owasp-change / owasp-change.github.io

Related projects ⓘ

Alternatives and complementary repositories for owasp-change.github.io

• boringtools / git-alerts
  Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files
  ☆196Updated last month
• trufflesecurity / how-to-rotate
  An open-source collection of API key rotation tutorials.
  ☆58Updated 2 months ago
• vendorsec / mvsp
  Minimum Viable Secure Product mvsp.dev
  ☆183Updated this week
• Addepar / RedFlag
  RedFlag uses AI to identify high-risk code changes. Run it in batch mode for release candidate testing or in CI pipelines to flag PRs and…
  ☆140Updated last week
• boostsecurityio / lotp
  boostsecurityio/lotp
  ☆100Updated 7 months ago
• controlplaneio / truffleproc
  truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)
  ☆110Updated last year
• nccgroup / ccs
  ☆109Updated last year
• firefart / hijagger
  Checks all maintainers of all NPM and Pypi packages for hijackable packages through domain re-registration
  ☆286Updated this week
• nullenc0de / ChromeAudit
  Nuclei plugins to audit Chrome extensions
  ☆64Updated 3 months ago
• DownrightNifty / gh_hack_PoC
  ☆63Updated last year
• csdev / ezghsa
  EZGHSA is a command-line tool for summarizing and filtering vulnerability alerts on Github repositories.
  ☆35Updated 5 months ago
• jthack / hero
  a hackbot proof-of-concept
  ☆34Updated 8 months ago
• mllamazares / vulncov
  🧪 Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.
  ☆32Updated 3 weeks ago
• mllamazares / STRIDE-vs-ASVS
  🖇️ STRIDE vs. ASVS equivalence table
  ☆75Updated 2 months ago
• RefactorSecurity / vscode-security-notes
  Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝
  ☆129Updated last year
• kudelskisecurity / youshallnotpass
  YouShallNotPass brings an added level of execution security to mission-critical CI/CD Systems.
  ☆36Updated 10 months ago
• DataDog / undocumented-aws-api-hunter
  A tool to uncover undocumented APIs from the AWS Console.
  ☆80Updated last month
• mikeprivette / awesome-sec-challenges
  A curated list of Awesome Security Challenges.
  ☆173Updated this week
• chris-anley / cq
  CQ, a code security scanner
  ☆97Updated 5 months ago
• OWASP / www-project-security-champions-guidebook
  OWASP Foundation Web Respository
  ☆19Updated 2 weeks ago
• hashicorp-forge / semgrep-rules
  HashiCorp-relevant rules for the Semgrep code analysis tool
  ☆37Updated last year
• synacktiv / nord-stream
  Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …
  ☆251Updated 2 weeks ago
• boostsecurityio / poutine
  boostsecurityio/poutine
  ☆229Updated last week
• WithSecureLabs / cloud-wiki
  A public cloud security knowledgebase - https://www.secwiki.cloud/
  ☆48Updated 8 months ago
• saw-your-packet / CloudShovel
  A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where w…
  ☆82Updated last month
• nicoSWD / asvs-checklist
  OWASP Application Security Verification Standard 4.0 Checklist
  ☆31Updated 5 years ago
• DigeeX / raider
  DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raider
  ☆138Updated 3 years ago
• bullfrogsec / bullfrog
  Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows
  ☆79Updated this week
• trufflesecurity / driftwood
  Private key usage verification
  ☆406Updated 10 months ago