Appsecco

breaking-and-pwning-apps-and-servers-aws-azure-training

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

dvna

Damn Vulnerable NodeJS Application

bugcrowd-levelup-subdomain-enumeration

This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference

vulnerable-apps

spaces-finder

A tool to hunt for publicly accessible DigitalOcean Spaces

attacking-cloudgoat2

A step-by-step walkthrough of CloudGoat 2.0 scenarios.

dvja

Damn Vulnerable Java (EE) Application

defcon-26-workshop-attacking-and-auditing-docker-containers

DEF CON 26 Workshop - Attacking & Auditing Docker Containers Using Open Source

sqlinjection-training-app

A simple PHP application to learn SQL Injection detection and exploitation techniques.

VyAPI

VyAPI - A cloud based vulnerable hybrid Android App

using-docker-kubernetes-for-automating-appsec-and-osint-workflows

Repository for all the workshop content delivered at nullcon X on 1st of March 2019

dvcsharp-api

Damn Vulnerable C# Application (API)

opa-traefik-microservice-authz

Proof of concept implementation of a scenario using Open Policy Agent for microservices authorization in API Gateway (Traefik).

raneto-docker

Docker container for Markdown based Raneto Knowledgebase

sqlinjectionloginbypass

A simple app to demo SQL Injection login bypass

CloudPentestCheatsheets

This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.

kubeseco

Application Security Workflow Automation using Docker and Kubernetes

devsecops-using-cloudnative-workshop

This repo contains workshop material delivered at #nullcon2020

c0c0n-2019-ctf-writeups

CTF write-ups from c0c0n 2019 CTF challenges that we participated

prowler-aws-securityhub-integration

Using Prowler to Automate Compliance Checks for AWS CIS Benchmarks

django-rev-shell

A simple django app to provide a reverse shell when deployed and invoked.

nodejs-google-idp-sample

Presentation with proof of concept code on using Google as Identity Provider for Web API authentication using NodeJS as backend and VueJS as frontend

asn-search-api

A Golang API over MaxMind ASN database

container-image-scanner-api

A minimalist Go API to scan Docker images for security vulnerabilities and weaknesses

secrets-in-google-cloud-run-with-google-cloud-build

Baking secrets in Google Cloud Run containers using Google Cloud Build

kube-scan

kube-scan: Octarine k8s cluster risk assessment tool

kubernetes-ptaas-scripts

Scripts to generate kubeconfig files required to perform a PT.

anchore-engine

A service that analyzes docker images and applies user-defined acceptance policies to allow automated container image validation and certification

J2M

[UNMAINTAINED] Convert from JIRA text formatting to GitHub Flavored MarkDown and back again

kccss

Kubernetes Common Configuration Scoring System