David Black's starred repositories
owasp-mastg
The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
linux-kernel-defence-map
Linux Kernel Defence Map shows the relationships between vulnerability classes, exploitation techniques, bug detection mechanisms, and defence technologies
temurin-build
Eclipse Temurin™ build scripts - common across all releases/versions
google-calendar-crx
Google Calendar for Chrome
semgrep-rules
Semgrep rules registry
backslash-powered-scanner
Finds unknown classes of injection vulnerabilities
ActiveScanPlusPlus
ActiveScan++ Burp Suite Plugin
linux-hardened
Minimal supplement to upstream Kernel Self Protection Project changes. Features already provided by SELinux + Yama and archs other than multiarch arm64 / x86_64 aren't in scope. Only tags have stable history. Shared IRC channel with KSPP: irc.libera.chat #linux-hardening
Auditor
Hardware-based attestation / intrusion detection app for Android devices. It provides both local verification with another Android device via QR codes and optional scheduled server-based verification with support for alert emails. It uses hardware-backed keys and attestation support as the foundation and chains trust to the app for software checks.
vulnerability-rating-taxonomy
Bugcrowd’s baseline priority ratings for common security vulnerabilities
confluencebuilder
Confluence Markup Builder Plugin for Sphinx
automation-working-group
CVE Automation Working Group
confluence
Confluence Python API, please check ticket below 🆘
cve-services
This repo contains the source for the CVE Services API.
jdk
This repo is an unmodified mirror of source code obtained from OpenJDK. It has been and may still be used to create builds that are untested and incompatible with the Java SE specification. You should not deploy or write to this code, but instead use the tested and certified Java SE compatible version that is available at https://adoptium.net.
json-log-formatter
Python JSON log formatter
quickstart-atlassian-jira
Jira Software Data Center and Jira Service Desk Data Center with high availability and performance
AttestationSamples
A small subset of the submitted sample data from https://github.com/GrapheneOS/Auditor. It has a sample attestation certificate chain per device model (ro.product.model) along with a subset of the system properties from the sample as supplementary information.
nexpose-vuln-hydrator
Nexpose Vulnerability Hydrator consumes Asset Scan events and hydrates the payload with vulnerability details.