A collection of publicly released whitepapers
This library was co-developed with a leading financial institution in order to build a single solution for Cross-Site Request Forgery (CSRF) prevention that is flexible enough to deploy firm-wide within diverse Java/J2EE web application environments.
sslscan tests SSL/TLS enabled services to discover supported cipher suites
Deployment checklist for securely deploying Docker
This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.
Rogue AP killer
A portable console aimed at making pentesting with PowerShell a little easier.
Script to test if a server is vulnerable to the JetLeak vulnerability
Utility for converting Findbugs, ESLint and PMD XML results into HP Fortify FPRs
Automated Linux evil maid attack
Custom Fortify SCA rules to detect common JSSE certification validation flaws
Custom security ruleset for the popular Java static analysis tool PMD.
Checklist intended to be used as a baseline for assessing, designing, and testing the security of a MAM (Application Wrapping) solution
This module is used to exploit startup script execution through Windows Group Policy settings when configured to run off of a remote SMB share.
Sample Findbugs custom detector for finding potentially insecure Scala code.
ListLock APK contains the demo APK for the Using Mobile Substrate With Android Applications blog post
This repository contains slide decks and other materials for talks and research presented at various conferences.
Fizzer is an assessment tool for fuzzing FIX messages.
IronWASP module to test security of SSL services. Ported from http://www.bolet.org/TestSSLServer/
wifitap updated for BT5r3
Configurable content-sniffing XSS test bed