magoo / ato-checklistLinks
A checklist of practices for organizations dealing with account takeover (ATO)
☆276Updated last year
Alternatives and similar repositories for ato-checklist
Users that are interested in ato-checklist are comparing it to the libraries listed below
Sorting:
- ☆124Updated 2 years ago
- Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki☆212Updated last year
- OWASP Domain Protect - prevent subdomain takeover☆398Updated 11 months ago
- drHEADer helps with the audit of security headers received in response to a single request or a list of requests.☆112Updated 11 months ago
- A simple web app that helps developers understand the ASVS requirements. Now supporting ASVS 5.0☆164Updated 2 weeks ago
- ☆69Updated 4 months ago
- 🖇️ equivalence table between OWASP ASVS standard and STRIDE threat modeling methodology.☆75Updated last year
- Segment's Threat Modeling training for our engineers☆245Updated 4 years ago
- Find cloud assets that no one wants exposed 🔎 ☁️☆350Updated 5 years ago
- A step-by-step walkthrough of CloudGoat 2.0 scenarios.☆134Updated 5 years ago
- The Security Champion Framework provides both a measuring stick and a roadmap generator for Champion Programs.☆111Updated last year
- Monitors Github for leaked secrets☆203Updated last year
- Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts.☆278Updated last year
- materials we hand out☆148Updated 4 months ago
- This is an offensive guide to securing AWS infrastructures. The hope is that by knowing how to take advantage of various types of AWS wea…☆174Updated 6 years ago
- An open source intelligence tool to crawl the graph of certificate Alternate Names☆360Updated 3 months ago
- Search exposed EBS volumes for secrets☆302Updated 2 years ago
- Presentations, training modules, and other education materials from Duo Security's Application Security team.☆77Updated 4 years ago
- Monitor the internet attack surface of various public cloud environments. Currently supports AWS, GCP, Azure, DigitalOcean and Oracle Clo…☆128Updated 3 weeks ago
- These are the regexes that power truffleHog☆222Updated 3 years ago
- Fast and stealthy Amazon S3 bucket enumeration tool for pentesters.☆260Updated 4 months ago
- IAMFinder enumerates and finds users and IAM roles in a target AWS account.☆111Updated 5 years ago
- A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestrat…☆279Updated last week
- FestIn - Open S3 Bucket Scanner☆232Updated 5 years ago
- Cloud-related research releases from the Rhino Security Labs team.☆392Updated 5 years ago
- A small tool to help developers understand a huge set of security requirements from appsec teams☆47Updated 3 years ago
- Scans Slack for API tokens, credentials, passwords, and more using YARA rules☆40Updated 4 years ago
- Ugly Duckling is a lightweight scanner built specifically for our Crowdsource community to submit proof-of-concept modules☆188Updated 4 years ago
- A community contributed consolidated list of InfoSec meetups in the Asia Pacific region.☆178Updated 4 months ago
- A tool for identifying misconfigured CloudFront domains☆362Updated 5 years ago