securestep9

followers

following

stars

OWASP London Chapter

London, UK

https://twitter.com/securestep9

Sam Stepanyan's repositories

nettacker-automation

OWASP Nettacker Automation Examples

MIT5 30

OWASP-Nettacker

Automated Penetration Testing Framework

Language:PythonApache-2.01 10

ai-creations

content created by AI

010

Blue-Team-Notes

000

bugsy

Language:TypeScriptMIT000

gh-workflow-auditor

Script to audit GitHub Action Workflow files for potential vulnerabilities.

NOASSERTION000

github-oidc-checker

Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts

Language:PythonApache-2.0000

goctopus

Blazing fast GraphQL discovery & fingerprinting toolbox.

Language:GoAGPL-3.0000

grype

A vulnerability scanner for container images and filesystems

Language:GoApache-2.0000

Mobb-Fixer-Demo-CodeQL

Language:JavaScript000

nodejs-goof

Super vulnerable todo list application

Language:JavaScriptApache-2.0000

osv-scanner

Vulnerability scanner written in Go which uses the data provided by https://osv.dev

Language:GoApache-2.0000

owasp.github.io

OWASP Foundation main site repository

Language:HTMLCC-BY-SA-4.0010

pinny

Pin your 3rd Party Github Actions and Docker Images dependencies.

Apache-2.0000

qid

010

repository-scanner

Tool to detect secrets in source code management systems.

Language:PythonMIT000

SafePackage

safe-package is a security wrapper for your package manager

Language:RustApache-2.0000

sbom-action

GitHub Action for creating software bill of materials using Syft.

Language:TypeScriptApache-2.0000

secrets-detection

Code samples and recipes related to detecting secrets across development environments and related systems.

MIT000

secure-sw-dev-fundamentals

Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)

Language:CSSCC-BY-4.0000

Sirius

open-source general purpose vulnerability scanner (fork)

Language:GoMIT000

snowflake-threat-hunter

Language:PythonBSD-3-Clause000

SwaggerJacker

A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.

MIT000

syft

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

Language:GoApache-2.0000

TicTaaC

Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. Sugar-Free and Secure: no any external dependencies except for chart plotting are used

Language:JavaApache-2.0000

vulnerablecode

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

Language:PythonApache-2.0000

WAFEC

NOASSERTION000

Wordpresscan

WPScan rewritten in Python + some WPSeku ideas

Language:Python010

www-committee-chapter

OWASP Foundation Web Respository

000

www-project-top-10-for-large-language-model-applications

OWASP Foundation Web Respository

Language:HTMLNOASSERTION000