Automated Security Testing For REST API's

An open source threat modeling tool from OWASP

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

BI, API and Automation layer for your Engineering Operations data

A DevOps framework for the SDLC with the power of Nix and Flakes. Good for keeping deadlines!

Collection of articles, books, and recommendations for senior-level interviews and assessments

SecHub provides a central API to test software with different security tools.

Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).

sdlc 是一个基于 Go 语言构建的安全漏洞示范平台，旨在促进 DevSecOps 和安全开发生命周期 (SDLC) 实践。它通过模拟常见漏洞来增强开发人员的安全意识，除了可以用于devsecops以外，还可以用于安全行业从事者学习漏洞知识或者渗透知识，代码审计，提供了一个实践和学习的环境。本项目采用了前后端分离的设计模式，其中后端利用了轻量级框架 Gin，而前端则使用了 Vue 3。

Airbyte connectors (sources & destinations) + Airbyte CDK for JavaScript/TypeScript

sdlc_python 是一个基于python语言构建的devsecops平台，旨在促进 DevSecOps 和安全开发生命周期 (SDLC) 实践。它通过模拟常见漏洞来增强开发人员的安全意识(对应sdlc中对开发人员的安全培训)，并且使用了大模型进行代码安全审计（对应sdlc中代码审计阶段），帮助企业进行安全左移。除了用于 DevSecOps 实践外，sdlc_python 还可以用于学习漏洞知识、渗透测试和代码审计。本项目采用了前后端分离的设计模式，其中后端利用了轻量级框架 Flask，而前端则使用了 Vue 3。

Dependency Combobulator

Toolmaker is a lightweight software development life cycle management platform

Desktop variant of OWASP Threat Dragon

The security workflow engine!

♾️ Collection of DevSecOps Notes + Resources + Courses + Tools

Secure SDLC process template

OWASP Ontology-driven Threat Modelling framework

Guide, Roadmap and List of resources for a Software Tester/Quality Assurance/Test Automation Engineer

tools for CI fuzzing automation