terragoat
Vulnerability simulator
A training project that demonstrates how common configuration errors can be introduced into cloud infrastructure to test secure development best practices
TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
1k stars
24 watching
2k forks
Language: HCL
last commit: 5 months ago
Linked from 3 awesome lists
aws-securityazure-securitycloud-securitydevsecopsgcp-securitygoatterraform
4ndersonlin/awesome-cloud-security
jakobthedev/awesome-devsecops
vavkamil/awesome-vulnerable-appsRelated projects:
| Repository | Description | Stars |
|---|---|---|
| bridgecrewio/cfngoat | A training project demonstrating how common configuration errors can lead to production cloud environment issues | 92 |
 hxsecurity/terraformgoat | A multi-cloud deployment tool designed to test and demonstrate the vulnerability of cloud infrastructure configurations | 541 |
| bridgecrewio/cdkgoat | Demonstrates how common configuration errors can lead to production cloud misconfigurations | 44 |
 tenable/cnappgoat | A tool for creating and managing vulnerable environments in cloud computing platforms. | 269 |
 rhinosecuritylabs/cloudgoat | An AWS deployment tool designed to provide intentionally vulnerable cloud infrastructure for hands-on learning and penetration testing. | 2,991 |
 ine-labs/azuregoat | A vulnerable Azure infrastructure simulator used to demonstrate and practice cloud security vulnerabilities | 801 |
 owasp/iotgoat | A deliberately insecure firmware designed to test common vulnerabilities in IoT devices | 717 |
| bridgecrewio/checkov | An automated tool for identifying security and compliance vulnerabilities in cloud infrastructure and software packages. | 7,214 |
| owasp/nodegoat | An environment to learn about OWASP Top 10 security risks in Node.js web applications | 1,895 |
| owasp/webgoat.net | A penetration testing tool designed to simulate real-world web application vulnerabilities. | 69 |
 scriptingxss/iotgoat | A deliberately insecure firmware project designed to test common IoT vulnerabilities | 181 |
| tenable/terrascan | Detects security vulnerabilities and compliance issues in infrastructure code before provisioning cloud-native infrastructure. | 4,779 |
 jerryhoff/webgoat.net | An educational web application designed to demonstrate common web security flaws and their countermeasures. | 226 |
 metarget/metarget | A framework for automating the construction of vulnerable cloud-native infrastructure | 1,113 |
 cycloidio/terracognita | Converts existing cloud infrastructure into Terraform configuration | 2,221 |