MaTTeo's starred repositories

openzeppelin-contracts

OpenZeppelin Contracts is a library for secure smart contract development.

Language:JavaScriptLicense:MITStargazers:24558Issues:637Issues:1885

awesome-solidity

⟠ A curated list of awesome Solidity resources, libraries, tools and more

DeFiHackLabs

Reproduce DeFi hacked incidents using Foundry.

ASVS

Application Security Verification Standard

Language:HTMLLicense:CC-BY-SA-4.0Stargazers:2623Issues:145Issues:1163

dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Language:JavaLicense:Apache-2.0Stargazers:2479Issues:72Issues:1877

learning-solidity

The companion to the Youtube tutorials

kics

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

Language:Open Policy AgentLicense:Apache-2.0Stargazers:1988Issues:26Issues:1940

ethernaut

Web3/Solidity based wargame

Language:SolidityLicense:MITStargazers:1941Issues:32Issues:209

specs

Technical specifications for the libp2p networking stack

container-security-checklist

Checklist for container security - devsecops practices

solidity-security-blog

Comprehensive list of known attack vectors and common anti-patterns

awesome-threat-modelling

A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

Language:DockerfileLicense:CC0-1.0Stargazers:1319Issues:65Issues:5

awesome-ethereum-security

A curated list of awesome Ethereum security references

ion

The Identity Overlay Network (ION) is a DID Method implementation using the Sidetree protocol atop Bitcoin

Language:HTMLLicense:Apache-2.0Stargazers:1228Issues:89Issues:141

threat-dragon

An open source threat modeling tool from OWASP

Language:JavaScriptLicense:Apache-2.0Stargazers:852Issues:30Issues:481

Application-Security-Engineer-Interview-Questions

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

owasp-threat-dragon

An open source, online threat modelling tool from OWASP

Language:JavaScriptLicense:Apache-2.0Stargazers:480Issues:35Issues:52

sonar-cnes-report

Generates analysis reports from SonarQube web API.

Language:JavaLicense:GPL-3.0Stargazers:427Issues:26Issues:241

threat-model-cookbook

This project is about creating and publishing threat model examples.

Language:PythonLicense:NOASSERTIONStargazers:399Issues:44Issues:21

hugo-future-imperfect-slim

Multilingual Blogging Theme for Hugo | Check the Wiki for Documentation

Language:JavaScriptLicense:NOASSERTIONStargazers:304Issues:8Issues:151

protobom

A universal SBOM representation in protocol buffers

Language:GoLicense:Apache-2.0Stargazers:237Issues:11Issues:62

dasp

The Decentralized Application Security Project

js-x-ray

JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.

Language:JavaScriptLicense:MITStargazers:216Issues:4Issues:50

GOATCasino

This is an intentionally vulnerable smart contract truffle deployment aimed at allowing those interested in smart contract security to exploit a wide variety of issues in a safe environment.

Language:JavaScriptLicense:MITStargazers:112Issues:13Issues:2

TaaC-AI

AI-driven Threat modeling-as-a-Code (TaaC-AI)

combobulator

Dependency Combobulator

Language:PythonLicense:Apache-2.0Stargazers:85Issues:3Issues:15

awesome-secret

Curated list of Secret Network resources, both official and unofficial

Veracode-Community-Projects

Collection of open source projects that include automation of common Veracode Platform tasks, new integrations, HMAC signing libraries, etc