BBVA / susto

Related projects: ⓘ

• secmerc / materialize-threats
  ☆60Updated last year
• mario-platt / ASVS-Agile-Delivery-Guide
  ☆36Updated 3 years ago
• mllamazares / STRIDE-vs-ASVS
  🖇️ STRIDE vs. ASVS equivalence table
  ☆74Updated 3 weeks ago
• oracuk / oisru
  Repository for the Open Information Security Risk Universe
  ☆63Updated 2 years ago
• Threat-Modeling-Manifesto / threat-modeling-manifesto
  Threat Modeling Manifesto
  ☆24Updated 2 months ago
• piercing-index / cloud-vulnerabilities
  ☆35Updated 5 months ago
• iriusrisk / OpenThreatModel
  The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.
  ☆165Updated 7 months ago
• rusakovichma / TicTaaC
  Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. …
  ☆54Updated 2 months ago
• we45 / orchestron-community
  Orchestron is an Application Vulnerability Management and Correlation Tool.Orchestron helps you solve one key problem "Find and fix vulne…
  ☆31Updated last year
• OpenSecuritySummit / project-ASVS-User-Stories
  ☆18Updated 2 years ago
• Deploying-Securely / DSRAM
  ☆16Updated last year
• Whitespots-OU / security-requirements-generator
  A small tool to help developers understand a huge set of security requirements from appsec teams
  ☆39Updated 2 years ago
• Toreon / threat-model-playbook
  ☆78Updated 3 years ago
• edgeroute / security-champion-framework
  The Security Champion Framework provides both a measuring stick and a roadmap generator for Champion Programs.
  ☆102Updated 8 months ago
• disruptops / IncidentResponseGenerator
  Updated incident response generator for training classes
  ☆41Updated 3 years ago
• OWASP / threat-modeling-playbook
  ☆28Updated 2 years ago
• kempy007 / VulManAgg
  Docs: Vulnerability management aggregation of AppSec & OpSec (Tools Listing)
  ☆30Updated last year
• kbroughton / azure_cis_scanner
  Security Scanner based on CIS benchmark 1.1 inspired by Scout2
  ☆52Updated last year
• jdyke / gcp-iam-analyzer
  Compares and analyzes GCP IAM roles.
  ☆76Updated 3 months ago
• cheerscyber / materials
  Materials used by Product Management and Product Marketing
  ☆12Updated 6 years ago
• devsecops / raindance
  Project intended to make Attack Maps part of software development by reducing the time it takes to complete them.
  ☆46Updated 7 years ago
• zmallen / cloudtrail2sightings
  Convert cloudtrail data to MITRE ATT&CK Sightings
  ☆77Updated 2 years ago
• semgrep-old / rules-owasp-asvs
  Semgrep rules corresponding to the OWASP ASVS standard
  ☆27Updated 3 years ago
• DevSlop / pixi-crs
  CI Pipeline with Pixi, the WAF OWASP Core Rule Set and TestCafe tests.
  ☆15Updated 3 years ago
• JupiterOne / secops-automation-examples
  Examples on how to maintain security/compliance as code and to automate SecOps using the JupiterOne platform.
  ☆53Updated 8 months ago
• appsecco / owasp-threat-dragon-gitlab
  OWASP Threat Dragon with Gitlab Integration
  ☆24Updated 6 years ago
• tenable / KaiMonkey
  KaiMonkey provides vulnerable infrastructure as code (IaC) to help explore and understand common cloud security threats exposed via IaC.
  ☆93Updated 9 months ago
• bridgecrewio / kustomizegoat
  Vulnerable Kustomize Kubernetes templates for training and education
  ☆47Updated 2 years ago
• duo-labs / appsec-education
  Presentations, training modules, and other education materials from Duo Security's Application Security team.
  ☆69Updated 3 years ago
• MrSecure / review-security-groups
  A small set of scripts to summarize AWS Security Groups, and generate visualizations of the rules.
  ☆61Updated 4 years ago