OWASP / www-project-devsecops-verification-standard
OWASP Foundation Web Respository
☆42Updated 4 months ago
Alternatives and similar repositories for www-project-devsecops-verification-standard:
Users that are interested in www-project-devsecops-verification-standard are comparing it to the libraries listed below
- GCP GOAT is the vulnerable application for learn the GCP Security☆63Updated last year
- A tool to keep AWS pentests and red teams efficient, organized, and stealthy.☆90Updated 10 months ago
- DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…☆88Updated last year
- Blogpost series showcasing interesting cloud - web app security bugs☆47Updated last year
- A public cloud security knowledgebase - https://www.secwiki.cloud/☆51Updated 2 months ago
- A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalation☆101Updated 11 months ago
- ☆43Updated 3 years ago
- ☆32Updated 3 weeks ago
- A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where w…☆97Updated 2 months ago
- POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF☆58Updated last year
- Protect against subdomain takeover☆93Updated 7 months ago
- Resources to learn cloud environment and pentesting the same, contains AWS, Azure, Google Cloud☆50Updated 2 years ago
- WAF bypass PoC☆45Updated last year
- ☆110Updated last year
- ☆171Updated last month
- This provides a guided step by step walkthrough for threat modeling with MITRE ATT&CK Framework☆27Updated last year
- A full insecure kubernetes application for testing security tools☆64Updated last week
- A vulnerable environment for exploring common GCP misconfigurations and vulnerabilities☆26Updated 6 months ago
- Ansible/Vagrant/Packer files to create a virtual machine with the tooling needed to perform cloud security assessments☆132Updated 2 weeks ago
- ☆38Updated 8 months ago
- This GitHub Action sends a reverse shell from a runner via Azure Storage Account blobs☆36Updated 3 months ago
- Curating Falco rules with MITRE ATT&CK Matrix☆77Updated 10 months ago
- A powerful tool that leverages AI to automatically generate comprehensive security documentation for your projects☆21Updated this week
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆60Updated last year
- boostsecurityio/lotp☆110Updated last month
- This repository hosts several snippets and file related to the BsidesLV 2024 talk about Shadow and Zombie APIs by me☆17Updated 5 months ago
- Contains all my research and content produced regarding the log4shell vulnerability☆31Updated 2 years ago
- LLM Testing Findings Templates☆66Updated 11 months ago
- The OWASP DevSecOps Guideline explains how we can implement a secure pipeline and use best practices and introduce tools that we can use …☆62Updated 7 months ago
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.☆39Updated last year