Light

Tolga Ünlü photo

tolgadevsec Goto Github PK

followers: 48.0 following: 24.0 repos: 130.0 gists: 2.0

Name: Tolga Ünlü

Type: User

Bio: Development and Security (DevSec), Research in Attack-Aware and Defendable Software Applications

Location: Kempten (Allgäu), Germany

Blog: https://tolgadevsec.github.io

🦜 Hi there, I'm Tolga! 👋

I'm a PhD graduate from the Abertay University where I investigated attack-aware web applications. As part of my research, I have collected repositories of projects, proof of concepts and research work related to application intrusion detection, deception and defence-in-depth mechanisms which you can find here.

I enjoy researching the intersection of software development and security (DevSec), in particular the following areas:

⚔️ Defendable Software Architecture
🎛️ Security Unit Testing
🌱 Software Resilience

You can reach me on LinkedIn or Mastodon.

Tolga Ünlü's Projects

acra

Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.

akita-cli

The Akita CLI for watching network traffic, automatically generating API specs, and diffing API specs.

app-based-ids

Excerpts from my 3rd-year Dissertation Project: An Intrusion Detection System for a Web Application.

applicationintrusiondetection

Application Intrusion Detection projects

ato-checklist

A checklist of practices for organizations dealing with account takeover (ATO)

audit_tripwire

A sample MySQL server plugin to demonstrate how to use audit API events for practical purposes

authtables

AuthTables is a microservice that helps detect "Account Take Over" caused by simple credential theft. If bad actors are stealing your users passwords, AuthTables may be useful.

autocsp

Tool to generate a valid Content Security Policy headers, integrity hashes and inline hashes for your current webpage

awesome-deception

An awesome list of resources on deception-based security with honeypots and honeytokens

behave

Behave! A monitoring browser extension for pages acting as "bad boi"

blackwall

A programmable firewall designed for Node.js, integrate it into your TCP connections or as an Express middleware and program your rules and policies with ease.

cakefuzzer

Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based on specific frameworks with very limited false positives.

canary

Canary: Input Detection and Response

client-puzzle

cpp4webapp

A Demonstration Software Implementation of Client Puzzle Protocols as Countermeasure against Automated Threats to Web Applications

crawler-detect

🕷 CrawlerDetect is a PHP class for detecting bots/crawlers/spiders via the user agent

crawljax-plugins

Crawljax Plugins Mirror

csp-html-webpack-plugin

A plugin which, when combined with HTMLWebpackPlugin, adds CSP tags to the HTML output.

db-errors

Unified node.js error API for mysql, postgres and sqlite3

defence

A simple intrusion detection/prevention system framework written in PHP.

defensive-coding-reloaded---lightning-talk-demo

This is the demo application of my talk "Defensive Coding Reloaded" held at the Securi-Tay 2022 conference in Dundee, Scotland.

deltaforce-python

Custom Python interpretter to use with self defense system

devtools-detect

Detect if DevTools is open and its orientation

django-auto-repair

Django middleware to self repair web services

django-honeypot

🍯 Generic honeypot utilities for use in django projects.

django-middleware-fileuploadvalidation

A Django middleware to validate user file uploads and detect malicious content.

django-paranoia

djangochecker

Research prototype of DjangoChecker

domsanitizer

domtegrity

JavaScript Framework to ensure webpage DOM integrity in presence of a malicious browser extension.

1
2
3
4
5

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.