rewtd
AppSec guy, hacker, husband and father. Security, process & logic. @DefCon goon, @bsideslv staff, @OWASP, @ongers, @Secure-Delivery & @0xC0FFEEL
@ongers @secure-delivery @OWASPLondon
Pinned Repositories
alexa_threat_model_game
Alexa version of the Elevation of Privilege game
ASVS
Application Security Verification Standard
Benchmark
OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually exploitable, it’s a fair test for any kind of vulnerability detection tool. For more details on this project, please see the OWASP Benchmark Project home page.
CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
cornucopia
The source files and tools needed to build the OWASP Cornucopia deck in various languages
dvpwa
Damn Vulnerable Python Web App
PSCF
simple-ducky-payload-generator
Automatically exported from code.google.com/p/simple-ducky-payload-generator
rewtd's Repositories
rewtd/dvpwa
Damn Vulnerable Python Web App
rewtd/CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
rewtd/ASVS
Application Security Verification Standard
rewtd/bandit
Bandit is a tool designed to find common security issues in Python code.
rewtd/Benchmark
OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually exploitable, it’s a fair test for any kind of vulnerability detection tool. For more details on this project, please see the OWASP Benchmark Project home page.
rewtd/cornucopia
The source files and tools needed to build the OWASP Cornucopia deck in various languages
rewtd/PSCF
rewtd/cherrybomb
Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.
rewtd/elevation-of-privilege
An online multiplayer version of the Elevation of Privilege (EoP) threat modeling card game
rewtd/mBot2
Python Samples for mBot2 Getting Started Activities
rewtd/owasp-change.github.io
An Open Letter to the OWASP Board
rewtd/owasp-projects
rewtd/owasp.github.io
OWASP Foundation main site repository
rewtd/phpvuln
Audit tool to find common vulnerabilities in PHP source code
rewtd/platform-example-ui-journey-tests
rewtd/rewtd
rewtd/the-algorithm
Source code for Twitter's Recommendation Algorithm
rewtd/Top10
Official OWASP Top 10 Document Repository
rewtd/www-board-candidates
rewtd/www-board-eu
rewtd/www-committee-chapter
OWASP Foundation Web Respository
rewtd/www-community
OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
rewtd/www-event-2023-Global-AppSec-Dublin
rewtd/www-policy
rewtd/www-project-application-security-verification-standard
OWASP Foundation Web Respository
rewtd/www-project-how-to-get-into-appsec
OWASP Foundation Web Respository
rewtd/www-project-llm-verification-standard
Project LLM Verification Standard
rewtd/www-project-secure-logging-benchmark
OWASP Foundation Web Respository
rewtd/YubiKey-Guide
Guide to using YubiKey for GPG and SSH
rewtd/zaproxy
The OWASP ZAP core project