Displaying 1 to 20 from 33 results

smart-contract-best-practices - A guide to smart contract security best practices

  •    HTML

Feel free to submit a pull request, with anything from small fixes, to full new sections. If you are writing new content, please reference the contributing page for guidance on style. See the issues for topics that need to be covered or updated. If you have an idea you'd like to discuss, please chat with us in Gitter.

badssl.com - :lock: Memorable site for testing clients against bad SSL configs.

  •    HTML

Stock Ubuntu VM, DNS A records for badssl.com. and *.badssl.com. pointing to the VM. Follow the instructions to install Docker.

twofactorauth - List of sites with two factor auth support which includes SMS, email, phone calls, hardware, and software

  •    HTML

A list of popular sites and whether or not they accept two factor auth. The goal is to build a website (TwoFactorAuth.org) with a comprehensive list of sites that support Two Factor Authentication, as well as the methods that they provide.




Detect-It-Easy - Detect it Easy

  •    HTML

Detect It Easy, or abbreviated "DIE" is a program for determining types of files. "DIE" is a cross-platform application, apart from Windows version there are also available versions for Linux and Mac OS.

istlsfastyet.com - Is TLS fast yet? Yes, yes it is.

  •    HTML

TLS has exactly one performance problem: it is not used by enough sites on the web.

reverse-engineering-tutorials - Reverse Engineering Tutorials

  •    HTML

Run everything on a virtual machine at your OWN Risk. Shared for educational purposes only.

RootTheBox - A Game of Hackers (CTF Scoreboard & Game Manager)

  •    HTML

Root the Box is a real-time scoring engine for computer wargames where hackers can practice and learn. The application can be easily configured and modified for any CTF game. Root the Box attempts to engage novice and experienced players alike by combining a fun game-like environment, with realistic challenges that convey knowledge applicable to the real-world, such as penetration testing, incident response, digital forensics and threat hunting. Just as in traditional CTF games, each team or player targets challenges of varying difficulty and sophistication, attempting to collect flags. Root the Box brings additional options to the game. It can be configured to allow the creation of "Botnets" by uploading a small bot program to target machines, which grant periodic rewards with (in-game) money for each bot in the botnet; the larger the botnet the larger the reward. Money can be used to unlock new levels, buy hints to flags, download a target's source code, or even "SWAT" other players by bribing the (in-game) police. Player's "bank account passwords" can also be publically displayed by the scoring engine, allowing players to crack each other's passwords and steal each other's money.


hsimp - How Secure is My Password for your own website

  •    HTML

Now you can use the howsecureismypassword.net password strength meter on your own sites. Rather than just saying a password is "weak" or "strong", How Secure is My Password? lets your users know how long it would take someone to crack their password. It also checks against the top 10,000 most common passwords as well as a number of other checks (such as repeated strings, telephone numbers, and words followed by numbers).

drek - A static-code-analysis tool for performing security-focused code reviews

  •    HTML

drek is a static-code-analysis tool that can be used to perform security-focused code reviews. It enables an auditor to swiftly map the attack-surface of a large application, with an emphasis on identifying development anti-patterns and footguns. Much like grep, drek scans a codebase for user-defined regular-expressions. Unlike grep, drek outputs its results into an ergonomic html report that allows for sorting, filtering, and annotating of points-of-interest.

slides - Alexander Makarov conference slides

  •    HTML

This repository contains slides used for conference talks performed by Alexander Makarov. You can check it in action at slides.rmcreative.ru. All recent slides are created using excellent HTML presentation framework called reveal.js and created by Hakim El Hattab. The theme of these uses ParaType free fonts.

bucketlist - Amazon S3 bucket spelunking!

  •    HTML

Bucketlist is a quick project I threw together to find and crawl Amazon S3 buckets and put all the data into a PostgreSQL database for querying. Bucketlist requires a recent version of Ruby and the PostgreSQL database system installed.

express-stormpath-angular-sample-project - Sample fullstack application, using Angular

  •    HTML

We are incredibly excited to announce that Stormpath is joining forces with Okta. Please visit the Migration FAQs for a detailed look at what this means for Stormpath users. We're available to answer all questions at support@stormpath.com.

security-training - Public version of PagerDuty's employee security training courses.

  •    HTML

This is a public version of the Security Training material used internally at PagerDuty for our annual employee security training. You can view the content directly in this repository, or rendered as a website at https://sudo.pagerduty.com.

ApacheShiro - :key: Using Apache Shiro JDBC Realm with MySQL Database

  •    HTML

:key: Using Apache Shiro JDBC Realm with MySQL Database

kube-auto-analyzer - Kubernetes Auto Analyzer

  •    HTML

This is a configuration analyzer tool intended to automate the process of reviewing Kubernetes installations against the CIS Kubernetes 1.8 Benchmark. There's two ways to run the analyzer either as a ruby gem or using docker.

webapp_security_by_example - Demonstrates specific web security principles via minimal examples

  •    HTML

This repo aims to demonstrate specific web security principles via minimal examples. See hello_flask/ for a series of OWASP Top 10 type examples using Python's Flask web framework.

EasyShiro - 基于 RBAC 模型功能全面的 Shiro 安全集成&简化&扩展组件。Shiro integration & simplifies & Extension component based RBAC

  •    HTML

EasyShiro is a security extension components based Shiro. Based on the RBAC (Role Based Access Control) Web permission model based on database rights management and Web URL authorization, provides general Shiro security management support, as well as richer and more powerful function options.