A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration

Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based on specific frameworks with very limited false positives.

Security tools report parsers for Faradaysec.com

Sample Python script for automating WebInspect scans and pushing results to SSC

Probely's GitHub Action

Automated Security testing using ZAP Python API. This can be used with any functional UI automation tool.

Suite of web browser fuzzing tools aimed at optimising code coverage. Test case generation from a built-in Context-Free Grammar, mutation fuzzing from a corpus of scraped web pages, DOM fuzzing and more.

Automatic DevSecOps builder

Exemplo de workflow de segurança que realiza testes SAST, SCA, DAST, Secrets Scan e IaC Scan via GitHub Actions utilizando ferramentas open source.

(in)secure git workshop 🔓+🔑 = 🔐

SOOS DAST - The affordable no limit web vulnerability scanner

This DAST project is designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Cross-platform test harness that assists the user in searching for vulnerabilities in web browsers, specifically by fuzzing their font parsing functionality.

The first autonomous source code posture risk score tool.

Tests dynamiques de sécurité (DAST) sous OWASP Zap avec authentification via JWT/bearer token (OpenID Connect/OAuth & Kong)

DevSecOps Framework - Python application

Automates the function name extraction from the list of CVEs of a given SOUP and perform search operation against the static and dynamic function trace database.