Autodesk / Continuous Threat Modeling
Licence: other
A Continuous Threat Modeling methodology
Stars: ✭ 138
Labels
Projects that are alternatives of or similar to Continuous Threat Modeling
Autorize
Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests
Stars: ✭ 406 (+194.2%)
Mutual labels: application-security
Awesome Php Security
Awesome PHP Security Resources 🕶🐘🔐
Stars: ✭ 666 (+382.61%)
Mutual labels: application-security
Content
Security automation content in SCAP, OSCAL, Bash, Ansible, and other formats
Stars: ✭ 1,219 (+783.33%)
Mutual labels: application-security
Awesome Nginx Security
🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)
Stars: ✭ 417 (+202.17%)
Mutual labels: application-security
Jackhammer
Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
Stars: ✭ 633 (+358.7%)
Mutual labels: application-security
Janusec
Janusec Application Gateway, Provides Fast and Secure Application Delivery. JANUSEC应用网关,提供快速、安全的应用交付。
Stars: ✭ 771 (+458.7%)
Mutual labels: application-security
Watchdog
Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Stars: ✭ 345 (+150%)
Mutual labels: application-security
Securityrat
OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development
Stars: ✭ 115 (-16.67%)
Mutual labels: application-security
Command Injection Payload List
🎯 Command Injection Payload List
Stars: ✭ 658 (+376.81%)
Mutual labels: application-security
Vyapi
VyAPI - A cloud based vulnerable hybrid Android App
Stars: ✭ 75 (-45.65%)
Mutual labels: application-security
Airship
Secure Content Management for the Modern Web - "The sky is only the beginning"
Stars: ✭ 422 (+205.8%)
Mutual labels: application-security
Awesome Appsec
A curated list of resources for learning about application security
Stars: ✭ 4,761 (+3350%)
Mutual labels: application-security
Ossa
Open-Source Security Architecture | 开源安全架构
Stars: ✭ 796 (+476.81%)
Mutual labels: application-security
Grab N Run
Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.
Stars: ✭ 413 (+199.28%)
Mutual labels: application-security
Mssqli Duet
SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing
Stars: ✭ 82 (-40.58%)
Mutual labels: application-security
Taipan
Web application vulnerability scanner
Stars: ✭ 359 (+160.14%)
Mutual labels: application-security
Breaking And Pwning Apps And Servers Aws Azure Training
Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!
Stars: ✭ 749 (+442.75%)
Mutual labels: application-security
Xvwa
XVWA is intentionally designed with many security flaws and enough technical ground to upskill application security knowledge. This whole idea is to evangelize web application security issues. Do let us know your suggestions for improvement or any more vulnerability you would like to see in XVWA future releases.
Stars: ✭ 1,540 (+1015.94%)
Mutual labels: application-security
Bulwark
An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
Stars: ✭ 113 (-18.12%)
Mutual labels: application-security
Androl4b
A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
Stars: ✭ 908 (+557.97%)
Mutual labels: application-security
Continuous Threat Modeling
CTM is Autodesk's threat modeling methodology enabling development teams to perform threat modeling with minimal initial security knowledge and lesser dependency on security experts. It is an evolutionary, dynamic methodology that should mesh well with teams using Agile and evolving system architectures.
Contributing
All manner of contributions are welcome. The methodology is still relatively young, and emphasis has been placed on simplicity, return-on-investment and building a developer-friendly workflow. We are looking for contributions on the security principles, secure development checklist, and community support - as well as win or less-successful cases, improvement and modification suggestions.
Guidelines
- Changes are welcome via pull request and we look forward to working with you on changes!
- Use informative commit messages and pull request descriptions.
- Keep style consistent.
- Keep things simple. We are aiming for immediate results and a steady learning curve for developers, making every interaction with the methodology smoother and more rewarding (in terms of number and quality of findings) than the previous.
- Focus on principles. We are not looking at the small feature of that obscure web framework, rather, we are looking at principles that help developers build an over-arching understanding of security.
Background
For background information on how Autodesk uses the Handbook and Checklist for Continuous Threat Modeling, see "Threat Modeling Every Story: Practical Continuous Threat Modeling For Your Team".
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].