OWASP / www-project-devsecops-verification-standard
OWASP Foundation Web Respository
☆44Updated 6 months ago
Alternatives and similar repositories for www-project-devsecops-verification-standard:
Users that are interested in www-project-devsecops-verification-standard are comparing it to the libraries listed below
- GCP GOAT is the vulnerable application for learn the GCP Security☆64Updated last year
- A Risk-Based Prioritization Taxonomy for prioritizing CVEs (Common Vulnerabilities and Exposures).☆73Updated 10 months ago
- Ansible/Vagrant/Packer files to create a virtual machine with the tooling needed to perform cloud security assessments☆138Updated 2 months ago
- A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where w…☆104Updated 4 months ago
- Public repository of all things cloud security.☆41Updated 6 months ago
- A tool to keep AWS pentests and red teams efficient, organized, and stealthy.☆90Updated last year
- DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…☆91Updated last year
- An experimental project using LLM technology to generate security documentation for Open Source Software (OSS) projects☆26Updated 3 weeks ago
- Offensive Kubernetes Threat Matrix -- kubenomicon.com☆38Updated 2 months ago
- This provides a guided step by step walkthrough for threat modeling with MITRE ATT&CK Framework☆27Updated last month
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. …☆61Updated 9 months ago
- CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.☆31Updated 3 years ago
- The OWASP DevSecOps Guideline explains how we can implement a secure pipeline and use best practices and introduce tools that we can use …☆66Updated 9 months ago
- boostsecurityio/lotp☆116Updated 2 weeks ago
- ☆41Updated last month
- IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.☆101Updated last year
- 🖇️ STRIDE vs. ASVS equivalence table☆76Updated 7 months ago
- MetaHub is an automated contextual security findings enrichment and impact evaluation tool for vulnerability management.☆168Updated last week
- InfoSec OpenAI Examples☆19Updated last year
- A public cloud security knowledgebase - https://www.secwiki.cloud/☆51Updated 4 months ago
- Blogpost series showcasing interesting cloud - web app security bugs☆47Updated last year
- A full insecure kubernetes application for testing security tools☆70Updated this week
- A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalation☆103Updated last year
- ☆110Updated last year
- ☆175Updated 4 months ago
- RansomWhen is a tool to enumerate identities that can lock S3 Buckets using KMS, resulting in ransomwares, as well as detect occurances o…☆41Updated last month
- Cloud Offensive Breach and Risk Assessment (COBRA) Tool☆88Updated last month
- Scans your Github Actions for security issues☆62Updated last month
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆61Updated last year
- ☆134Updated last year