magoo / ato-checklist
A checklist of practices for organizations dealing with account takeover (ATO)
☆263Updated last month
Related projects ⓘ
Alternatives and complementary repositories for ato-checklist
- Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki☆203Updated last week
- ☆121Updated last year
- Segment's Threat Modeling training for our engineers☆238Updated 3 years ago
- OWASP Domain Protect - prevent subdomain takeover☆397Updated last month
- Find cloud assets that no one wants exposed 🔎 ☁️☆332Updated 4 years ago
- 🖇️ STRIDE vs. ASVS equivalence table☆75Updated 2 months ago
- Ugly Duckling is a lightweight scanner built specifically for our Crowdsource community to submit proof-of-concept modules☆188Updated 3 years ago
- A community contributed consolidated list of InfoSec meetups in the Asia Pacific region.☆158Updated this week
- drHEADer helps with the audit of security headers received in response to a single request or a list of requests.☆105Updated 2 weeks ago
- These are the regexes that power truffleHog☆211Updated last year
- ☆61Updated last year
- materials we hand out☆138Updated last month
- The Security Champion Framework provides both a measuring stick and a roadmap generator for Champion Programs.☆104Updated 9 months ago
- ☆33Updated 3 years ago
- This is a companion to the Security Engineer Questions☆200Updated 11 months ago
- A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.☆482Updated last year
- S3 Account Search☆245Updated 3 weeks ago
- Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts.☆265Updated last month
- External monitoring for organization assets☆372Updated 5 months ago
- A step-by-step walkthrough of CloudGoat 2.0 scenarios.☆133Updated 4 years ago
- ☆231Updated 4 months ago
- DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raider☆138Updated 3 years ago
- Slack enumeration and exposed secrets detection tool☆366Updated last week
- A simple web app that helps developers understand the ASVS requirements.☆154Updated 8 months ago
- Dorothy is a tool to test security monitoring and detection for Okta environments☆175Updated 3 months ago
- Fast and stealthy Amazon S3 bucket enumeration tool for pentesters.☆227Updated this week
- Monitors Github for leaked secrets☆189Updated 2 weeks ago
- Open source security career ladders☆114Updated last year
- 🧮 An online calculator to assess the risk of web vulnerabilities based on OWASP Risk Assessment☆148Updated 3 years ago
- A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestrat…☆274Updated 2 weeks ago