Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations
An educational, lab-only Flask security project demonstrating how weak authentication logic can be broken in practice. Includes an intentionally vulnerable local login page and a simulated brute-force attacker script to show credential stuffing, missing rate limits, and plain-text passwords—paired with concrete guidance on hardening real-world app.
This repository contains OWASP Top 10 CTF challenges designed to test your skills in web application security. Each category includes both "easy" and "hard" challenges.
A demonstration lab showing the risks and exploitation techniques for hardcoded encryption keys in client-side JavaScript. This educational repository provides a hands-on approach to understanding how exposed keys can be used to intercept, decrypt, and manipulate encrypted web communications, including bypassing security controls like OTP.
open source and free tools for bug and vulnerability discovery
Little python script to generate random passwords that meets certain requirements, to help solve the "Login Support Team" challenge from OWASP Juice Shop
Curso de OWASP Top 10: de Injections a monitoramento.
Add a description, image, and links to the security-misconfiguration topic page so that developers can more easily learn about it.
To associate your repository with the security-misconfiguration topic, visit your repo's landing page and select "manage topics."