Appsecco

Repositories

• dvna

  Damn Vulnerable NodeJS Application

  nodejs testing security hack owasp vulnerable owasp-top-10
  CSS MIT 174 425 1 5 Updated Aug 24, 2020

• attacking-and-auditing-docker-containers-and-kubernetes-clusters

  Appsecco training course content on Attacking and Auditing Dockers Containers and Kubernetes Clusters

  kubernetes security-audit free pentesting training-materials docker-security kubernetes-security
  Shell 135 496 0 0 Updated Aug 6, 2020

• asn-search-api

  A Golang API over MaxMind ASN database
  Go MIT 0 0 0 0 Updated Jul 30, 2020

• container-image-scanner-api

  A minimalist Go API to scan Docker images for security vulnerabilities and weaknesses
  Go MIT 0 0 0 0 Updated Jul 30, 2020

• kubeseco

  Application Security Workflow Automation using Docker and Kubernetes
  JavaScript MIT 11 20 2 2 Updated Jul 18, 2020

• dvja

  Damn Vulnerable Java (EE) Application

  java docker vulnerable-app
  CSS MIT 145 39 0 3 Updated Jul 1, 2020

• breaking-and-pwning-apps-and-servers-aws-azure-training

  Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

  opensource penetration-testing free application-security pentesting aws-security azure-security
  CSS 189 687 0 0 Updated Jun 27, 2020

• CloudPentestCheatsheets

  Forked from dafthack/CloudPentestCheatsheets

  This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.
  MIT 122 9 0 0 Updated Jun 14, 2020

• kube-scan

  Forked from octarinesec/kube-scan

  kube-scan: Octarine k8s cluster risk assessment tool
  Go MIT 43 0 0 0 Updated May 11, 2020

• attacking-cloudgoat2

  A step-by-step walkthrough of CloudGoat 2.0 scenarios.

  aws documentation pentesting walkthrough aws-security cloud-security pentesting-resources
  31 85 0 0 Updated Apr 28, 2020

• kccss

  Forked from octarinesec/kccss

  Kubernetes Common Configuration Scoring System
  TypeScript MIT 14 0 0 0 Updated Apr 23, 2020

• opa-traefik-microservice-authz

  Proof of concept implementation of a scenario using Open Policy Agent for microservices authorization in API Gateway (Traefik).
  JavaScript MIT 2 7 0 0 Updated Apr 8, 2020

• secrets-in-google-cloud-run-with-google-cloud-build

  Baking secrets in Google Cloud Run containers using Google Cloud Build
  Python MIT 1 1 0 0 Updated Mar 18, 2020

• devsecops-using-cloudnative-workshop

  This repo contains workshop material delivered at #nullcon2020
  HTML MIT 12 7 0 1 Updated Mar 6, 2020

• VyAPI

  VyAPI - A cloud based vulnerable hybrid Android App

  application-security aws-cognito mobile-security vulnerable-app
  Java MIT 17 75 1 0 Updated Feb 21, 2020

• prowler-aws-securityhub-integration

  Using Prowler to Automate Compliance Checks for AWS CIS Benchmarks
  Python MIT 1 3 0 0 Updated Feb 6, 2020

• spaces-finder

  A tool to hunt for publicly accessible DigitalOcean Spaces

  osint infosec pentesting recon reconnaissance digitalocean-spaces spaces-finder
  Python MIT 18 112 0 0 Updated Jan 21, 2020

• raneto-docker

  Docker container for Markdown based Raneto Knowledgebase

  docker markdown devops automation knowledgebase raneto
  JavaScript 11 31 0 1 Updated Dec 18, 2019

• defcon-26-workshop-attacking-and-auditing-docker-containers

  DEF CON 26 Workshop - Attacking & Auditing Docker Containers Using Open Source

  docker security security-audit opensource containers pentesting defcon
  25 78 0 1 Updated Nov 18, 2019

• dvcsharp-api

  Damn Vulnerable C# Application (API)
  C# 5 6 0 1 Updated Nov 1, 2019

• c0c0n-2019-ctf-writeups

  CTF write-ups from c0c0n 2019 CTF challenges that we participated
  MIT 2 6 0 0 Updated Oct 5, 2019

• J2M

  Forked from FokkeZB/J2M

  [UNMAINTAINED] Convert from JIRA text formatting to GitHub Flavored MarkDown and back again
  JavaScript 104 0 0 0 Updated Jun 16, 2019

• sqlinjection-training-app

  A simple PHP application to learn SQL Injection detection and exploitation techniques.

  exploit sql-injection application-security web-security appsec vulnerable-web-app owasp-top-10
  PHP MIT 17 30 0 0 Updated Jun 4, 2019

• using-docker-kubernetes-for-automating-appsec-and-osint-workflows

  Repository for all the workshop content delivered at nullcon X on 1st of March 2019

  docker kubernetes osint zap kubernetes-cluster nats minio
  CSS MIT 32 67 1 0 Updated Apr 4, 2019

• nodejs-google-idp-sample

  Presentation with proof of concept code on using Google as Identity Provider for Web API authentication using NodeJS as backend and VueJS as frontend
  JavaScript MIT 0 2 0 0 Updated Feb 9, 2019

• bugcrowd-levelup-subdomain-enumeration

  This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference

  dns censys osint domains subdomain enumeration certificate-transparency
  Python 154 489 1 0 Updated Feb 5, 2019

• the-art-of-subdomain-enumeration

  This repository contains all the supplement material for the book "The art of sub-domain enumeration"
  Python 103 368 4 0 Updated Jan 30, 2019

• practical-recon-levelup0x02

  This repository contains all the material from the talk "Practical recon techniques for bug hunters & pentesters" given at Bugcrowd LevelUp 0x02 virtual conference
  CSS Apache-2.0 21 48 0 0 Updated Jan 24, 2019

• osint-viz-platform-reconvillage

  The repository for Building visualisation platforms for OSINT data using open source solutions
  Python 8 26 0 0 Updated Aug 21, 2018

• owasp-threat-dragon

  Forked from mike-goodwin/owasp-threat-dragon

  An open source, online threat modelling tool from OWASP
  JavaScript Apache-2.0 103 4 0 0 Updated Jun 7, 2018