🔒 Build a secure application with robust authentication and authorization using Spring Boot and Angular, ensuring safe user roles and access control.

Scanner HAR avec intégration OWASP ZAP : corrélation captures HAR et scan dynamique

OWASP VulnerableApp Project: Break it. Scan it. Reproduce it. Improve it.

This cloud-native order processing system demonstrates modern microservices architecture with a security-first approach. Built as a comprehensive learning project to master containerization, orchestration, backend development, and cloud security practices.

Pluggable backends for Go, Java and Python. Can be consumed by bcgov/quickstart-openshift.

A comprehensive, Docker-based security scanning toolkit for web applications. Run multiple industry-standard security tools with a single command.

QuickStart template targeted for OpenShift. Includes a starter app.

Automated CI/CD security pipeline with SAST, SCA, container scanning, and DAST demonstrating shift-left security principles

VulnerableApp-facade is probably most modern lightweight distributed farm of Vulnerable Applications built for handling wide range of vulnerabilities across tech stacks.

ZAP plugin for the Dradis Framework

Production-grade Playwright + TypeScript QA framework with AI-powered testing, LLM-as-Judge evaluation, MCP server, 7 CLI agents, security fuzzing, CI/CD pipelines, Jira sync, and Slack reporting — zero-config, plug-and-play.

Open-source network inventory & vulnerability scanning platform — ARP discovery, port scanning, ZAP DAST, Nuclei, Trivy, testssl.sh, SSH CVE audit, compliance (ISO 27001/NIS2/ANSSI). Tactical dark-theme dashboard. 180+ API endpoints. Docker-ready.

Software security assessment portfolio covering buffer overflow exploitation, STRIDE threat modelling, static analysis with Semgrep, dynamic testing with OWASP ZAP and Burp Suite, and SBOM compliance mapping with Syft and Grype.

Cyber Security Task 1 – Vulnerability Assessment Report

Simple web interface for zaproxy OWASP scanner

Vulnerability Assessment Report for a Live Website (Read-Only Scope)

DevSecOps Command Center for the IT Security & Privacy (SPTI) seminar at Escuela Colombiana de Ingeniería Julio Garavito. This project secures the LogiFlow platform through a full Shift-Left (SAST/SCA) and Shift-Right (DAST/Falco) lifecycle. An enterprise-grade monitoring stack with Prometheus, Grafana, and Loki for real-time threat detection.

Apiops low code with ui for life cycle

Enterprise-grade DevSecOps CI/CD pipeline — Gitleaks, pip-audit, Bandit, SonarCloud, OWASP ZAP, Trivy, SBOM, 3-environment deploy with manual approval gate

A fully self-contained Docker image that orchestrates 20 security tools — Nuclei, ZAP, Dalfox, Arjun, WPScan, sqlmap, Nikto, testssl.sh, Shodan, and more — into a single 16-step scan pipeline. Passive recon, parameter discovery, XSS, SQLi, secrets detection, and full vulnerability coverage with one command.