your website, analyze the pages using performance best practices rules and output the result as HTML-files or JUnit XML.
Mobello is high performance javascript UI framework for HTML5 mobile app
An article on the best practices to apply in order to minimize HTTP round-trip times