GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → trailofbits → rubysec

trailofbits / rubysec

Licence: other
RubySec Field Guide

Programming Languages

ruby
36898 projects - #4 most used programming language
HTML
75241 projects

Labels

security-audit

Projects that are alternatives of or similar to rubysec

Bettercap
DEPRECATED, bettercap developement moved here: https://github.com/bettercap/bettercap
Stars: ✭ 2,518 (+6041.46%)
Mutual labels:  security-audit
Chat-Bot-Security-Checklist
Chat Bot Security Checklist
Stars: ✭ 20 (-51.22%)
Mutual labels:  security-audit
defcon-26-workshop-attacking-and-auditing-docker-containers
DEF CON 26 Workshop - Attacking & Auditing Docker Containers Using Open Source
Stars: ✭ 102 (+148.78%)
Mutual labels:  security-audit
Cobra
Source Code Security Audit (源代码安全审计)
Stars: ✭ 2,802 (+6734.15%)
Mutual labels:  security-audit
Crumble
Menu driven wordlist generator in C++
Stars: ✭ 19 (-53.66%)
Mutual labels:  security-audit
default-http-login-hunter
Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.
Stars: ✭ 285 (+595.12%)
Mutual labels:  security-audit
Sec Admin
分布式资产安全扫描核心管理系统(弱口令扫描,漏洞扫描)
Stars: ✭ 222 (+441.46%)
Mutual labels:  security-audit
nerfball
Want to see how something like Internet Chemotherapy works without bricking your own vms? This is a jail to reduce the python runtime from doing bad things on the host when running untrusted code. Nerf what you do not need 👾 + 🐛 ⚽ 🏈 🐳
Stars: ✭ 19 (-53.66%)
Mutual labels:  security-audit
dep-scan
Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!
Stars: ✭ 346 (+743.9%)
Mutual labels:  security-audit
pip-audit
Audits Python environments and dependency trees for known vulnerabilities
Stars: ✭ 735 (+1692.68%)
Mutual labels:  security-audit
Rspet
RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.
Stars: ✭ 251 (+512.2%)
Mutual labels:  security-audit
prowler
Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
Stars: ✭ 8,046 (+19524.39%)
Mutual labels:  security-audit
LogESP
Open Source SIEM (Security Information and Event Management system).
Stars: ✭ 162 (+295.12%)
Mutual labels:  security-audit
Filewatcher
A simple auditing utility for macOS
Stars: ✭ 233 (+468.29%)
Mutual labels:  security-audit
cli
The universal GraphQL API and CSPM tool for AWS, Azure, GCP, K8s, and tencent.
Stars: ✭ 811 (+1878.05%)
Mutual labels:  security-audit
Kubestriker
A Blazing fast Security Auditing tool for Kubernetes
Stars: ✭ 213 (+419.51%)
Mutual labels:  security-audit
burp-aem-scanner
Burp Scanner extension to fingerprint and actively scan instances of the Adobe Experience Manager CMS. It checks the website for common misconfigurations and security holes.
Stars: ✭ 60 (+46.34%)
Mutual labels:  security-audit
SharePoint-Security
A Github Repository Created to compliment a BSides Canberra 2018 talk on SharePoint Security.
Stars: ✭ 42 (+2.44%)
Mutual labels:  security-audit
Blowhole
Docker auditing and enumeration script.
Stars: ✭ 21 (-48.78%)
Mutual labels:  security-audit
Jxnet
Jxnet is a Java library for capturing and sending custom network packet buffers with no copies. Jxnet wraps a native packet capture library (libpcap/winpcap/npcap) via JNI (Java Native Interface).
Stars: ✭ 26 (-36.59%)
Mutual labels:  security-audit
View All Similar Projects ➔

Ruby Security Field Guide

Vulnerabilities in Ruby applications have been discovered with the potential to affect vast swathes of the Internet and attract attackers to lucrative targets online.

These vulnerabilities take advantage of features and common idioms such as serialization and deserialization of data in the YAML format. Nearly all large, tested and trusted open-source Ruby projects contain some of these vulnerabilities.

Few developers are aware of the risks.

In these exercises, you’ll cover recent Ruby vulnerabilities classes and their root causes. You’ll see demonstrations and develop real-world exploits. You’ll study the patterns behind the vulnerabilities and develop software engineering strategies to avoid these vulnerabilities in your projects.

You Will Learn

  • The mechanics and root causes of past Rails vulnerabilities
  • Methods for mitigating the impact of deserialization flaws
  • Rootkit techniques for Rack-based applications via YAML deserialization
  • Mitigations techniques for YAML deserialization flaws
  • Defensive Ruby programming techniques
  • Advanced testing techniques and fuzzing with Mutant

We’ve structured this field guide so you can learn as quickly as you want, but if you have questions along the way, contact us. If there’s enough demand, we may even schedule an online lecture.

Now, to work.

-The Trail of Bits Team

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].