Scans your Github Actions for security issues

A dev repo for the Contrast AI SmartFix GitHub action

Autoconfigured ELK Stack That Contains All EPSS and NVD CVE Data

Checklist of the most important security countermeasures when designing, testing, and releasing your API

Contextual Content Discovery Tool

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

This is a step-by-step guide to implementing a DevSecOps program for any size organization

OWASP Domain Protect - prevent subdomain takeover

Tool to iterate through an AWS account in a single region and generate both a Terraform state file and configuration. More info in blog post.

A docker container to simplify and secure the use of Infrastructure as Code (IaC)

Just as we create cybersecurity systems according to Design and Engineering Principles, the Handbook authors believed we should offer something similar to our audience of practitioners.

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp