BBVA / susto
Systematic Universal Security Testing Orchestration
☆37Updated 2 years ago
Related projects: ⓘ
- ☆60Updated last year
- ☆36Updated 3 years ago
- 🖇️ STRIDE vs. ASVS equivalence table☆74Updated 3 weeks ago
- Repository for the Open Information Security Risk Universe☆63Updated 2 years ago
- Threat Modeling Manifesto☆24Updated 2 months ago
- ☆35Updated 5 months ago
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆165Updated 7 months ago
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. …☆54Updated 2 months ago
- Orchestron is an Application Vulnerability Management and Correlation Tool.Orchestron helps you solve one key problem "Find and fix vulne…☆31Updated last year
- ☆18Updated 2 years ago
- ☆16Updated last year
- A small tool to help developers understand a huge set of security requirements from appsec teams☆39Updated 2 years ago
- ☆78Updated 3 years ago
- The Security Champion Framework provides both a measuring stick and a roadmap generator for Champion Programs.☆102Updated 8 months ago
- Updated incident response generator for training classes☆41Updated 3 years ago
- ☆28Updated 2 years ago
- Docs: Vulnerability management aggregation of AppSec & OpSec (Tools Listing)☆30Updated last year
- Security Scanner based on CIS benchmark 1.1 inspired by Scout2☆52Updated last year
- Compares and analyzes GCP IAM roles.☆76Updated 3 months ago
- Materials used by Product Management and Product Marketing☆12Updated 6 years ago
- Project intended to make Attack Maps part of software development by reducing the time it takes to complete them.☆46Updated 7 years ago
- Convert cloudtrail data to MITRE ATT&CK Sightings☆77Updated 2 years ago
- Semgrep rules corresponding to the OWASP ASVS standard☆27Updated 3 years ago
- CI Pipeline with Pixi, the WAF OWASP Core Rule Set and TestCafe tests.☆15Updated 3 years ago
- Examples on how to maintain security/compliance as code and to automate SecOps using the JupiterOne platform.☆53Updated 8 months ago
- OWASP Threat Dragon with Gitlab Integration☆24Updated 6 years ago
- KaiMonkey provides vulnerable infrastructure as code (IaC) to help explore and understand common cloud security threats exposed via IaC.☆93Updated 9 months ago
- Vulnerable Kustomize Kubernetes templates for training and education☆47Updated 2 years ago
- Presentations, training modules, and other education materials from Duo Security's Application Security team.☆69Updated 3 years ago
- A small set of scripts to summarize AWS Security Groups, and generate visualizations of the rules.☆61Updated 4 years ago