There are 7 repositories under software-security topic.
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Integrates Dependency-Check reports into SonarQube
Keyshuffling Attack for Persistent Early Code Execution in the Nintendo 3DS Secure Bootchain
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). :rainbow:
Monitoring exploits & references for CVEs
A simple Java command-line utility to mirror the CVE JSON data from NIST.
Find CVE PoCs on GitHub
Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).
A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the web.
A Java library for parsing and programmatically using threat models
Integrates OWASP Zed Attack Proxy reports into SonarQube
A simple Java command-line utility to mirror the entire contents of VulnDB.
A Github repository I created while studying the Software Security course on Coursera. I made the repository public to discuss solutions with like-minded developers.
The official repository of "GraphSPD: Graph-Based Security Patch Detection with Enriched Code Semantics". The paper will appear in the IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, May 22-26, 2023.
Vendor-Neutral Security Tool Automation Controller (over REST)
A collection of cyber security books
Data Obfuscation for C/C++ Code Based on Residue Number Coding (RNC)
Workshop for finding software vulnerabilities using open source tools, which includes a Goat-like Python and C application
Solutions to Software Security course provided by University of Maryland - Coursera
Placeholder for course materials taught by Akond Rahman
Repository of events for the Software Crafters Sydney community
Megagrep helps beginning a code review by searching for keywords in the code using "grep". It does not search for vulnerabilities directly but for places where you could manually find some.
My lab reports for some of the security labs developed by Prof. Du of SU.
《macOS软件安全与逆向分析》勘误
A toolchain for software integrity protection including self-checksumming, control flow integrity, result checking, oblivious hashing and a sample program protected using Intel SGX
Software Security project - Malware Detection Analysis A.A. 2019/2020.