dsotraining Goto Github PK

altoroj

WARNING: This app contains security vulnerabilities. AltoroJ is a sample banking J2EE web application. It shows what happens when web applications are written with consideration of app functionality but not app security. It's a simple and uncluttered platform for demonstrating and learning more about real-life application security issues.

attack_range

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk

awesome-chaos-engineering

A curated list of Chaos Engineering resources.

awesome-falco

A curated list of Falco related tools, frameworks, blogs, podcasts, and articles

awesome-k8s-security

A curated list for Awesome Kubernetes Security resources

benchmark

OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually exploitable, it’s a fair test for any kind of vulnerability detection tool. For more details on this project, please see the OWASP Benchmark Project home page.

brokencrystals

A Broken Application - Very Vulnerable!

caldera

Scalable Automated Adversary Emulation Platform

checkov-action

cloudgoat

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

dsotraining.github.io

Static site for blogging and other content

ebpf-beginners

The beginner's guide to eBPF

etcd

Distributed reliable key-value store for the most critical data of a distributed system

examples

Examples for "Kubernetes Patterns - Reusable Elements for Designing Cloud-Native Applications"

falco

Cloud Native Runtime Security

juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

kics

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

kube_security_lab

kubecon2021eu

kubernetes-goat

Kubernetes Goat is "Vulnerable by Design" Kubernetes Cluster.

kubernetes_security_specialist_study_guide

learn-cantrill-io-labs

Standard and Advanced Demos for learn.cantrill.io courses

microservices-demo

Sample cloud-native application with 10 microservices showcasing Kubernetes, Istio, gRPC and OpenCensus.

mstg-hacking-playground

oscal

Open Security Controls Assessment Language (OSCAL)

podtato-head

📨🚚 CNCF App Delivery SIG Demo

rest-api-fuzz-testing

REST API Fuzz Testing (RAFT): Source code for self-hosted service developed for Azure, including the API, orchestration engine, and default set of security tools (including MSR's RESTler), that enables developers to embed security tooling into their CI/CD workflows

restler-fuzzer

RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.

scoutsuite

Multi-Cloud Security Auditing Tool

simulator

Kubernetes Security Training Platform - Focussing on security mitigation