tolgadevsec

acra

Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.

akita-cli

The Akita CLI for watching network traffic, automatically generating API specs, and diffing API specs.

App-Based-IDS

Excerpts from my 3rd-year Dissertation Project: An Intrusion Detection System for a Web Application.

Awesome-Deception

An awesome list of resources on deception-based security with honeypots and honeytokens

Defensive-Coding-Reloaded---Lightning-Talk-Demo

This is the demo application of my talk "Defensive Coding Reloaded" held at the Securi-Tay 2022 conference in Dundee, Scotland.

PHP-Security-Cheatsheet

This cheatsheet is an overview of techniques to prevent common vulnerabilities within PHP web applications

Talks

Presentation slides and code samples of my talks

Xen-VCHAN-Guide

tolgadevsec/Awesome-Deception

An awesome list of resources on deception-based security with honeypots and honeytokens

tolgadevsec/PHP-Security-Cheatsheet

This cheatsheet is an overview of techniques to prevent common vulnerabilities within PHP web applications

tolgadevsec/Defensive-Coding-Reloaded---Lightning-Talk-Demo

This is the demo application of my talk "Defensive Coding Reloaded" held at the Securi-Tay 2022 conference in Dundee, Scotland.

tolgadevsec/Talks

Presentation slides and code samples of my talks

tolgadevsec/ato-checklist

A checklist of practices for organizations dealing with account takeover (ATO)

tolgadevsec/CakeFuzzer

Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based on specific frameworks with very limited false positives.

tolgadevsec/client-puzzle

tolgadevsec/CPP4WebApp

A Demonstration Software Implementation of Client Puzzle Protocols as Countermeasure against Automated Threats to Web Applications

tolgadevsec/csp-html-webpack-plugin

A plugin which, when combined with HTMLWebpackPlugin, adds CSP tags to the HTML output.

tolgadevsec/django-middleware-fileuploadvalidation

A Django middleware to validate user file uploads and detect malicious content.

tolgadevsec/DongTai-agent-java

Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.

tolgadevsec/DongTai-agent-python

Python Agent is a Python application probe of DongTai IAST, which collects method invocation data during runtime of Python application by dynamic hooks.

tolgadevsec/Free-RASP-Community

freeRASP is a Community-driven In-App Protection and User Safety suite.

tolgadevsec/hagana

NodeJS runtime protection for supply chain attacks

tolgadevsec/HASH

HASH (HTTP Agnostic Software Honeypot)

tolgadevsec/hotpatch-for-apache-log4j2

An agent to hotpatch the log4j RCE from CVE-2021-44228.

tolgadevsec/include-interceptor

Library to intercept and dynamically transform PHP includes. Forked from icewind1991/interceptor.

tolgadevsec/inspector-laravel

Connect your Laravel application to Inspector.

tolgadevsec/inspector-nodejs

Code execution monitoring for NodeJs applications.

tolgadevsec/log-snare

LogSnare: A playground for testing, preventing, and logging IDOR vulnerabilities.

tolgadevsec/openrasp-v8

Google V8 with OpenRASP builtins

tolgadevsec/pyrasp

Python Runtime Application Self Protection

tolgadevsec/python-security-manager

tolgadevsec/safe

All PHP functions, rewritten to throw exceptions instead of returning false

tolgadevsec/safelog4j

Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell vulnerabilities without scanning or upgrading

tolgadevsec/Sanwaf-Server

Sanwaf-Server - Sanitation Web Application Firewall

tolgadevsec/SCANTRAP

WordPress Security Plugin

tolgadevsec/tolgadevsec

tolgadevsec/tolgadevsec.github.io

Academic personal website based on mmistakes/minimal-mistakes GitHub Pages template

tolgadevsec/wahh_extras

The Web Application Hacker's Handbook - Extra Content