OWASP / wrongsecrets
Vulnerable app with examples showing how to not use secrets
☆1,235Updated this week
Related projects ⓘ
Alternatives and complementary repositories for wrongsecrets
- A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.☆1,950Updated 4 months ago
- Vulnerable REST API with OWASP top 10 vulnerabilities for security testing☆928Updated 3 months ago
- A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Sec…☆274Updated 7 months ago
- completely ridiculous API (crAPI)☆1,119Updated this week
- ☆400Updated last year
- Create your own vulnerable by design AWS penetration testing playground☆331Updated 5 months ago
- The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.☆848Updated 4 months ago
- Awesome secure by default libraries to help you eliminate bug classes!☆669Updated 3 weeks ago
- OWASP Foundation Web Respository☆566Updated 9 months ago
- An open source threat modeling tool from OWASP☆933Updated last week
- ☆494Updated this week
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆775Updated last week
- OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for …☆1,019Updated this week
- GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment☆443Updated last month
- Collection of Threat Models☆383Updated 2 years ago
- Awesome free cloud native security learning labs. Includes CTF, self-hosted workshops, guided vulnerability labs, and research labs.☆1,433Updated 2 weeks ago
- Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.☆489Updated 3 weeks ago
- Security Champions Playbook v 2.1☆350Updated last year
- Automating situational awareness for cloud penetration tests.☆1,955Updated last month
- Checklist for container security - devsecops practices☆1,525Updated last year
- My cheatsheet notes to pentest AWS infrastructure☆656Updated 2 years ago
- A curated list of awesome CI CD security resources☆524Updated 2 weeks ago
- vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.☆1,178Updated last year
- AzureGoat : A Damn Vulnerable Azure Infrastructure☆787Updated 3 weeks ago
- ☆581Updated this week
- A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for …☆1,407Updated 3 months ago
- Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.☆1,046Updated 9 months ago
- GitHub Actions Pipeline Enumeration and Attack Tool☆570Updated 3 months ago
- Threat matrix for CI/CD Pipeline☆739Updated 4 months ago
- CI/CD Security Analyzer☆625Updated last month