magoo / ato-checklistLinks
A checklist of practices for organizations dealing with account takeover (ATO)
β276Updated last year
Alternatives and similar repositories for ato-checklist
Users that are interested in ato-checklist are comparing it to the libraries listed below
Sorting:
- β124Updated 2 years ago
- Find cloud assets that no one wants exposed π βοΈβ350Updated 5 years ago
- Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wikiβ212Updated last year
- ποΈ equivalence table between OWASP ASVS standard and STRIDE threat modeling methodology.β76Updated last year
- Segment's Threat Modeling training for our engineersβ245Updated 4 years ago
- OWASP Domain Protect - prevent subdomain takeoverβ397Updated last year
- β69Updated 6 months ago
- A simple web app that helps developers understand the ASVS requirements. Now supporting ASVS 5.0β163Updated 2 months ago
- An open source intelligence tool to crawl the graph of certificate Alternate Namesβ365Updated 5 months ago
- The Security Champion Framework provides both a measuring stick and a roadmap generator for Champion Programs.β110Updated 2 years ago
- drHEADer helps with the audit of security headers received in response to a single request or a list of requests.β112Updated last year
- A step-by-step walkthrough of CloudGoat 2.0 scenarios.β134Updated 5 years ago
- Monitor the internet attack surface of various public cloud environments. Currently supports AWS, GCP, Azure, DigitalOcean and Oracle Cloβ¦β130Updated 2 months ago
- materials we hand outβ146Updated 6 months ago
- Search exposed EBS volumes for secretsβ302Updated 2 years ago
- Scans Slack for API tokens, credentials, passwords, and more using YARA rulesβ40Updated 4 years ago
- This is an offensive guide to securing AWS infrastructures. The hope is that by knowing how to take advantage of various types of AWS weaβ¦β174Updated 6 years ago
- Monitors Github for leaked secretsβ205Updated last year
- Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts.β278Updated last year
- A Continuous Threat Modeling methodologyβ325Updated 3 years ago
- Presentations, training modules, and other education materials from Duo Security's Application Security team.β76Updated 4 years ago
- A community contributed consolidated list of InfoSec meetups in the Asia Pacific region.β184Updated 5 months ago
- Ugly Duckling is a lightweight scanner built specifically for our Crowdsource community to submit proof-of-concept modulesβ187Updated 4 years ago
- A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestratβ¦β280Updated this week
- FestIn - Open S3 Bucket Scannerβ232Updated 5 years ago
- Fast and stealthy Amazon S3 bucket enumeration tool for pentesters.β262Updated this week
- These are the regexes that power truffleHogβ225Updated 3 years ago
- Cloud-related research releases from the Rhino Security Labs team.β390Updated 5 years ago
- A small tool to help developers understand a huge set of security requirements from appsec teamsβ47Updated 3 years ago
- IAMFinder enumerates and finds users and IAM roles in a target AWS account.β111Updated 5 years ago