cumulus
gotestwaf
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cumulus
-
Show HN: Cumulus – Threat Modeling the Clouds
I am excited to share OWASP Cumulus, a threat modeling card game for IT security in DevOps and cloud projects. Taking strong inspiration from the well-known card games "Elevation of Privilege" and "OWASP Cornucopia" we created a game for threat modeling specifically the Ops part of DevOps projects.
It targets DevOps engineering teams, site reliability engineers and security professionals and gives a lightweight start into threat modeling and security by design.
Please check it out at https://owasp.org/www-project-cumulus/ and contribute via https://github.com/OWASP/cumulus. Let's make this a community project!
gotestwaf
-
Open Source Pentest Tool - GoTestWAF (Need Feedback)
Hi guys! On Blackhat Arsenal 2022 I saw this tool: https://github.com/wallarm/gotestwaf
-
How can I test my WAF
gotestwaf - https://github.com/wallarm/gotestwaf
-
An interesting tool to test WAFs, RASPs and WAAP for application and API attacks (need feedback)
Direct link to project
-
OWASP TOP 10 mapped to AWS Managed Rules
If you are searching for a solution to deploy, update, and stage your Web Application Firewalls while managing them centrally via AWS Firewall Manager take a look at the AWS Firewall Factory tool. AWS Firewall Factory is able to test your deployed firewall using GoTestWAF. GoTestWAF is a tool for API and OWASP attack simulation that supports a wide range of API protocols including REST, GraphQL, gRPC, WebSockets, SOAP, XMLRPC and many more. It was designed to evaluate web application security solutions, such as API security proxies, Web Application Firewalls, IPS, API gateways, etc.
-
Guys, see the types of attacks to bypass the WAF in 6 months (sep 2020 - feb 2021, soon to be in a year). The data was parsed from Twitter | Is there anyone who can confirm the resection results?
Source: https://github.com/waf-bypass-maker/waf-community-bypasses/blob/main/payloads.twitter.csv kudos https://waf-bypass.com that's great, that ALL these payloads are already in an open source tool GoTestWAF https://github.com/wallarm/gotestwaf
What are some alternatives?
api-firewall - Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.
waf-community-bypasses
coraza - OWASP Coraza WAF is a golang modsecurity compatible web application firewall library
Open-Source-Security-Guide - Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
event-generator - Generate a variety of suspect actions that are detected by Falco rulesets
aws-firewall-factory - Easily improve the security of your web applications with aws firewall factory. Protect your valuable assets with seamless WAF deployment, updates, and staging, all efficiently managed centrally with Firewall Manager.
coraza-caddy - OWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities
ipa-medit - Memory modification tool for re-signed ipa supports iOS apps running on iPhone and Apple Silicon Mac without jailbreaking.
terraform-provider-incapsula - This package is a plugin for Terraform, and is designed to be used to auto-provision sites in Incapsula via Incapsula’s API from the terraform cli/yaml configurations.