BBVA / apicheck

Related projects: ⓘ

• RhinoSecurityLabs / Swagger-EZ
  A tool geared towards pentesting APIs using OpenAPI definitions.
  ☆167Updated last year
• Santandersecurityresearch / asvs
  A simple web app that helps developers understand the ASVS requirements.
  ☆153Updated 6 months ago
• NetsOSS / headless-burp
  Automate security tests using Burp Suite.
  ☆222Updated 3 months ago
• koenrh / s3enum
  Fast and stealthy Amazon S3 bucket enumeration tool for pentesters.
  ☆215Updated 3 months ago
• RhinoSecurityLabs / Cloud-Security-Research
  Cloud-related research releases from the Rhino Security Labs team.
  ☆350Updated 4 years ago
• doyensec / burpdeveltraining
  Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"
  ☆344Updated 3 years ago
• PaperMtn / gitlab-watchman
  Finding exposed secrets and personal data in GitLab
  ☆195Updated last year
• BlazingWind / OWASP-ASVS-4.0-testing-guide
  ☆118Updated 10 months ago
• softwaresecured / secure-code-review-checklist
  A starter secure code review checklist
  ☆175Updated 5 years ago
• softrams / bulwark
  An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
  ☆180Updated this week
• OWASP / Container-Security-Verification-Standard
  Container Security Verification Standard
  ☆57Updated 5 years ago
• projectdiscovery / pd-actions
  ☆207Updated this week
• Plazmaz / leaky-repo
  Benchmarking repo for secrets scanning
  ☆229Updated last month
• BishopFox / smogcloud
  Find cloud assets that no one wants exposed 🔎 ☁️
  ☆330Updated 4 years ago
• DigeeX / raider
  DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raider
  ☆138Updated 3 years ago
• secdec / attack-surface-detector-burp
  The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters
  ☆95Updated 9 months ago
• dogangcr / vulnerable-sso
  vulnerable single sign on
  ☆144Updated last month
• we45 / ThreatPlaybook
  A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestrat…
  ☆271Updated last week
• 0xSearches / sandcastle
  🏰 A Python script for AWS S3 bucket enumeration.
  ☆137Updated last year
• detectify / ugly-duckling
  Ugly Duckling is a lightweight scanner built specifically for our Crowdsource community to submit proof-of-concept modules
  ☆187Updated 2 years ago
• AppThreat / sast-scan
  Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure D…
  ☆145Updated 4 years ago
• VirtueSecurity / aws-extender
  AWS Extender (Cloud Storage Tester) is a Burp plugin to assess permissions of cloud storage containers on AWS, Google Cloud and Azure.
  ☆240Updated 2 years ago
• BBVA / patton
  The clever vulnerability dependency finder
  ☆96Updated 2 years ago
• Santandersecurityresearch / DrHeader
  drHEADer helps with the audit of security headers received in response to a single request or a list of requests.
  ☆105Updated this week
• owasp-cloud-security / owasp-cloud-security
  OWASP Cloud Security - Enabling conversations through threat and control stories
  ☆175Updated 5 years ago
• appsecco / attacking-cloudgoat2
  A step-by-step walkthrough of CloudGoat 2.0 scenarios.
  ☆132Updated 4 years ago
• 0x4D31 / burpa
  Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Applica…
  ☆480Updated 6 years ago
• imperva / automatic-api-attack-tool
  Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an outp…
  ☆451Updated last year
• appsecco / dvja
  Damn Vulnerable Java (EE) Application
  ☆129Updated 7 months ago
• DevSlop / Pixi
  The Pixi module is a MEAN Stack web app with wildly insecure APIs!
  ☆110Updated last year