appsec-education by duo-labs

Presentations, training modules, and other education materials from Duo Security's Application Security team.

updated at Nov. 29, 2023, 5:43 p.m.

9 +0

67 +0

14 +0

chef-vault by chef

Securely manage passwords, certs, and other secrets in Chef

updated at Dec. 23, 2023, 3:02 p.m.

52 +0

407 +0

161 +0

samm by OWASP

SAMM stands for Software Assurance Maturity Model.

updated at Jan. 9, 2024, 4:24 p.m.

65 +0

395 +0

134 +0

raindance by devsecops

Project intended to make Attack Maps part of software development by reducing the time it takes to complete them.

updated at Feb. 27, 2024, 10:40 p.m.

14 +0

43 +0

22 +0

scanner-cli by hawkeyesec

A project security/vulnerability/risk scanning tool

updated at March 31, 2024, 2:19 p.m.

19 +0

359 +0

89 +0

progpilot by designsecurity

A static analysis tool for security

updated at April 9, 2024, 3:44 a.m.

15 +0

312 +0

63 +0

gauntlt by gauntlt

a ruggedization framework that embodies the principle "be mean to your code"

updated at April 10, 2024, 2:33 a.m.

77 +0

972 +0

190 +0

keyscope by SpectralOps

Keyscope is a key and secret workflow (validation, invalidation, etc.) tool built in Rust

updated at April 13, 2024, 10:31 a.m.

17 +0

376 +0

119 +0

cfngoat by bridgecrewio

Cfngoat is Bridgecrew's "Vulnerable by Design" Cloudformation repository. Cfngoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

updated at April 21, 2024, 4:20 p.m.

10 +0

90 +0

614 +0

ssllabs-scan by ssllabs

A command-line reference-implementation client for SSL Labs APIs, designed for automated and/or bulk testing.

updated at April 22, 2024, 5:51 a.m.

95 -1

1,681 +0

240 +0

preflight by SpectralOps

preflight helps you verify scripts and executables to mitigate chain of supply attacks such as the recent Codecov hack.

updated at April 23, 2024, 10:57 p.m.

6 +0

149 +0

45 +0

kubectl-kubesec by controlplaneio

Security risk analysis for Kubernetes resources

updated at April 24, 2024, 3:31 p.m.

25 +0

500 +0

37 +0

credstash by fugue

A little utility for managing credentials in the cloud

updated at April 25, 2024, 12:24 a.m.

70 +0

2,054 +0

217 +0

phpcs-security-audit by FloeDesignTechnologies

phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code

updated at April 25, 2024, 2:22 a.m.

44 +0

701 +0

86 +0

blackbox by StackExchange

Safely store secrets in Git/Mercurial/Subversion

updated at May 2, 2024, 2:27 a.m.

122 +0

6,624 +3

370 +0

badssl.com by chromium

Memorable site for testing clients against bad SSL configs.

updated at May 2, 2024, 6:08 a.m.

53 +0

2,740 +3

183 +0

NodeGoat by OWASP

The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

updated at May 2, 2024, 6:19 p.m.

78 +0

1,828 +2

1,567 +3

cfn_nag by stelligent

Linting tool for CloudFormation templates

updated at May 2, 2024, 8:51 p.m.

34 +0

1,223 +3

207 +0

knox by pinterest

Knox is a secret management service

updated at May 3, 2024, 2:09 a.m.

43 +0

1,220 +2

120 +0

kics by Checkmarx

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

updated at May 3, 2024, 10:34 a.m.

25 +0

1,902 +4

286 +0