Tolga Ünlü's repositories
Awesome-Deception
An awesome list of resources on deception-based security with honeypots and honeytokens
PHP-Security-Cheatsheet
This cheatsheet is an overview of techniques to prevent common vulnerabilities within PHP web applications
Defensive-Coding-Reloaded---Lightning-Talk-Demo
This is the demo application of my talk "Defensive Coding Reloaded" held at the Securi-Tay 2022 conference in Dundee, Scotland.
ato-checklist
A checklist of practices for organizations dealing with account takeover (ATO)
CakeFuzzer
Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based on specific frameworks with very limited false positives.
CPP4WebApp
A Demonstration Software Implementation of Client Puzzle Protocols as Countermeasure against Automated Threats to Web Applications
csp-html-webpack-plugin
A plugin which, when combined with HTMLWebpackPlugin, adds CSP tags to the HTML output.
django-middleware-fileuploadvalidation
A Django middleware to validate user file uploads and detect malicious content.
DongTai-agent-java
Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.
DongTai-agent-python
Python Agent is a Python application probe of DongTai IAST, which collects method invocation data during runtime of Python application by dynamic hooks.
Free-RASP-Community
freeRASP is a Community-driven In-App Protection and User Safety suite.
hagana
NodeJS runtime protection for supply chain attacks
HASH
HASH (HTTP Agnostic Software Honeypot)
hotpatch-for-apache-log4j2
An agent to hotpatch the log4j RCE from CVE-2021-44228.
include-interceptor
Library to intercept and dynamically transform PHP includes. Forked from icewind1991/interceptor.
inspector-laravel
Connect your Laravel application to Inspector.
inspector-nodejs
Code execution monitoring for NodeJs applications.
log-snare
LogSnare: A playground for testing, preventing, and logging IDOR vulnerabilities.
openrasp-v8
Google V8 with OpenRASP builtins
pyrasp
Python Runtime Application Self Protection
safe
All PHP functions, rewritten to throw exceptions instead of returning false
safelog4j
Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell vulnerabilities without scanning or upgrading
Sanwaf-Server
Sanwaf-Server - Sanitation Web Application Firewall
SCANTRAP
WordPress Security Plugin
tolgadevsec.github.io
Academic personal website based on mmistakes/minimal-mistakes GitHub Pages template
wahh_extras
The Web Application Hacker's Handbook - Extra Content