How to systematically secure anything: a repository about security engineering

A Java library for parsing and programmatically using threat models

Vavr workshops.

Portable defensive application security and AI-agent security skill for Claude Code, Codex, Gemini, and ChatGPT. Covers OWASP, secure design, secure code review, MCP security, prompt injection, threat modeling, incident response, and hardening.

This repository is a comprehensive collection of notes, insights, and structured information covering various facets of application security.

Enterprise STRIDE threat modeling assessment with DFD analysis, trust boundaries, attack surface evaluation, and mitigation mapping.

Secure enterprise architecture design covering segmentation, layered defense, IAM, logging, and zero trust principles.

Security engineering skill pack for threat surfaces, trust boundaries, secrets, validation, privilege, and secure defaults.

A structured, defense-focused security reference covering physical, cyber, human, and architectural security. Designed as a professional handbook and curriculum emphasizing architecture, procedure, and human behavior over tools.

Reference design: payment gateway flows + risk review + localization.

HBN — Human Brain Net. An open protocol for safe, structured, and evolvable AI-assisted software engineering.

An enterprise-grade, high-security ASP.NET Core Web API Boilerplate built on .NET 10, strictly adhering to the principles of Clean Architecture and software engineering best practices. This template is architected to provide a rock-solid, secure, and production-ready foundation for medium-to-large-scale web applications.

Vavr Validation workshop.

"Practices for the development of secure software" is a project focused on implementing secure software development practices.

Security-focused auth and admin panel demo showing session-based auth, backend RBAC, CSRF protection, rate limiting, account lockout, and audit visibility.