cjzhong Goto Github PK

alios-things

AliOS Things latest version: https://github.com/alibaba/AliOS-Things/tree/rel_3.3.0 Please go to https://aliosthings.iot.aliyun.com to get your minimal code.

altoroj

WARNING: This app contains security vulnerabilities. AltoroJ is a sample banking J2EE web application. It shows what happens when web applications are written with consideration of app functionality but not app security. It's a simple and uncluttered platform for demonstrating and learning more about real-life application security issues.

asvs

Application Security Verification Standard

attack-navigator

Web app that provides basic navigation and annotation of ATT&CK matrices

awesome-threat-modelling

A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

azure-docs.zh-cn

content

Security automation content in SCAP, OSCAL, Bash, Ansible, and other formats

cset

Cybersecurity Evaluation Tool

devguide

The OWASP Guide

djangoreactjs

dojo

embeddedappsec

Embedded AppSec Best Practices

fuzzdb

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

gh-pages-template

Fork this to start your own site or template for free hosting on GitHub Pages

hacktricks

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

iot-security-verification-standard-isvs

OWASP IoT Security Verification Standard (ISVS)

iotgoat

IoTGoat is a deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices.

it-security-guideline

Guideline IT Security

mobile-security-framework-mobsf

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

nodegoat

The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

ocpp

Python implementation of the Open Charge Point Protocol (OCPP).

openwrt

owasp-fstm

The Firmware Security Testing Methodology (FSTM) is composed of nine stages tailored to enable security researchers, software developers, consultants, hobbyists, and Information Security professionals with conducting firmware security assessments.

owasp-masvs

The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.

owasp-mstg

The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security development, testing and reverse engineering.

peach_fuzzing

在学习使用peach进行模糊测试时，搜集到的一些不错的资料，以及配套的一些软件或脚本。

ptf

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

public

samm

SAMM stands for Software Assurance Maturity Model.

seclists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.