Easy Application Security's repositories
postgres-baseline
PostgreSQL Security Baseline Assessment - InSpec Profile - CIS Benchmark controls, secure defaults and HashiCorp Vault integration
capicom-wrapper
Java wrapper for Microsoft capicom library (CSP)
nginx-baseline
Nginx Security Baseline Assessment - InSpec Profile - CIS Benchmark verification
devsecops-lab
Demo files
php-web-security
PHP web security solutions and examples
threat-modeling
Threat models hub
aes-cbc-security-research
Tampering and padding oracle attacks demonstration for AES CBC encryption
docker-registry-security-assessment
InSpec Profile for Private Docker Registry Security Assessment
hashicorp-vault-use-cases
Use cases and examples of Hashicorp Vault
java-web-security
Java web defence research platform
spring-boot-inspec
Spring Boot Security Baseline Assessment InSpec Profile
TicTaaC
Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. Sugar-Free and Secure: no any external dependencies except for chart plotting are used
zap-extensions
OWASP ZAP Add-ons
b-blockchain
Blockchain based on STB algorithms
capicom-wrapper-examples
Examples of usage capicom-wrapper project
ecb-encryption-research
Simple demonstration of ECB encryption problem
gnuk-portable-pcb
Portable GNUK token design
inspec-vault
Chef InSpec profile for HashiCorp Vault
jks-converter
SSL private key to java keystore converter script
secure-account-recovery
Secure account recovery demonstration with timing attack protection and email signing and encryption