A Continuous Threat Modeling methodology

An open source threat modeling tool from OWASP

🌐 The Internet OS! Free, Open-Source, and Self-Hostable.

Vulnerable REST API with OWASP top 10 vulnerabilities for security testing

WebGoat is a deliberately insecure application

completely ridiculous API (crAPI)

Templates to integrate Fortify application security testing with Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP) and Oracle Cloud Infrastructure (OCI)

Zipkin is a distributed tracing system

Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team p…

Protect and discover secrets using Gitleaks 🔑

Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.

Runtime Security Enforcement System. Workload hardening/sandboxing and implementing least-permissive policies made easy leveraging LSMs (BPF-LSM, AppArmor).

This repo contains the code for my secure code review challenges

Random code for HashiCorp related projects, training, etc.

📱 Collaborative List of Open-Source iOS Apps

Sample scan files for testing DefectDojo imports

fcli is a command-line utility for interacting with various Fortify products

Sample ASP.NET Core 8.0 reference application, powered by Microsoft, demonstrating a layered application architecture with monolithic deployment model. Download the eBook PDF from docs folder.

Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.

Provides content useful for IriusRisk threat modelling, including templates, API scripts, libraries and more.

StartLeft is an automation tool for generating Threat Models written in the Open Threat Model (OTM) format from a variety of different sources such as IaC files, diagrams or projects exported from …

Jekyll Template - Mediumish

A modern, high customizable, responsive Jekyll theme for documentation with built-in search.

Declarative Continuous Deployment for Kubernetes

Checks whether Docker is deployed according to security best practices as defined in the CIS Docker Benchmark

GitHub action for Hadolint, A Dockerfile linting tool

Vulnerability Static Analysis for Containers

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start