Views: 6,936 LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks. SQLi and other injection attacks remain the top OWASP and CERT vulnerability. Current detection attempts frequently involve a myriad of regular expressions which are not only brittle and error-prone but also proven by […]
Countermeasures
GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
Views: 3,408 GitLab Watchman is an application that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally – this includes code, commits, wiki pages and more. GitLab Watchman searches GitLab for internally shared projects and looks at: Code Commits Wiki pages Issues Merge requests Milestones For the following data: GCP […]
GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
Views: 2,613 GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security and development teams streamline the configuration process and save time looking for generic bugs and vulnerabilities. The tool consists of individual modules called Detectors, each scanning for a specific vulnerability. Installing and Using GKE Auditor to […]
Sooty – SOC Analyst All-In-One CLI Tool
Views: 10,706 Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process. The main goal of Sooty is to perform as much of the routine checks as possible which allows the analyst more time to spend on deeper analysis. Features of […]
Anteater – CI/CD Security Gate Check Framework
Views: 6,956 Anteater is a CI/CD Security Gate Check Framework to prevent the unwanted merging of nominated strings, filenames, binaries, deprecated functions, staging environment code/credentials etc. It’s main function is to block content based on regular expressions. Anything that can be specified with regular expression syntax, can be sniffed out by Anteater. You tell Anteater […]