wrongsecrets
jit-access
wrongsecrets | jit-access | |
---|---|---|
3 | 1 | |
1,166 | 230 | |
4.2% | 7.0% | |
9.9 | 9.3 | |
13 days ago | 4 days ago | |
Java | Java | |
GNU Affero General Public License v3.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
wrongsecrets
- How to Not Use Secrets
-
Don't Tackle Security Alone: A Beginner's Guide To OWASP
OWASP WrongSecrets
-
Why WrongSecrets moved to the OWASP Github Organization
After 1 year of active development under my personal Github Id commjoen, it is time to migrate our OWASP project WrongSecrets to the OWASP Github organization.
jit-access
-
access control | database
Most IAM resources on Google Cloud have time boxing built in and you can control access to resources that way. Google have a self serve application that devs can use to get access, see: https://github.com/GoogleCloudPlatform/jit-access
What are some alternatives?
WebGoat - WebGoat is a deliberately insecure application
Application-Gateway - OWASP Application Gateway is an HTTP proxy that handles Oauth2 authentication and session management
trufflehog - Find and verify secrets
magpie - A Cloud Security Posture Manager or CSPM with a focus on security analysis for the modern cloud stack and a focus on the emerging threat landscape such as cloud ransomware and supply chain attacks.
juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
bank-of-anthos - Retail banking sample application showcasing Kubernetes and Google Cloud
gitleaks - Protect and discover secrets using Gitleaks 🔑
auth - A GitHub Action for authenticating to Google Cloud.
envless - OpenSource, frictionless and secure way to share and manage app secrets across teams.
wrongsecrets - Vulnerable app with examples showing how to not use secrets [Moved to: https://github.com/OWASP/wrongsecrets]
CheatSheetSeries - The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Keywhiz - A system for distributing and managing secrets