thedevappsecguy
🔒Secure Architecture 🔑Application Security 🛡️Product Security 🆔Modern Identity ⌨️Secure Coding 🔐Cryptography
Pinned Repositories
semgrep-rules
Semgrep rules registry
advmlthreatmatrix
Adversarial Threat Matrix
ASVS
Application Security Verification Standard
azure-ad-demo-backend
Log4J-Mitigation-CVE-2021-44228--CVE-2021-45046--CVE-2021-45105--CVE-2021-44832
Log4J CVE-2021-44228 : Mitigation Cheat Sheet
semgrep
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
static-analysis
A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more.
thedevappsecguy's Repositories
thedevappsecguy/Log4J-Mitigation-CVE-2021-44228--CVE-2021-45046--CVE-2021-45105--CVE-2021-44832
Log4J CVE-2021-44228 : Mitigation Cheat Sheet
thedevappsecguy/ASVS
Application Security Verification Standard
thedevappsecguy/appmap-java
Inspect and record the execution of Java for use with App Land
thedevappsecguy/awesome-api-security
A collection of awesome API Security tools and resources.
thedevappsecguy/awesome-go
A curated list of awesome Go frameworks, libraries and software
thedevappsecguy/awesome-nodejs-security
Awesome Node.js Security resources
thedevappsecguy/awesome-threat-modelling
A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
thedevappsecguy/calico
Cloud native networking and network security
thedevappsecguy/cloudsplaining
Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
thedevappsecguy/DevSecOps-MaturityModel
thedevappsecguy/DevSecOps-Playbook
This is a step-by-step guide to implementing a DevSecOps program for any size organization
thedevappsecguy/distroless
🥑 Language focused docker images, minus the operating system.
thedevappsecguy/gokeyless
Go implementation of the keyless protocol
thedevappsecguy/it-security-lecture
University lecture on "IT Security" as Open Educational Resources material
thedevappsecguy/joi
The most powerful data validation library for JS
thedevappsecguy/libseccomp
The main libseccomp repository
thedevappsecguy/license-auditor
License Auditor helps you track and validate licenses inside your project.
thedevappsecguy/nodejscrypto
thedevappsecguy/orbit
thedevappsecguy/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
thedevappsecguy/policy_sentry
IAM Least Privilege Policy Generator
thedevappsecguy/pytm
A Pythonic framework for threat modeling
thedevappsecguy/re2
RE2 is a fast, safe, thread-friendly alternative to backtracking regular expression engines like those used in PCRE, Perl, and Python. It is a C++ library.
thedevappsecguy/restler-fuzzer
RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
thedevappsecguy/salus
Security scanner coordinator
thedevappsecguy/ScoutSuite
Multi-Cloud Security Auditing Tool
thedevappsecguy/semgrep-rules
Semgrep rules registry
thedevappsecguy/slither
Static Analyzer for Solidity
thedevappsecguy/thedevappsecguy
Config files for my GitHub profile.
thedevappsecguy/tink
Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.