Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations
This repository contains OWASP Top 10 CTF challenges designed to test your skills in web application security. Each category includes both "easy" and "hard" challenges.
A demonstration lab showing the risks and exploitation techniques for hardcoded encryption keys in client-side JavaScript. This educational repository provides a hands-on approach to understanding how exposed keys can be used to intercept, decrypt, and manipulate encrypted web communications, including bypassing security controls like OTP.
open source and free tools for bug and vulnerability discovery
🔭 JWTelescope is an advanced CLI tool for decoding, inspecting, and performing security analysis on JSON Web Tokens (JWTs). It is designed for bug bounty hunters, pentesters, and developers who want fast insight into JWT structure, claims, and common misconfigurations.
TryHackMe walkthrough demonstrating real-world exploitation and mitigation of critical API security flaws (Mass Assignment to Logging & Monitoring).
Little python script to generate random passwords that meets certain requirements, to help solve the "Login Support Team" challenge from OWASP Juice Shop
Testing misconfiguration practices.
Curso de OWASP Top 10: de Injections a monitoramento.
AppSec engineering portfolio: OWASP Top 10 case studies in Python & PHP (threat → repro → impact → fix → tests) plus Secure SDLC & AWS security notes.
Add a description, image, and links to the security-misconfiguration topic page so that developers can more easily learn about it.
To associate your repository with the security-misconfiguration topic, visit your repo's landing page and select "manage topics."