Application Security Engineer Interview QuestionsSome of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Stars: ✭ 267 (-29.55%)
EvabsAn open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.
Stars: ✭ 173 (-54.35%)
volana🌒 Shell command obfuscation to avoid detection systems
Stars: ✭ 38 (-89.97%)
fame modulesCommunity modules for FAME
Stars: ✭ 55 (-85.49%)
apkutila useful utility for android app security testing
Stars: ✭ 52 (-86.28%)
oscp-omnibusA collection of resources I'm using while working toward the OSCP
Stars: ✭ 46 (-87.86%)
dumproidAndroid process memory dump tool without ndk.
Stars: ✭ 55 (-85.49%)
ssc-restapi-clientCommunicate with Fortify Software Security Center through REST API in java, a swagger generated client
Stars: ✭ 13 (-96.57%)
Python-KeyloggerPython Tutorial - || Advanced Keylogger || Code Walk-through || Hacking/Info-Sec ||
Stars: ✭ 55 (-85.49%)
ggtfobinsGet GTFOBins info about a given exploit from the command line
Stars: ✭ 27 (-92.88%)
oss2020The Open Security Summit 2020 is focused on the collaboration between, Developers and Application Security
Stars: ✭ 26 (-93.14%)
vapivAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
Stars: ✭ 674 (+77.84%)
DDTTXDDTTX Tabletop Trainings
Stars: ✭ 22 (-94.2%)
challengesSecurity challenges and CTFs created by the Penultimate team.
Stars: ✭ 13 (-96.57%)
gwdomainssub domain wild card filtering tool
Stars: ✭ 38 (-89.97%)
Bucket-FlawsBucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations
Stars: ✭ 43 (-88.65%)
flaskbombGZip HTTP Bombing in Python for everyone
Stars: ✭ 30 (-92.08%)
allsafeIntentionally vulnerable Android application.
Stars: ✭ 135 (-64.38%)
jawfishTool for breaking into web applications.
Stars: ✭ 84 (-77.84%)
SubcertSubcert is an subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.
Stars: ✭ 58 (-84.7%)
nerdbugFull Nuclei automation script with logic explanation.
Stars: ✭ 153 (-59.63%)
ronin-supportA support library for Ronin. Like activesupport, but for hacking!
Stars: ✭ 23 (-93.93%)
android-webauthn-authenticatorA WebAuthn Authenticator for Android leveraging hardware-backed key storage and biometric user verification.
Stars: ✭ 101 (-73.35%)
aa-policy-validatorValidate all your Customer IAM Policies against AWS Access Analyzer - Policy Validation
Stars: ✭ 42 (-88.92%)
AstraAstra is a tool to find URLs and secrets inside a webpage/files
Stars: ✭ 187 (-50.66%)
honeykuA Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens).
Stars: ✭ 56 (-85.22%)
juumla🦁 Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and search for config or backup files.
Stars: ✭ 107 (-71.77%)
TIWAPTotally Insecure Web Application Project (TIWAP)
Stars: ✭ 137 (-63.85%)
diwaA Deliberately Insecure Web Application
Stars: ✭ 32 (-91.56%)
goverviewgoverview - Get an overview of the list of URLs
Stars: ✭ 93 (-75.46%)
rawsec-cybersecurity-inventoryAn inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.
Stars: ✭ 153 (-59.63%)
pyetiPython bindings for Yeti's API
Stars: ✭ 15 (-96.04%)
nozzlrNozzlr is a bruteforce framework, trully modular and script-friendly
Stars: ✭ 60 (-84.17%)
doraFind exposed API keys based on RegEx and get exploitation methods for some of keys that are found
Stars: ✭ 229 (-39.58%)
maalikFeature-rich Post Exploitation Framework with Network Pivoting capabilities.
Stars: ✭ 75 (-80.21%)
termux-snippetsAn integrated tool and a collection of snippets which helps in the various aspects of the terminal.
Stars: ✭ 28 (-92.61%)
EDRHuntScan installed EDRs and AVs on Windows
Stars: ✭ 406 (+7.12%)
urldedupePass in a list of URLs with query strings, get back a unique list of URLs and query string combinations
Stars: ✭ 208 (-45.12%)
1earnffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
Stars: ✭ 3,715 (+880.21%)
mobileAuditDjango application that performs SAST and Malware Analysis for Android APKs
Stars: ✭ 140 (-63.06%)
pitchThe initial conversation slides and menu of scenarios
Stars: ✭ 37 (-90.24%)
pwn-pulseExploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)
Stars: ✭ 126 (-66.75%)
ArgosThis script will automatically set up an OSINT workstation starting from a Ubuntu OS.
Stars: ✭ 73 (-80.74%)
sandboxed-fsSandboxed Wrapper for Node.js File System API
Stars: ✭ 41 (-89.18%)
wildpwnunix wildcard attacks
Stars: ✭ 119 (-68.6%)
haiti🔑 Hash type identifier (CLI & lib)
Stars: ✭ 287 (-24.27%)
JiraffeOne stop place for exploiting Jira instances in your proximity
Stars: ✭ 157 (-58.58%)
fingerprintjs-androidSwiss army knife for identifying and fingerprinting Android devices.
Stars: ✭ 336 (-11.35%)
reconmapVulnerability assessment and penetration testing automation and reporting platform for teams.
Stars: ✭ 242 (-36.15%)