Phoenix Security Demo's repositories
CVE-2024-3094-fix-exploits
Collection of Detection, Fix, and exploit for CVE-2024-3094
KaiMonkey-vulnerable-iac
KaiMonkey provides vulnerable infrastructure as code (IaC) to help explore and understand common cloud security threats exposed via IaC.
sample-eightball
Sample source code containing vulnerabilities to illustrate Fortify usage
ScanCentralDAST
Samples which can be leveraged with Fortify's ScanCentral DAST solution (20.2+)
SecretsTest
A sample repository containing secrets (and secret looking things!) in source code for testing how well a given tool can detect them
security-code-scan
Vulnerability Patterns Detector for C# and VB.NET
SSRF_Vulnerable_Lab
This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
terragoat-vulnerable-iac
TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
vulnado
Purposely vulnerable Java application to help lead secure coding workshops
vulnerable
A vulnerable module for Drupal showing a variety of ways to make insecure coding mistakes.
AWSGoat
AWSGoat : A Damn Vulnerable AWS Infrastructure
CodeIgniterXor
CodeIgniter <=2.1.4 session cookie decryption vulnerability
codeql
GitHub Satellite 2020 workshops on finding security vulnerabilities with CodeQL for Java/JavaScript.
CORS-vulnerable-Lab
Sample vulnerable code and its exploit code
CVE-2019-0841
PoC code for CVE-2019-0841 Privilege Escalation vulnerability
CVE-2024-3094_exploit_xzbot
notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
Damn-Vulnerable-Source-Code
The aim of the project is to develop intentionally vulnerable source code in various languages.
Damn_Vulnerable_C_Program
a c program containing vulnerable code for common types of vulnerabilities, can be used to show fuzzing concepts.
django-DefectDojo
DefectDojo is an open-source application vulnerability correlation and security orchestration tool.
dvwp
Damn Vulnerable WordPress
exploit-CVE-2016-10033
PHPMailer < 5.2.18 Remote Code Execution exploit and vulnerable container
gha-sample-workflows-WebGoat.NET
Sample GitHub Action workflows based on the OWASP WebGoat.NET example
insecure-kubernetes-deployments
A full insecure kubernetes application for testing security tools
java-sec-code
Java web common vulnerabilities and security code which is base on springboot and spring security
JavaDeserH2HC
Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).
juliet-test-suite
:microscope: A collection of test cases in the Java language. It contains examples for 112 different CWEs.
vulnerable-app
A sample web application using Node.js, Express and Angular that is vulnerable to common security vulnerabilities.
Vulnerable-Code-Snippets
A small collection of vulnerable code snippets
vulnerablecode
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode
WebGoat-Legacy
Legacy WebGoat 6.0 - Deliberately insecure JavaEE application