Appsecco

Repositories

• kubeseco

  Application Security Workflow Automation using Docker and Kubernetes
  JavaScript MIT 10 23 2 2 Updated May 10, 2021

• dvja

  Damn Vulnerable Java (EE) Application

  java docker vulnerable-app
  CSS MIT 184 50 0 4 Updated Mar 15, 2021

• opa-traefik-microservice-authz

  Proof of concept implementation of a scenario using Open Policy Agent for microservices authorization in API Gateway (Traefik).
  JavaScript MIT 4 17 0 1 Updated Jan 5, 2021

• raneto-docker

  Docker container for Markdown based Raneto Knowledgebase

  docker markdown devops automation knowledgebase raneto
  JavaScript 12 32 0 1 Updated Dec 28, 2020

• sqlinjectionloginbypass

  A simple app to demo SQL Injection login bypass
  PHP MIT 12 15 0 0 Updated Dec 15, 2020

• anchore-engine

  Forked from anchore/anchore-engine

  A service that analyzes docker images and applies user-defined acceptance policies to allow automated container image validation and certification
  Python Apache-2.0 209 0 0 0 Updated Sep 10, 2020

• dvna

  Damn Vulnerable NodeJS Application

  nodejs testing security hack owasp vulnerable owasp-top-10
  CSS MIT 253 479 1 4 Updated Aug 24, 2020

• asn-search-api

  A Golang API over MaxMind ASN database
  Go MIT 2 2 0 0 Updated Jul 30, 2020

• container-image-scanner-api

  A minimalist Go API to scan Docker images for security vulnerabilities and weaknesses
  Go MIT 1 1 0 0 Updated Jul 30, 2020

• breaking-and-pwning-apps-and-servers-aws-azure-training

  Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

  opensource penetration-testing free application-security pentesting aws-security azure-security
  CSS 224 788 0 0 Updated Jun 27, 2020

• CloudPentestCheatsheets

  Forked from dafthack/CloudPentestCheatsheets

  This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.
  MIT 238 12 0 0 Updated Jun 14, 2020

• kube-scan

  Forked from octarinesec/kube-scan

  kube-scan: Octarine k8s cluster risk assessment tool
  Go MIT 66 1 0 0 Updated May 11, 2020

• attacking-cloudgoat2

  A step-by-step walkthrough of CloudGoat 2.0 scenarios.

  aws documentation pentesting walkthrough aws-security cloud-security pentesting-resources
  40 100 0 0 Updated Apr 28, 2020

• kccss

  Forked from octarinesec/kccss

  Kubernetes Common Configuration Scoring System
  TypeScript MIT 15 0 0 0 Updated Apr 23, 2020

• secrets-in-google-cloud-run-with-google-cloud-build

  Baking secrets in Google Cloud Run containers using Google Cloud Build
  Python MIT 1 2 0 0 Updated Mar 18, 2020

• devsecops-using-cloudnative-workshop

  This repo contains workshop material delivered at #nullcon2020
  HTML MIT 14 12 0 1 Updated Mar 6, 2020

• VyAPI

  VyAPI - A cloud based vulnerable hybrid Android App

  application-security aws-cognito mobile-security vulnerable-app
  Java MIT 16 76 1 0 Updated Feb 21, 2020

• prowler-aws-securityhub-integration

  Using Prowler to Automate Compliance Checks for AWS CIS Benchmarks
  Python MIT 4 4 0 0 Updated Feb 6, 2020

• spaces-finder

  A tool to hunt for publicly accessible DigitalOcean Spaces

  osint infosec pentesting recon reconnaissance digitalocean-spaces spaces-finder
  Python MIT 21 124 0 0 Updated Jan 21, 2020

• defcon-26-workshop-attacking-and-auditing-docker-containers

  DEF CON 26 Workshop - Attacking & Auditing Docker Containers Using Open Source

  docker security security-audit opensource containers pentesting defcon
  30 88 0 1 Updated Nov 18, 2019

• dvcsharp-api

  Damn Vulnerable C# Application (API)
  C# 10 11 0 1 Updated Nov 1, 2019

• c0c0n-2019-ctf-writeups

  CTF write-ups from c0c0n 2019 CTF challenges that we participated
  MIT 4 7 0 0 Updated Oct 5, 2019

• J2M

  Forked from FokkeZB/J2M

  [UNMAINTAINED] Convert from JIRA text formatting to GitHub Flavored MarkDown and back again
  JavaScript 106 0 0 0 Updated Jun 16, 2019

• sqlinjection-training-app

  A simple PHP application to learn SQL Injection detection and exploitation techniques.

  exploit sql-injection application-security web-security appsec vulnerable-web-app owasp-top-10
  PHP MIT 24 43 0 0 Updated Jun 4, 2019

• using-docker-kubernetes-for-automating-appsec-and-osint-workflows

  Repository for all the workshop content delivered at nullcon X on 1st of March 2019

  docker kubernetes osint zap kubernetes-cluster nats minio
  CSS MIT 36 69 1 0 Updated Apr 4, 2019

• nodejs-google-idp-sample

  Presentation with proof of concept code on using Google as Identity Provider for Web API authentication using NodeJS as backend and VueJS as frontend
  JavaScript MIT 0 2 0 0 Updated Feb 9, 2019

• bugcrowd-levelup-subdomain-enumeration

  This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference

  dns censys osint domains subdomain enumeration certificate-transparency
  Python 160 517 1 0 Updated Feb 5, 2019

• the-art-of-subdomain-enumeration

  This repository contains all the supplement material for the book "The art of sub-domain enumeration"
  Python 121 437 4 0 Updated Jan 30, 2019

• practical-recon-levelup0x02

  This repository contains all the material from the talk "Practical recon techniques for bug hunters & pentesters" given at Bugcrowd LevelUp 0x02 virtual conference
  CSS Apache-2.0 24 51 0 0 Updated Jan 24, 2019

• osint-viz-platform-reconvillage

  The repository for Building visualisation platforms for OSINT data using open source solutions
  Python 8 26 0 0 Updated Aug 21, 2018