magoo / ato-checklistLinks
A checklist of practices for organizations dealing with account takeover (ATO)
β269Updated 8 months ago
Alternatives and similar repositories for ato-checklist
Users that are interested in ato-checklist are comparing it to the libraries listed below
Sorting:
- Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wikiβ209Updated 7 months ago
- Find cloud assets that no one wants exposed π βοΈβ346Updated 4 years ago
- Segment's Threat Modeling training for our engineersβ243Updated 4 years ago
- OWASP Domain Protect - prevent subdomain takeoverβ397Updated 6 months ago
- A simple web app that helps developers understand the ASVS requirements.β158Updated 4 months ago
- β123Updated last year
- Monitors Github for leaked secretsβ199Updated 8 months ago
- The Security Champion Framework provides both a measuring stick and a roadmap generator for Champion Programs.β108Updated last year
- A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestratβ¦β282Updated 2 weeks ago
- A step-by-step walkthrough of CloudGoat 2.0 scenarios.β134Updated 5 years ago
- Search exposed EBS volumes for secretsβ298Updated 2 years ago
- β65Updated 2 years ago
- A collection of awesome AWS S3 tools that collects and enumerates exposed S3 bucketsβ373Updated last year
- Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts.β271Updated 9 months ago
- Monitor the internet attack surface of various public cloud environments. Currently supports AWS, GCP, Azure, DigitalOcean and Oracle Cloβ¦β125Updated last year
- Ugly Duckling is a lightweight scanner built specifically for our Crowdsource community to submit proof-of-concept modulesβ189Updated 3 years ago
- ποΈ STRIDE vs. ASVS equivalence tableβ76Updated 10 months ago
- A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.β521Updated 2 years ago
- Fast and stealthy Amazon S3 bucket enumeration tool for pentesters.β250Updated last month
- These are the regexes that power truffleHogβ218Updated 2 years ago
- drHEADer helps with the audit of security headers received in response to a single request or a list of requests.β110Updated 5 months ago
- β32Updated 4 years ago
- DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raiderβ139Updated 3 years ago
- β251Updated last year
- Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).β122Updated 2 years ago
- materials we hand outβ146Updated 3 months ago
- IAMFinder enumerates and finds users and IAM roles in a target AWS account.β111Updated 4 years ago
- A Continuous Threat Modeling methodologyβ321Updated 3 years ago
- Application and Service Fingerprintingβ133Updated 2 years ago
- Some good resources for getting started with application securityβ142Updated 4 years ago