microsoft / rest-api-fuzz-testingLinks
REST API Fuzz Testing (RAFT): Source code for self-hosted service developed for Azure, including the API, orchestration engine, and default set of security tools (including MSR's RESTler), that enables developers to embed security tooling into their CI/CD workflows
☆264Updated 3 years ago
Alternatives and similar repositories for rest-api-fuzz-testing
Users that are interested in rest-api-fuzz-testing are comparing it to the libraries listed below
Sorting:
- A pytest-inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos enginee…☆227Updated last year
- The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebas…☆153Updated last year
- Collection of tools for analyzing open source packages.☆349Updated last month
- SARIF Microsoft Visual Studio Code extension☆122Updated 2 months ago
- ClusterFuzzLite - Simple continuous fuzzing that runs in CI.☆504Updated 10 months ago
- User-friendly documentation for the SARIF file format.☆328Updated last year
- The DevSecOps toolset for REST APIs☆276Updated 2 years ago
- Software Component Verification Standard (SCVS)☆150Updated 6 months ago
- Prepackaged and precompiled github codeql container for rapid analysis, deployment and development.☆119Updated last year
- Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure D…☆149Updated 5 years ago
- threatspec - continuous threat modeling, through code☆368Updated 4 years ago
- Microsoft Threat Modeling Template files☆195Updated 2 years ago
- Java Observability Toolkit☆62Updated last year
- DevSkim is a set of IDE plugins, language analyzers, and rules that provide security "linting" capabilities.☆962Updated last month
- A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositorie…☆372Updated last week
- Security scanning & static analysis tool☆94Updated last year
- OpenSSF Security Tooling Working Group☆318Updated 3 months ago
- A React-based component for viewing SARIF files.☆98Updated 11 months ago
- Fuzz test your application using your OpenAPI or Swagger API definition without coding☆459Updated 7 months ago
- OWASP IoT Security Verification Standard (ISVS)☆145Updated 3 weeks ago
- Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link …☆164Updated last year
- ☆252Updated 4 years ago
- OpenAPI 2.0 (Swagger) fuzzer written in python. Basically TnT for your API.☆111Updated 2 years ago
- OWASP Cloud Security - Enabling conversations through threat and control stories☆182Updated 6 years ago
- Externalize Java application access to protected resources as log messages.☆43Updated this week
- A cross-platform browser fuzzing framework☆313Updated 2 weeks ago
- Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell vulnerabilities without scanning …☆43Updated 2 weeks ago
- .NET code and supporting files for working with the 'Static Analysis Results Interchange Format' (SARIF, see https://github.com/oasis-tcs…☆207Updated 2 weeks ago
- Original workshops and staging area for new ones☆16Updated 3 months ago
- Finding potential software vulnerabilities from git commit messages☆417Updated 2 years ago