This repository will teach you have to do my talk "Pushing Left, Like a Boss".
☆71Jan 1, 2022Updated 4 years ago
Alternatives and similar repositories for TTT-Pushing-Left
Users that are interested in TTT-Pushing-Left are comparing it to the libraries listed below
Sorting:
- A Continuous Threat Modeling methodology☆324Jun 24, 2022Updated 3 years ago
- ☆21Sep 25, 2018Updated 7 years ago
- A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestrat…☆280Feb 17, 2026Updated last week
- AppSecPipeline Specification for DevOps automation.☆40Dec 8, 2022Updated 3 years ago
- ☆22Jan 6, 2022Updated 4 years ago
- This repository stores content that can be used to design a Rapid Threat Model Prototyping process for a software development group.☆165Mar 14, 2023Updated 2 years ago
- Terraform module which provides easy to configure AWS environment for running automated security scanning solutions at scheduled interval…☆46Jan 29, 2019Updated 7 years ago
- Demos for several kubernetes security features☆64Jan 9, 2025Updated last year
- Kantega Web Application Security Hero Challenge☆19Dec 3, 2020Updated 5 years ago
- Repo to hold the markdown-ified metadata on AppSec tools that are automation-friendly☆12Jun 13, 2016Updated 9 years ago
- Security Cloud Assessment Tool☆11Jun 28, 2020Updated 5 years ago
- Pragmatic Network Security for Cloud and Hybrid Networks☆10Nov 24, 2015Updated 10 years ago
- A repository for wardley maps related to security topics.☆46Feb 15, 2017Updated 9 years ago
- Ossec cookbook for Chef, with secure & automated key management☆21Jun 13, 2013Updated 12 years ago
- Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayBackend pro…☆17Sep 26, 2024Updated last year
- ☆14Mar 5, 2021Updated 4 years ago
- Introduction to Reverse Engineering Training☆11Apr 22, 2015Updated 10 years ago
- ☆27Feb 19, 2026Updated last week
- Privacy Cards for Software Developers☆54May 17, 2019Updated 6 years ago
- Open Threat Modeling Template☆52Jul 10, 2024Updated last year
- Proof-of-Concept python script that implements DNS spoofing attack in Kubernetes environment from a pod located on a Worker server☆15Feb 4, 2021Updated 5 years ago
- Spring-Boot app for demonstrating security vulnaribilities☆13Aug 21, 2019Updated 6 years ago
- Security Payload Unit Test Repository (SPUTR)☆87Feb 18, 2026Updated last week
- The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters☆66Apr 11, 2023Updated 2 years ago
- IDA Pro plugin that rename functions on load, based on functionality☆19Mar 9, 2018Updated 7 years ago
- This is a working copy of the OWASP Project Handbook and is the draft where changes are made before publishing a final version on the OWA…☆18Feb 22, 2017Updated 9 years ago
- A simple python script which can check HTTP status of branch of URLs/Subdomains and grab URLs/Subdomain title☆12Oct 16, 2019Updated 6 years ago
- A collection of scripts to interact with Veracode's API☆16Jul 18, 2019Updated 6 years ago
- SAMM stands for Software Assurance Maturity Model.☆398May 17, 2022Updated 3 years ago
- ☆14Jun 28, 2017Updated 8 years ago
- OWASP Findings Format☆19Mar 4, 2021Updated 4 years ago
- Hands-on workshop on how to build security automation in pipelines☆37Apr 22, 2024Updated last year
- A framework for understanding the capabilities of automated detection methods at identifying classes of application security vulnerabilit…☆33Feb 13, 2026Updated 2 weeks ago
- code reviews to practice☆18Jul 22, 2021Updated 4 years ago
- Proof-of-Concept scripts for various issues.☆14Jan 23, 2017Updated 9 years ago
- Demonstrate how to use a padding oracle to break AES-CBC encrypted ciphertext (as seen on poodle).☆17Nov 20, 2014Updated 11 years ago
- ☆69Jul 18, 2025Updated 7 months ago
- Segment's Threat Modeling training for our engineers☆245May 4, 2021Updated 4 years ago
- ☆18Sep 13, 2021Updated 4 years ago