jit-access
wrongsecrets
jit-access | wrongsecrets | |
---|---|---|
1 | 3 | |
221 | 1,155 | |
6.3% | 6.5% | |
9.2 | 9.9 | |
5 days ago | 11 days ago | |
Java | Java | |
Apache License 2.0 | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
jit-access
-
access control | database
Most IAM resources on Google Cloud have time boxing built in and you can control access to resources that way. Google have a self serve application that devs can use to get access, see: https://github.com/GoogleCloudPlatform/jit-access
wrongsecrets
- How to Not Use Secrets
-
Don't Tackle Security Alone: A Beginner's Guide To OWASP
OWASP WrongSecrets
-
Why WrongSecrets moved to the OWASP Github Organization
After 1 year of active development under my personal Github Id commjoen, it is time to migrate our OWASP project WrongSecrets to the OWASP Github organization.
What are some alternatives?
Application-Gateway - OWASP Application Gateway is an HTTP proxy that handles Oauth2 authentication and session management
WebGoat - WebGoat is a deliberately insecure application
magpie - A Cloud Security Posture Manager or CSPM with a focus on security analysis for the modern cloud stack and a focus on the emerging threat landscape such as cloud ransomware and supply chain attacks.
trufflehog - Find and verify secrets
bank-of-anthos - Retail banking sample application showcasing Kubernetes and Google Cloud
juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
auth - A GitHub Action for authenticating to Google Cloud.
gitleaks - Protect and discover secrets using Gitleaks 🔑
wrongsecrets - Vulnerable app with examples showing how to not use secrets [Moved to: https://github.com/OWASP/wrongsecrets]
envless - OpenSource, frictionless and secure way to share and manage app secrets across teams.
CheatSheetSeries - The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Keywhiz - A system for distributing and managing secrets