CSG's mandate is to protect the Singapore Government's ICT systems. The code we share here can help keep you safer too.
Autowasp. BurpSuite Extension: A one-stop pen testing checklist and logger tool
76ProxyAgent. Java
67PaddingOracleHunter. Python
17Biometric-Authentication-Android-App. This project aims to educate developers to implement secure local biometric authentication on Android devices
7stack-the-flags-2020.
6govtech-csg-xcg-securefileupload. Django middleware to validate user file uploads, detect specially crafted media files with malicious intent and block them.
2govtech-csg-xcg-dangerousfunctions. This package contains a Django application that nullifies the effects of unsafe Python or Django functions (e.g. os.system), and logs all invocations of dangerous functions by default.
2xenomorph-config-extractor. This project aims to demonstrate static and automated malware analysis on Xenomorph APK malware. This repository contains decryption codes and static configuration extractor for Xenomorph APK malware.
1govtech-csg-xcg-viewpermissions. Package that modifies Django's default behaviour such that all views are "private" by default (i.e. inaccessible to all, whether authenticated or not). Acts as an extra layer of defense against coding mistakes or misconfigurations.
1govtech-csg-xcg-securemodelpkid. Package that generates random primary keys for Django model objects to help prevent IDOR vulnerabilities.
1govtech-csg-xcg-modelpermissions. Provides functionality to enforce permissions checks on users when they attempt to perform actions on a Django `Model` object (e.g. if a request accesses a view that tries to read a set of objects from the database).
1govtech-csg-xcg-secretsmanager. Package that provides integration between Django and AWS Secrets Manager for the management of DB credentials (MySQL and PostgreSQL) and Django secret key.
1security-advisories. HTML
1govtech-csg-xcg-dangerousrequests. Package containing a Django app that protects your application against dangerous requests (SSRF).
1