ThreatMapper
A runtime threat management and attack path enumeration tool for cloud-native environments
FuzzDB was created to increase the likelihood of finding application security vulnerabilities through dynamic application security testing. It's the first and most comprehensive open dictionary of fault injection patterns, predictable resource locations, and regex for matching server responses. Attack Patterns - FuzzDB contains comprehensive lists of attack payload primitives for fault injection testing. These patterns, categorized by attack and where appropriate platform type, are known to cause issues like OS command injection, directory listings, directory traversals, source exposure, file upload bypass, authentication bypass, XSS, http header crlf injections, SQL injection, NoSQL injection, and more. Discovery - The popularity of standard software packaging distribution formats and installers resulted in resources like logfiles and administrative directories frequently being located in a small number of predictable locations. FuzzDB contains a comprehensive dictionary, sor
A runtime threat management and attack path enumeration tool for cloud-native environments
List of publicly disclosed vulnerabilities with security filters and detailed advisories.
A categorized collection of bug bounty write-ups for various vulnerabilities.
Automates SQL injection detection and exploitation
A collection of resources for securing AWS environments using the CIS Amazon Web Services Foundations Benchmark 1.1
Vulnerable web application for beginners in penetration testing.