《数据安全架构设计与实战》：本书系统性地介绍数据安全架构的设计与实践，融入了作者多年在安全领域积累的实践经验。全书分四大部分，共20章。 第一部分介绍安全架构的基础知识，内容包括安全、数据安全、安全架构、5A方法论、CIA等基本概念,为后续论述奠定基础。 第二部分介绍产品安全架构，内容包括：身份认证、授权、访问控制、审计、资产保护等，讲解如何从源头设计来保障数据安全和隐私安全，防患于未然。 …

Use InSpec to run through the configurations from the OpenStack Security Guide.

APT & CyberCriminal Campaign Collection

A collection of open source and commercial tools that aid in red team operations.

A Python library used to collect shilling detection methods and generate simulated attackers. (for academic use)

blog

A Lightweight High-Performance VPN with Build-in Forward Error Correction Support, Improves your Network Quality on a High-latency Lossy Link, uses same lib as UDPspeeder

Kautilya - Tool for easy use of Human Interface Devices for offensive security and penetration testing.

Catch common Java mistakes as compile-time errors

QCon上海2016幻灯片

Python AST-based static analyzer from OpenStack Security Group

Java 1.8 Parser and Abstract Syntax Tree for Java –

HTML Preview for GitHub Repositories

HTTP Observatory

WebSocket emulation - Javascript client

Coverity Security Library (CSL) is a lightweight set of escaping routines for fixing cross-site scripting (XSS), SQL injection, and other security defects in Java web applications.

The first open source vulnerability scanner for firmwares

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

各种漏洞poc、Exp的收集或编写

BadUSB 2.0 USB-HID MiTM POC

A java agent to generate method mappings to use with the linux `perf` tool

GoLismero - The Web Knife

Platform to host Capture the Flag competitions

dependency tool for go