Presentations, training modules, and other education materials from Duo Security's Application Security team.
updated at Nov. 29, 2023, 5:43 p.m.
Securely manage passwords, certs, and other secrets in Chef
updated at Dec. 23, 2023, 3:02 p.m.
A project security/vulnerability/risk scanning tool
updated at March 31, 2024, 2:19 p.m.
Keyscope is a key and secret workflow (validation, invalidation, etc.) tool built in Rust
updated at April 13, 2024, 10:31 a.m.
Cfngoat is Bridgecrew's "Vulnerable by Design" Cloudformation repository. Cfngoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
updated at April 21, 2024, 4:20 p.m.
A command-line reference-implementation client for SSL Labs APIs, designed for automated and/or bulk testing.
updated at April 22, 2024, 5:51 a.m.
preflight helps you verify scripts and executables to mitigate chain of supply attacks such as the recent Codecov hack.
updated at April 23, 2024, 10:57 p.m.
Security risk analysis for Kubernetes resources
updated at April 24, 2024, 3:31 p.m.
phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code
updated at April 25, 2024, 2:22 a.m.
Safely store secrets in Git/Mercurial/Subversion
updated at May 2, 2024, 2:27 a.m.
Memorable site for testing clients against bad SSL configs.
updated at May 2, 2024, 6:08 a.m.