magoo / ato-checklist
A checklist of practices for organizations dealing with account takeover (ATO)
☆263Updated last month
Related projects ⓘ
Alternatives and complementary repositories for ato-checklist
- Segment's Threat Modeling training for our engineers☆238Updated 3 years ago
- OWASP Domain Protect - prevent subdomain takeover☆397Updated last month
- ☆121Updated last year
- Unauthenticated enumeration of AWS, Azure, and GCP Principals☆203Updated last week
- S3 Account Search☆246Updated last month
- Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki☆203Updated 3 weeks ago
- 🖇️ STRIDE vs. ASVS equivalence table☆75Updated 2 months ago
- Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts.☆265Updated 2 months ago
- Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).☆122Updated last year
- Find cloud assets that no one wants exposed 🔎 ☁️☆332Updated 4 years ago
- The Security Champion Framework provides both a measuring stick and a roadmap generator for Champion Programs.☆104Updated 10 months ago
- FestIn - Open S3 Bucket Scanner☆230Updated 3 years ago
- An open source intelligence tool to crawl the graph of certificate Alternate Names☆344Updated 9 months ago
- External monitoring for organization assets☆372Updated 5 months ago
- This is a companion to the Security Engineer Questions☆200Updated 11 months ago
- These are the regexes that power truffleHog☆211Updated last year
- Ugly Duckling is a lightweight scanner built specifically for our Crowdsource community to submit proof-of-concept modules☆188Updated 3 years ago
- Automated Attack Simulation in the Cloud, complete with detection use cases.☆499Updated this week
- Open Cloud Security Posture Management Engine☆335Updated 2 years ago
- ☆233Updated 4 months ago
- Monitor the internet attack surface of various public cloud environments. Currently supports AWS, GCP, Azure, DigitalOcean and Oracle Clo…☆120Updated 7 months ago
- materials we hand out☆138Updated last month
- A Broken Application - Very Vulnerable!☆131Updated last week
- Dorothy is a tool to test security monitoring and detection for Okta environments☆175Updated 3 months ago
- A step-by-step walkthrough of CloudGoat 2.0 scenarios.☆133Updated 4 years ago
- Recon tool for cloud provider attribution. Supports AWS, Azure, Google, Cloudflare, and Digital Ocean.☆159Updated 3 weeks ago
- Cloud-related research releases from the Rhino Security Labs team.☆356Updated 4 years ago
- A collection of awesome AWS S3 tools that collects and enumerates exposed S3 buckets☆307Updated 5 months ago
- IAMFinder enumerates and finds users and IAM roles in a target AWS account.☆109Updated 4 years ago
- A simple web app that helps developers understand the ASVS requirements.☆154Updated 8 months ago