oshp / oshp-validator
Venom tests suite to validate an HTTP security response headers configuration against OSHP recommendation.
☆94Updated 2 weeks ago
Related projects: ⓘ
- A Broken Application - Very Vulnerable!☆120Updated this week
- The OWASP Secure Headers Project☆134Updated last week
- The OWASP DevSecOps Guideline explains how we can implement a secure pipeline and use best practices and introduce tools that we can use …☆58Updated 3 months ago
- A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalation☆96Updated 7 months ago
- drHEADer helps with the audit of security headers received in response to a single request or a list of requests.☆105Updated this week
- ☆118Updated 10 months ago
- Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files☆193Updated 4 months ago
- The Pixi module is a MEAN Stack web app with wildly insecure APIs!☆110Updated last year
- 🧮 An online calculator to assess the risk of web vulnerabilities based on OWASP Risk Assessment☆142Updated 3 years ago
- OWASP Code Review Guide Web Repository☆119Updated 2 years ago
- OWASP Foundation Web Respository☆18Updated 2 weeks ago
- The AWS Enumerator was created for service enumeration and info dumping for investigations of penetration testers during Black-Box testin…☆172Updated 2 years ago
- Security Auditor Utility for GraphQL APIs☆346Updated last week
- Pin designs for security related items☆36Updated 4 months ago
- ☆76Updated last week
- Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …☆242Updated last month
- OWASP Project Developer Guide - Document and Project Web pages☆75Updated this week
- Find secrets in your codebase☆115Updated 3 months ago
- A utility to (re-)import findings and language data into DefectDojo☆42Updated 6 months ago
- OWASP Foundation Web Respository☆79Updated 2 weeks ago
- Web Application Security Checklist☆114Updated 3 years ago
- 🖇️ STRIDE vs. ASVS equivalence table☆74Updated 3 weeks ago
- Docker toolbox for pentest of web based application.☆137Updated this week
- Ugly Duckling is a lightweight scanner built specifically for our Crowdsource community to submit proof-of-concept modules☆187Updated 2 years ago
- Demonstrates how a malicious dependency could negatively impact the build output.☆23Updated last year
- Tools to assess DNS security.☆146Updated 6 months ago
- The Security Champion Framework provides both a measuring stick and a roadmap generator for Champion Programs.☆102Updated 8 months ago
- Zap baseline scanner in Docker with authentication☆104Updated 4 months ago
- boostsecurityio/lotp☆97Updated 5 months ago
- GraphQL automated security testing toolkit☆296Updated 7 months ago