Open-Source-Security-Guide
gotestwaf
Open-Source-Security-Guide | gotestwaf | |
---|---|---|
23 | 5 | |
852 | 1,410 | |
- | 1.8% | |
6.4 | 7.1 | |
4 months ago | 10 days ago | |
Go | Go | |
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Open-Source-Security-Guide
-
Degree vs Certifications
Cyber Security is one of the biggest needs in the industry right now as well. This Github has a lot of information for all the different areas.
-
Open Source Security Development
Useful Tools and Resources for those getting into IT Security development such as Security Standards, Frameworks, Threat Models, Encryption, and Benchmarks.
-
Open Source Security Guide
Useful Tools and Resources for Open Source Security development.
I found this useful Open Source Security Guide. I thought I'd share for anyone that's interested .
-
New to Forensics, Drop some Forensics tools/training content
Open sourse OS that comes preintalled with lots of tools we use includijg a software write blocker. Best for investigating an image of an infected device. https://tsurugi-linux.org/ IR plan https://github.com/guardsight/gsvsoc_cybersecurity-incident-response-plan Very detailed IR battle cards https://github.com/guardsight/gsvsoc_cirt-playbook-battle-cards IR focused guide that lists lots of helpful tools and resources, like things to use for reverse engineering. https://github.com/mikeroyal/Open-Source-Security-Guide
-
Useful Security Guide
Found a useful set of Tools, Programs, and Learning Resources for Security. It covers Security Standards, Frameworks, Benchmarks , and Networking.
- Found a useful Open Source Security Guide
- Found a useful Security Guide
gotestwaf
-
Open Source Pentest Tool - GoTestWAF (Need Feedback)
Hi guys! On Blackhat Arsenal 2022 I saw this tool: https://github.com/wallarm/gotestwaf
-
How can I test my WAF
gotestwaf - https://github.com/wallarm/gotestwaf
-
An interesting tool to test WAFs, RASPs and WAAP for application and API attacks (need feedback)
Direct link to project
-
OWASP TOP 10 mapped to AWS Managed Rules
If you are searching for a solution to deploy, update, and stage your Web Application Firewalls while managing them centrally via AWS Firewall Manager take a look at the AWS Firewall Factory tool. AWS Firewall Factory is able to test your deployed firewall using GoTestWAF. GoTestWAF is a tool for API and OWASP attack simulation that supports a wide range of API protocols including REST, GraphQL, gRPC, WebSockets, SOAP, XMLRPC and many more. It was designed to evaluate web application security solutions, such as API security proxies, Web Application Firewalls, IPS, API gateways, etc.
-
Guys, see the types of attacks to bypass the WAF in 6 months (sep 2020 - feb 2021, soon to be in a year). The data was parsed from Twitter | Is there anyone who can confirm the resection results?
Source: https://github.com/waf-bypass-maker/waf-community-bypasses/blob/main/payloads.twitter.csv kudos https://waf-bypass.com that's great, that ALL these payloads are already in an open source tool GoTestWAF https://github.com/wallarm/gotestwaf
What are some alternatives?
dependency-track - Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
api-firewall - Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.
mutillidae - OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.
waf-community-bypasses
gsvsoc_cirt-playbook-battle-cards - Cyber Incident Response Team Playbook Battle Cards
coraza - OWASP Coraza WAF is a golang modsecurity compatible web application firewall library
secureCodeBox - secureCodeBox (SCB) - continuous secure delivery out of the box
event-generator - Generate a variety of suspect actions that are detected by Falco rulesets
bulk_extractor - This is the development tree. Production downloads are at:
aws-firewall-factory - Easily improve the security of your web applications with aws firewall factory. Protect your valuable assets with seamless WAF deployment, updates, and staging, all efficiently managed centrally with Firewall Manager.
slsa-github-generator - Language-agnostic SLSA provenance generation for Github Actions
coraza-caddy - OWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities