Hands-on cloud application security projects focused on WAF operations, observability, architecture guidance, and customer-facing security analysis.
Located in 01-aws-waf-logging-integration-module, this reusable Terraform module provisions AWS WAFv2 protections with:
- AWS managed rule groups aligned to OWASP Top 10 coverage
- Rate limiting, geo-blocking, and explicit IPv4/IPv6 IP allow/block controls
- CloudWatch logging and dashboarding for WAF decisions
- Compliance-focused outputs showing protection coverage and enforcement state
- Environment, sensitivity, and trusted network configuration for repeatable deployments
Status: In progress
See 01-aws-waf-logging-integration-module/README.md for usage, examples, and outputs.
Located in 02-smart-waf-analyzer.
Planned analytics project for ingesting WAF logs, summarizing attack activity, identifying likely false positives, and recommending tuning changes that an analyst or customer success engineer can act on quickly.
Status: Planned
Located in 03-security-architecture-solutions-lab.
Planned architecture and advisory project for OWASP-focused mitigation playbooks, customer scenario walkthroughs, and reference security designs that explain tradeoffs clearly.
Status: Planned
Standalone repository: TerminalsandCoffee/owasp-webapp-security-lab, intentionally published separately rather than nested inside this portfolio repo.
Hands-on OWASP security testing lab built around Juice Shop, AWS, Docker, GitHub Actions, SAST, DAST, container scanning, secrets detection, HTML/PDF reporting, and severity-based build failure thresholds.
Status: In progress