OWASP / www-project-devsecops-verification-standard
OWASP Foundation Web Respository
☆37Updated 2 months ago
Related projects ⓘ
Alternatives and complementary repositories for www-project-devsecops-verification-standard
- GCP GOAT is the vulnerable application for learn the GCP Security☆62Updated last year
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. …☆55Updated 4 months ago
- This provides a guided step by step walkthrough for threat modeling with MITRE ATT&CK Framework☆26Updated last year
- InfoSec OpenAI Examples☆19Updated 11 months ago
- A tool to keep AWS pentests and red teams efficient, organized, and stealthy.☆89Updated 8 months ago
- Blogpost series showcasing interesting cloud - web app security bugs☆46Updated last year
- DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…☆84Updated 10 months ago
- WAF bypass PoC☆43Updated last year
- A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where w…☆87Updated last week
- A public cloud security knowledgebase - https://www.secwiki.cloud/☆49Updated last week
- 🖇️ STRIDE vs. ASVS equivalence table☆75Updated 2 months ago
- ☆37Updated 7 months ago
- The OWASP DevSecOps Guideline explains how we can implement a secure pipeline and use best practices and introduce tools that we can use …☆61Updated 5 months ago
- Nextdoor's Cloud Security Posture Management (CSPM) Evaluation Matrix☆58Updated last year
- Enriching the NVD CVSS scores to include Temporal & Threat Metrics☆61Updated this week
- boostsecurityio/lotp☆101Updated 7 months ago
- Cloud Offensive Breach and Risk Assessment (COBRA) Tool☆76Updated this week
- Ansible/Vagrant/Packer files to create a virtual machine with the tooling needed to perform cloud security assessments☆104Updated 2 months ago
- Resources to learn cloud environment and pentesting the same, contains AWS, Azure, Google Cloud��☆50Updated 2 years ago
- A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalation☆100Updated 9 months ago
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.☆62Updated 6 months ago
- A Risk-Based Prioritization Taxonomy for prioritizing CVEs (Common Vulnerabilities and Exposures).☆67Updated 6 months ago
- A tool to uncover undocumented APIs from the AWS Console.☆83Updated 2 months ago
- ☆31Updated last week
- This GitHub Action sends a reverse shell from a runner via Azure Storage Account blobs☆36Updated last month
- A full insecure kubernetes application for testing security tools☆54Updated this week
- 📚A curated list of product security resources.☆18Updated 2 years ago
- ☆152Updated 2 months ago
- GHAST (GitHub Actions Static Analysis Tool) is a tool to analyze the security posture of your GitHub Actions and its surrounding environm…☆17Updated last year
- HASH (HTTP Agnostic Software Honeypot)☆128Updated 6 months ago