hahwul/DevSecOps

Stars
1,716
Rank 27,193 (Top 0.6 %)
Language
Go
License
MIT License
Created about 4 years ago
Updated 5 months ago

hahwul/DevSecOps

hahwul

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎

Roadmap for everyone who wants DevSecOps.

📜 Table of Contents

Roadmap
Tools
Resources
Security of CICD
Awesome resources
Other roadmaps
Wrap Up
Contributors
Contribute

💭 Roadmap

🔩 Tools

Spending a lot of time on applying DevSecOps is searching, comparing, and making decisions about tools. These tool lists are a good way to help you reduce unnecessary time and apply them quickly 😎

Open https://github.com/hahwul/DevSecOps/blob/main/tools/README.md

📦 Resources

0. DevSecOps Overview

Overview

1. Design

2. Develop

Secure Coding

3. Build

SAST(Static Application Security Testing)
1. Scan Source Code using Static Application Security Testing (SAST) with SonarQube, Part 1
2. Announcing third-party code scanning tools: static analysis & developer security training

4. Test

DAST(Dynamic Application Security Testing)
Penetration testing
1. Penetration Testing at DevSecOps Speed

5. Deploy

Security Hardening & Config
1. CIS Benchmarks
2. DevSecOps in Kubernetes
Security Scanning
1. Best practices for scanning images (docker)

6. Operate and Monitor

RASP(Run-time Application Security Protection)
1. Runtime Application Self-Protection by rapid7
2. Jumpstarting your devsecops - Pipeline with IAST and RASP
Security Patch
1. RASP(Runtime Application Self-Protection)
Security Audit
Security Monitor
1. IAST(Interactive Application Security Testing)
2. Metrics, Monitoring, Alerting
Security Analysis
1. Attack Surface Analysis Cheat Sheet by OWASP

Security of CICD

Awesome resources

https://github.com/TaptuIT/awesome-devsecops

🚀 Other roadmaps


U.S. Department of Defense	Larry Maccherone

The DevSecOps Security Checklist	Gitlab security devops diagram

🙏🏼 Wrap Up

If you think the roadmap can be improved, please do open a PR with any updates and submit any issues. Also, I will continue to improve this, so you might want to star this repository to revisit.

Idea from : Go Developer Roadmap

Contributors

WebHackersWeapons

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

dalfox

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

XSpear

🔱 Powerfull XSS Scanning and Parameter analysis tool&gem

jwt-hack

🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)

MobileHackersWeapons

Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting

a2sv

Auto Scanning to SSL Vulnerability

authz0

🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.

mad-metasploit

Metasploit custom modules, plugins, resource script and.. awesome metasploit collection

droid-hunter

(deprecated) Android application vulnerability analysis and Android pentest tool

metasploit-autopwn

db_autopwn plugin of metasploit

deadfinder

🏴‍☠️ Find dead-links (broken links)

RegexPassive

🔭 Collection of regexp pattern for security passive scanning

mzap

⚡️ Multiple target ZAP Scanning

XSS-Payload-without-Anything

XSS Payload without Anything.

hack-pet

🐰 Managing command snippets for hackers/bug bounty hunters. with pet.

s3reverse

The format of various s3 buckets is convert in one format. for bugbounty and security testing.

gee

🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go

websocket-connection-smuggler

websocket-connection-smuggler

gitls

🖇 Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline

ws-smuggler

WebSocket Connection Smuggler

ras-fuzzer

RAS(RAndom Subdomain) Fuzzer

MemBi

All the members of bugbounty and infosec. If you don't know who to follow, see!

backbomb

💣 Dockerized penetration-testing/bugbounty/app-sec testing environment

hbxss

Security test tool for Blind XSS

fuzzstone

action-dalfox

XSS scanning with Dalfox on Github-action

recon-raven

Reconnaissance tool of Penetration test & Bug Bounty

xssmaze

XSSMaze is a web service designed to test and improve the performance of security testing tools by providing various cases of XSS vulnerabilities.

noir

♠️ Noir is an attack surface detector form source code.

assets.hahwul.com

assets for www.hahwul.com

vais

SWF Vulnerability & Information Scanner

can-i-protect-xss

Everything about xss protection technology

volt

⚡ Golang library for quick make pentest tools

raven

Automation Hacking & Penetration Testing Suite

vunlink

Auto Web Vulnerability Scanning Framework

hahwul

websocket-connection-smuggling-go

websocket-connection-smuggling write in go

zest-env

🐋 Zest CLI Environment

github-aciton-injection-test

This repo is a sample repo for Github Action Injection.

awesome-zap-extensions

A curated list of amazingly awesome ZAP Extensions

VAHA

Web for security engineer & hacker

jqueen

buildpack-nmap

install nmap and set alias buildpack of heroku

m2h.js

remote markdown document to html on DOM

homebrew-dalfox

zap-cloud-scan

hahwul-testzz

tool, page code for https://www.hahwul.com

qs-openvpn

quick setup openvpn

eoyc

Encoding Only Your Choices

zaproxy-ruby

A Ruby Implementation and Library for Easy Utilization of ZAP API

cyan-snake

Live OS for Physical hacking

podopunch

Easy testing from multiple android devices

openvas_install_script

OpenVAS Scanner Install Script on Debian

rings

homebrew-jwt-hack

buildpack-zap-daemon

zap(zed attack proxy) daemon mode buildpack of heroku

CaidoTweaks

restime

Web page response time checker

exploit-db_to_dokuwiki

exploit-db(edb) convert to dokuwiki template

homebrew-backbomb

backbomb homebrew repository

booungJS

Vulnerability analysis to javascript using javascript and web debugger

homebrew-authz0

licaner

ftc

simple copy to file to clipboard

struts2-rce-cve-2017-9805-ruby

homebrew-mzap

go-github-selfupdate-patched

go get error patched version

crystal-smuggle

jekyll-securitytxt

Jekyll plugin for security.txt

shooting-scheme

custom scheme testing tool with checklist

action-authz0-test

mycert

lab

homebrew-gee

homebrew-s3reverse

caido-crystal

Caido implementation for crystal

heroku-buildpack-geckodriver

dawn-of-seoul

It is a Caido theme made to feel blue, the representative dawn color of Seoul.

vuln_test

<video><embed><object><meta><body><script><frame><frameset>

projectsend_r582_webshell

ProjectSend_r582_webshell exploit

homebrew-eoyc

bad-usb-scripts

purl.cr

hlogger

golang logger for hahwul z