Operate and manipulate physical quantities in Python

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

An example documentation site using the Docsy Hugo theme

This project empowers defenders with independent data on which native security controls of leading technology platforms are most useful in defending against the adversary TTPs they care about.

Sample DevSecOps pipelines (heavily biased on the "Sec") for various stacks and tools using open-source security tools and AWS native services

Python library for reading/writing compliance as code

An attempt at creating a unifying Threat Model Definition Language using a declarative syntax with cuelang

Automate the creation of a System Security Plan (SSP)

Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator

Publish a machine readable version of the ARS standards to facilitate compliance as code efforts.

A Packer build for Windows 10

Terraform samples for all the major clouds you can copy and paste. The future, co-created.

Sets up Terraform CLI in your GitHub Actions workflow.

Serverless Workshop

An InSpec input source plugin for HashiCorp Vault

InSpec profile baseline to automate manual controls of CMS ARS 3.1, validating any/all of its 489 security controls.

InSpec: Auditing and Testing Framework

This project is about creating and publishing threat model examples.

Download packages from releases.hashicorp.com

Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.

web security checklist for Firefox Services