The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

🎨 Diagram as Code for prototyping cloud system architectures

Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics…

Quickly rewrite git repository history (filter-branch replacement)

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

Automated Adversary Emulation Platform

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.

An enterprise friendly way of detecting and preventing secrets in code.

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.

A GitHub Security Lab initiative, providing an in-repo learning experience, where learners secure intentionally vulnerable code.

The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

Operational information regarding the log4shell vulnerabilities in the Log4j logging library.

GitHub Actions Pipeline Enumeration and Attack Tool

This project is about creating and publishing threat model examples.

The DevSecOps toolset for REST APIs

Process documentation, non-code deliverables, and miscellaneous artifacts of Kubernetes SIG Security

pretrained BERT model for cyber security text, learned CyberSecurity Knowledge

Script to audit GitHub Action Workflow files for potential vulnerabilities.

GitHub Advance Security Compliance Action