snync
When you manage private open source packages, for reasons such as keeping intellectual property private, then these packages will be hosted and served via private registries, or require authorization. By definition, these packages won't exist on public registries. However, when a package name is used without a reserved namespace (also known as a scope in npm, for example), they are often free to be registered by any other user on the Internet and create a potential Dependency Confusion attack vector. The attack manifests due to a mix of user misconfiguration, and bad design of package managers, which will cause the download of the package from the public registry, instead of the private registry. This tool detects two types of potential Dependency Confusion compromises: - Vulnerable - Suspicious Vulnerable: A case of actual vulnerable package is when a package name is detected to be used in a project, but the same package name is not registered on the public registry.
FEATURES
ALTERNATIVES
Integrates static APK analysis with Yara and requires re-compilation of Yara with the androguard module.
Backslash Security is an application security platform that uses reachability analysis to enhance SAST and SCA, prioritize vulnerabilities, and provide remediation guidance.
Goof is a vulnerable Node.js demo application that includes a series of vulnerabilities and exploits
Insider is a source code analysis tool focusing on OWASP Top 10 vulnerabilities with easy integration into DevOps pipelines.
XSS Polyglot Challenge - XSS payload running in multiple contexts for testing XSS.
A simple Swagger-ui scanner that detects old versions vulnerable to various XSS attacks
Kiterunner is a tool for lightning-fast traditional content discovery and bruteforcing API endpoints in modern applications.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Check Point CloudGuard WAF
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.