mackowski's repositories
OWASP-Testing-Guide-v5
The OWASP Testing Guide includes a "best practice" penetration testing framework which users can implement in their own organizations and a "low level" penetration testing guide that describes techniques for testing most common web application and web service security issues.
awesome-nodejs-security
Awesome Node.js Security resources
awesome-web-security
🐶 A curated list of Web Security materials and resources.
continuous-threat-modeling
A Continuous Threat Modeling methodology
Defending-DevOps
Lab Material for the Two-Day Defending Modern DevOps Environments Course
kubernetes-security-workshop
Kubernertes security workshop
web-methodology
Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki
wg-security-tooling
Security tools for open source.
CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
ctf-katana
This repository aims to hold suggestions (and hopefully/eventually code) for CTF challenges. The "project" is nicknamed Katana.
django-DefectDojo
DefectDojo is an open-source application vulnerability correlation and security orchestration tool.
domxsswiki
Automatically exported from code.google.com/p/domxsswiki
find-sec-bugs
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
juice-shop
OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws.
owasp-change.github.io
An Open Letter to the OWASP Board
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
pipelines-dotnet-core
A simple ASP.NET Core MVC app for Azure Pipelines docs
postMessage-tracker
A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
rules-owasp-asvs
Semgrep rules corresponding to the OWASP ASVS standard
secureCodeBox
SecureCodeBox - continuous secure delivery out of the box
unity-ssdlc
A public version of Unity's internal SSDLC. Meant to provide an example framework, not just to share with others, but to also take contributions and continue to improve and evolve.
www-community
OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
www-project-cheat-sheets
OWASP Foundation Web Respository
zero-trust-architecture
Principles to help you design and deploy a zero trust architecture