we45/ThreatPlaybook

Stars
271
Rank 151,717 (Top 3 %)
Language
Python
Created over 6 years ago
Updated 2 months ago

we45/ThreatPlaybook

we45

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration

ThreatPlaybook

This is version 3 (beta)

What it was:

A (relatively) Unopinionated framework that faciliates Threat Modeling as Code married with Application Security Automation on a single Fabric

What it is now:

A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration

Brought to you proudly by

DVFaaS-Damn-Vulnerable-Functions-as-a-Service

Intentionally Vulnerable Serverless Functions to understand the specifics of Serverless Security Vulnerabilities

ZAP-Mini-Workshop

Interactive IPython Notebook to demonstrate OWASP ZAP's API and Scripting Functions - OWASP ZAP 2.8.0

Jupyter Notebook

RoboZap

orchestron-community

Orchestron is an Application Vulnerability Management and Correlation Tool.Orchestron helps you solve one key problem "Find and fix vulnerabilities early in the lifecycle"

Vulnerable-Flask-App

Intentionally Vulnerable Flask app for use in Demos

Serverless-Workshop

Serverless Workshop

container_training

Container Security and Serverless Training

defcon26

DEFCON-26 Workshop Lab Exercises

AppSecEssentials

Gauge-OWASP-ZAP

Example of using Gauge and OWASP ZAP for test automation

AWS-KMS-Tour

AWS KMS Tour for secrets code

Jupyter Notebook

Cut-The-Funds-NodeJS

2018 - Vulnerable App for Demos/Training and Workshops

Robosec

Robot Framework Security Automation Script

Nightwatch-ZAP

Example of OWASP ZAP Integration with NightwatchJS Test

csp-flask

Automation_Scripts

This directory is a repository of scripts written in Python that helps you automate different aspects of security testing in a testing cycle.

ThreatPlaybook-Example

RoboBurp2

Robot Framework Library for BurpSuite 2.X

AppSecEngineerCSPIntro

Introduction to Content-Security-Policy

RoboMobSF

Robot Framework Library for MobSF (SAST) Tool

terraform-check

Repo that uses Checkov with Github Actions as an example

RoboArachni

Robot Framework Arachni Scanner

OWASP-ZAP-JSON-RPC-Service

RoboBucketeer

Robot Framework Library for Buckteer - S3 Buckets & Subdomain Enumeration

container_security

RoboPyPipeline

Robot Framework Python Pipeline example

kubernetes-ci

zap-workshop

Jupyter Notebook

djangocon-2018

gitlab-pr-scanner

SAST and SCA Scanning tool for Gitlab Merge Requests

ThreatPlaybook-Client

RoboBandit

Robot Framework bindings for Python's Bandit SAST tool

we45-Public-Presentations

Presentations of the we45 Team at various events around the world

xml-files

RoboDnsRecon

Robot Framework Library for DNS Recon

python-step-functions-example

RoboDepCheck

Robot Framework Library for OWASP Dependency Check

RoboSslyze

Robot Framework Library for Python's SSlyze Library

RoboNpmAudit

Robot Framework Library for NPM Audit Source Composition Analysis

RoboTestSSL

Robot Framework Library for TestSSL

DevSecCon2019

vulnerable_xss

orchy-webhook_burpextender

Burp Extender for Orchestron Webhook

ringpass

Trivially Simple Password/Secrets Manager backed by Keyrings

jenkins-secdevops

RoboNodeJSScan

Robot Framework Library for NodeJSScan

serverless-training-apps

ThreatPlaybook-ClientV3

Golang client for ThreatPlaybookV3 and above

oss-live-code

serverless-ci