oshp / oshp-validator
Venom tests suite to validate an HTTP security response headers configuration against OSHP recommendation.
☆113Updated last month
Alternatives and similar repositories for oshp-validator:
Users that are interested in oshp-validator are comparing it to the libraries listed below
- The OWASP Secure Headers Project☆151Updated this week
- boostsecurityio/lotp☆114Updated this week
- OWASP Foundation Web Respository☆19Updated this week
- A Broken Application - Very Vulnerable!☆148Updated this week
- Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files☆215Updated this week
- An open-source collection of API key rotation tutorials.☆65Updated 3 months ago
- Websec interview questions by tib3rius answered☆306Updated last year
- truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)☆114Updated last year
- ☆122Updated last year
- A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Sec…☆284Updated 11 months ago
- A tool to quickly do keyword searches over Gitlab and Github for OSINT & bug bounty recon☆234Updated last year
- OWASP Project Developer Guide - Document and Project Web pages☆108Updated this week
- Docker toolbox for pentest of web based application.☆146Updated this week
- OWASP Raider: a novel framework for manipulating the HTTP processes of persistent sessions☆104Updated last year
- A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.☆305Updated last week
- 🧮 An online calculator to assess the risk of web vulnerabilities based on OWASP Risk Assessment☆156Updated 3 years ago
- Tools to assess DNS security.☆152Updated last year
- ☆98Updated last week
- openrisk is a tool that generates a risk score based on the results of a Nuclei scan.☆167Updated last month
- Protect against subdomain takeover☆93Updated 9 months ago
- Security Auditor Utility for GraphQL APIs☆432Updated 3 weeks ago
- A tool to scrape the AWS ranges looking for a keyword in SSL certificate data.☆230Updated last year
- boostsecurityio/poutine☆258Updated 2 weeks ago
- The Pixi module is a MEAN Stack web app with wildly insecure APIs!☆122Updated 2 years ago
- Core model including reused documentation☆95Updated last week
- ☆110Updated last year
- The Security Champion Framework provides both a measuring stick and a roadmap generator for Champion Programs.☆107Updated last year
- Burp Suite extension that offers a toolkit for testing GraphQL endpoints.☆191Updated 7 months ago
- Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …☆272Updated last month
- BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for c…☆405Updated last month