Repository for the next iteration of composite service (e.g. Ingress) and load balancing APIs.

BChecks collection for Burp Suite Professional and Burp Suite Enterprise Edition

An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability

Segment's Threat Modeling training for our engineers

Tyk Open Source API Gateway written in Go, supporting REST, GraphQL, TCP and gRPC protocols

💰💸☁️ For those interested in running Kubernetes in highly regulated environments, particularly financial services

Labs for Threat Modelling training delivered by ControlPlane

An OpenTelemetry compatible library for instrumenting and exporting traces for Cloudflare Workers

A query engine for any combination of data sources. Query your files and APIs as if they were databases!

Collection of Threat Models

Write tests against structured configuration data using the Open Policy Agent Rego query language

rtl88x2bu driver updated for current kernels.

A vault for securely storing and accessing AWS credentials in development environments

Successor: https://github.com/fluxcd/flux2

An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!

This repository contains a sample script which can be used to enable security vulnerability alerts in all of the repositories in a given organization.

Supply-chain Levels for Software Artifacts

My dotfiles

GitHub administration command line tool

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6, Classic/VPC networking, and across all AWS services

A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Site Reliability Engineering (SRE)

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

Starting code for the GildedRose Refactoring Kata in many programming languages.

Draw.io libraries for threat modeling diagrams

Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.

🔥 Web-application firewalls (WAFs) from security standpoint.

🗂️ A PHP library for representing and manipulating collections.

A CLI tool to check whether a specific composer package uses imported symbols that aren't part of its direct composer dependencies

⚡️ Front End interview preparation materials for busy engineers