Cognito Scanner
A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalation. This repository contains a script which implements three different attacks on Cognito: * Unwanted account creation * Account Oracle * Identity pool escalation Purpose of this repository Cognito is a AWS service which provides a secure and scalable user authentication and access control for web and mobile applications. Parameters needed from AWS? Only the Client ID protected by the Cognito instance.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
ModSecurity is an open-source web application firewall that provides a flexible and scalable way to monitor and control HTTP traffic.
An Application Security Posture Management platform that provides visibility, security controls, and automated workflows across the software development lifecycle from code to cloud.
An educational codelab that demonstrates web application vulnerabilities including XSS, XSRF, and code execution attacks along with their corresponding defensive measures.
StaCoAn is a cross-platform tool for static code analysis on mobile applications, emphasizing the identification of security vulnerabilities.
Cross-site scripting labs for web application security enthusiasts
A vulnerable by design infrastructure on Azure featuring the latest released OWASP Top 10 web application security risks (2021) and other misconfigurations.
A learning and training project demonstrating common configuration errors in cloud environments.
ThreatLocker is an enterprise cybersecurity platform that provides comprehensive endpoint protection and zero-trust security to prevent ransomware, viruses, and other malicious software from running on endpoints.
A popular free security tool for automatically finding security vulnerabilities in web applications
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.