Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations
A hands-on security lab demonstrating how weak authentication code can be exploited and how to harden it. Includes a vulnerable Flask login page and an attacker script to simulate brute-force credential stuffing. Learn common auth flaws, defensive coding practices, and concrete steps to secure real-world apps.
This repository contains OWASP Top 10 CTF challenges designed to test your skills in web application security. Each category includes both "easy" and "hard" challenges.
A demonstration lab showing the risks and exploitation techniques for hardcoded encryption keys in client-side JavaScript. This educational repository provides a hands-on approach to understanding how exposed keys can be used to intercept, decrypt, and manipulate encrypted web communications, including bypassing security controls like OTP.
🔭 JWTelescope is an advanced CLI tool for decoding, inspecting, and performing security analysis on JSON Web Tokens (JWTs). It is designed for bug bounty hunters, pentesters, and developers who want fast insight into JWT structure, claims, and common misconfigurations.
open source and free tools for bug and vulnerability discovery
Little python script to generate random passwords that meets certain requirements, to help solve the "Login Support Team" challenge from OWASP Juice Shop
Curso de OWASP Top 10: de Injections a monitoramento.
Add a description, image, and links to the security-misconfiguration topic page so that developers can more easily learn about it.
To associate your repository with the security-misconfiguration topic, visit your repo's landing page and select "manage topics."