Interactive Jupyter demo of Prisma AIRS detecting pickle deserialization attacks (CWE-502) in ML models. Educational security demonstration with ROI analysis.
A simple demo project for Spring Security
Live PoC: MCP attacks that compromise AI agents mid-session and how to block them in a few lines of code.
💥 ServerSideTemplateInjection (SSTI) Demo with Flask A simple Flask app to demonstrate Server-Side Template Injection vulnerabilities — useful for learning, testing, and understanding how SSTI works and how to avoid it.
Ready-to-use GitHub Copilot demo kit with intentional bugs, TODOs, and security vulnerabilities. Complete test suite (227+ tests, 93% coverage) + reset script for live test generation demos. Perfect for trainers showcasing AI-assisted development.
Wishlist Member Arbitrary File Read via Directory Travesal <= 3.25.1
Retail / e-commerce demo — intentionally vulnerable. Part of DevSecAI/arko-demos. Do not deploy.
Logistics / fleet-tracking demo — intentionally vulnerable. Part of DevSecAI/arko-demos. Do not deploy.
ARKO Coverage Demos — a 10-application corpus that validates the ARKO decision engine across SAST, IaC, SCA, SBOM, and pipeline-misconfig detection. Each app is deliberately vulnerable for security tool testing.
Insurance / underwriting demo — intentionally vulnerable. Part of DevSecAI/arko-demos. Do not deploy.
Web app demo for digital document signing and verification. Features RSA-PSS (SHA-512) cryptography and QR code embedding for physical-to-digital validation. Developed for DIF Jalisco @ Tec de Monterrey.
Energy / smart-grid demo — intentionally vulnerable. Part of DevSecAI/arko-demos. Do not deploy.
Demo‑only non‑custodial stablecoin vault with commit–reveal claims.
Intentionally vulnerable AWS Bedrock chat app for Prisma AIRS Red Teaming demos, with optional AIRS Runtime Security overlay for before/after testing.
PIN security demo with Quarkus + PostgreSQL + Argon2id (pepper versioning) and an interactive Go Bubble Tea TUI for API workflows.
GovTech / digital-identity demo — intentionally vulnerable. Part of DevSecAI/arko-demos. Do not deploy.
Healthcare / EHR demo — intentionally vulnerable. Part of DevSecAI/arko-demos. Do not deploy.
Pharma / clinical-trials demo — intentionally vulnerable. Part of DevSecAI/arko-demos. Do not deploy.
Spring Security demo project with custom SecurityFilterChain, role-based access, and integration tests
Fintech / payments demo — intentionally vulnerable. Part of DevSecAI/arko-demos. Do not deploy.
Add a description, image, and links to the security-demo topic page so that developers can more easily learn about it.
To associate your repository with the security-demo topic, visit your repo's landing page and select "manage topics."