thedevappsecguy
🔒Secure Architecture 🔑Application Security 🛡️Product Security 🆔Modern Identity ⌨️Secure Coding 🔐Cryptography
Pinned Repositories
semgrep-rules
Semgrep rules registry
advmlthreatmatrix
Adversarial Threat Matrix
ASVS
Application Security Verification Standard
azure-ad-demo-backend
Log4J-Mitigation-CVE-2021-44228--CVE-2021-45046--CVE-2021-45105--CVE-2021-44832
Log4J CVE-2021-44228 : Mitigation Cheat Sheet
semgrep
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
static-analysis
A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more.
thedevappsecguy's Repositories
thedevappsecguy/azure-ad-demo-backend
thedevappsecguy/7-deadly-sins-in-azure-ad-app-development
Demos for my talk on some things you maybe could be doing better with Azure AD
thedevappsecguy/attify-badge
Attify Badge GUI tool to interact over UART, SPI, JTAG, GPIO etc.
thedevappsecguy/autoSource
Automated SonarQube
thedevappsecguy/azure-ad-demo-frontend
thedevappsecguy/Building-Secure-Applications-with-Cryptography-in-.NET-Course-Source-Code
The source code for the Pluralsight course, Building Secure Applications with Cryptography in .NET
thedevappsecguy/contrast-rO0
A tiny Java agent that blocks attacks against unsafe deserialization
thedevappsecguy/Damn_Vulnerable_C_Program
a c program containing vulnerable code for common types of vulnerabilities, can be used to show fuzzing concepts.
thedevappsecguy/dataflow
Render graphs using a declarative markup.
thedevappsecguy/DevSecOps-Studio
DevSecOps Distribution - Virtual Environment to learn DevSecOps
thedevappsecguy/InfoSec-Alfred
Scrap Latest Information Security Resources
thedevappsecguy/kamus
An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications
thedevappsecguy/kickthemout
💤 Kick devices off your network by performing an ARP Spoof attack.
thedevappsecguy/kubernetes-network-policy-recipes
Example recipes for Kubernetes Network Policies that you can just copy paste
thedevappsecguy/lava
Microsoft Azure Exploitation Framework
thedevappsecguy/MobileApp-Pentest-Cheatsheet
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
thedevappsecguy/nifi-http-processor
NiFi InvokeHTTP processor with NTLM authentication
thedevappsecguy/nifi-webdav-bundle
Various processors for working with WebDAV (web folders) in NiFi
thedevappsecguy/oss2020
The Open Security Summit 2020 is focused on the collaboration between, Developers and Application Security
thedevappsecguy/owasp-masvs
The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.
thedevappsecguy/pws-codesamples-browsersecrets
This code repository contains the scenarios in the security cheat sheet on Secure data storage in the browser.
thedevappsecguy/secureCodeBox
secureCodeBox (SCB) - continuous secure delivery out of the box
thedevappsecguy/SENG41283-Azure
University of Kelaniya B.Sc Software Engineering SENG41283 Azure assignment repository SpringBoot +Angular
thedevappsecguy/shadowbroker
The Shadow Brokers "Lost In Translation" leak
thedevappsecguy/spring-security-oidc-oauth2
Meta-repository for code written during talk for session titled "How to Supercharge AppSec with Spring Security, OpenID Connect, & OAuth2"
thedevappsecguy/spring_security_masterclass
thedevappsecguy/threat-model-templates
Templates for the Microsoft Threat Modeling Tool
thedevappsecguy/ws-demos
Some simple WebSocket demos
thedevappsecguy/wycheproof
Project Wycheproof tests crypto libraries against known attacks.
thedevappsecguy/xss-sample-app