A collection of content, tips and considerations from the AppSec community to spread the word of DevSecOps and guide aspirants who don't fit in with either Red or Blue team.

Project for learning V8 internals

Awesome secure by default libraries to help you eliminate bug classes!

Take over macOS Electron apps' TCC permissions

An extensive list of resources related to threat modelling. Gotta catch ’em all!

A curated list of awesome browser security learning material.

Open Source Static Scanning tool to detect data flows in your code, find data security vulnerabilities & generate accurate Play Store Data Safety Report.

How to systematically secure anything: a repository about security engineering

Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan

Proactive NPM Controls for Supply Chain Security

Platform to build admin panels, internal tools, and dashboards. Integrates with 25 databases and any API.

A small collection of vulnerable code snippets

GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment

Fix colors version examples. yarn and npm 8.3

OWASP Low-Code/No-Code Top 10

The Bug Bounty Wiki

A collection of browser-based side channel attack vectors.

A small tool to help developers understand a huge set of security requirements from appsec teams

ESLint plugin to detect and stop Trojan Source attacks

Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground.

Awesome Nmap Grep

An introductory lab to automotive security.

🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!

Notes on books I read, talks I watch, articles I study, and papers I love

Module to prevent SSRF when sending requests in NodeJS. Blocks request to local and private IP addresses

Fetch the details of assets hosted on AWS.