devops-ru / Awesome Devsecops_ru
Licence: cc-by-4.0
Подборка выступлений и публикаций на тему DevSecOps на русском и не только)
Stars: ✭ 62
Projects that are alternatives of or similar to Awesome Devsecops ru
Faraday
Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
Stars: ✭ 3,198 (+5058.06%)
Mutual labels: devsecops
Cmsscan
CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues
Stars: ✭ 775 (+1150%)
Mutual labels: devsecops
Hunter
Hunter作为中通DevSecOps闭环方案中的一环,扮演着很重要的角色,开源之后希望能帮助到更多企业。
Stars: ✭ 283 (+356.45%)
Mutual labels: devsecops
Hammer
Dow Jones Hammer : Protect the cloud with the power of the cloud(AWS)
Stars: ✭ 330 (+432.26%)
Mutual labels: devsecops
Kube Scan
kube-scan: Octarine k8s cluster risk assessment tool
Stars: ✭ 566 (+812.9%)
Mutual labels: devsecops
Reapsaw
Reapsaw is a continuous security devsecops tool, which helps in enabling security into CI/CD Pipeline. It supports coverage for multiple programming languages.
Stars: ✭ 37 (-40.32%)
Mutual labels: devsecops
Threatmapper
Identify vulnerabilities in running containers, images, hosts and repositories
Stars: ✭ 361 (+482.26%)
Mutual labels: devsecops
Dependency Track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Stars: ✭ 718 (+1058.06%)
Mutual labels: devsecops
Prowler
Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: ✭ 4,561 (+7256.45%)
Mutual labels: devsecops
Awesome Threat Modelling
A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
Stars: ✭ 319 (+414.52%)
Mutual labels: devsecops
Awesome Php Security
Awesome PHP Security Resources 🕶🐘🔐
Stars: ✭ 666 (+974.19%)
Mutual labels: devsecops
Securecodebox
secureCodeBox (SCB) - continuous secure delivery out of the box
Stars: ✭ 279 (+350%)
Mutual labels: devsecops
Trivy
Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues
Stars: ✭ 9,673 (+15501.61%)
Mutual labels: devsecops
Application Security Engineer Interview Questions
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Stars: ✭ 267 (+330.65%)
Mutual labels: devsecops
Terragoat
TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
Stars: ✭ 461 (+643.55%)
Mutual labels: devsecops
Holisticinfosec For Webdevelopers Fascicle0
📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚
Stars: ✭ 37 (-40.32%)
Mutual labels: devsecops
Kubernetes Goat
Kubernetes Goat is "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.
Stars: ✭ 868 (+1300%)
Mutual labels: devsecops
Gg Shield
Detect secret in source code, scan your repo for leaks. Find secrets with GitGuardian and prevent leaked credentials. GitGuardian is an automated secrets detection & remediation service.
Stars: ✭ 708 (+1041.94%)
Mutual labels: devsecops
Awesome DevSecOps RU 
Подборка выступлений и публикаций на тему DevSecOps на русском и не только)
Предложения и вопросы по контенту пишите пожалуйста в issues
А еще у нас есть канал в телеграмме ヅ
Видео выступлений
- Управление секретами при помощи Hashicorp Vault // Сергей Носков, Avito, DevOps Moscow meetup, слайды
- Управление секретами при помощи Hashicorp Vault в Авито / Сергей Носков (Авито) (DevOpsConf Russia 2018)
- Страх и ненависть DevSecOps // Шабалин Юрий, Swordfish Security, DevOps Moscow meetup, слайды
- Security Compliance & DevOps // Степан Носов, IPONWEB, DevOps Moscow meetup, слайды
- Безопасность в Kubernetes (Дмитрий Лазаренко, Mail.Ru Cloud Solutions) / ♥ Kubernetes meetup
- Practical steps for securing your container deployment, Liz Rice, Aqua Security, страница доклада на DevOops 2018
- Modern security with microservices and the cloud, Seth Vargo, Google, страница доклада на DevOops 2018
- Мониторинг безопасности сайтов / Григорий Земсков (Ревизиум) (РИТ++2018, RootConf)
- Enabling shift-left for 12k banking developers from scratch (DevSecCon London 2018)
- Maginot Line - 6 Common AppSec Anti-Patterns Preventing your Success (DevSecCon Singapore 2018)
Статьи
- Безопасность internal сервисов, Всеволод Поляков
- A guide to automating HashiCorp Vault from Gruntwork 1, 2, 3
- TLDR Безопасность разработки в Agile проектах
- What Your Kubernetes Security Checklist Might Be Missing by Jim Bugwadia from Nirmata
- A continuation of devops: policy as code by Gareth Rushgrove, QCon London 2019
- CONTINUOUS SECURITY IN THE DEVOPS WORLD by JULIEN VEHENT from MOZILLA SECURITY
- Саммари “Unit Testing Your Kubernetes Configurations Using Open Policy Agent — Gareth Rushgrove”, KubeCon + CloudNativeCon Europe 2019
- Software Security Field Guide for the Bewildered от Ian Miell
- The Path Less Traveled: Abusing Kubernetes Defaults, Black Hat USA 2019
- Серия статей про безопасность Docker от Swordfish Security:
Обучение, курсы
- Платформа для изучения HashiCorp Vaut
- Крутая подборка небольших описаний методологий разработки. Скидывайте вашим коллегам, если они не в теме)
- Security in Google Cloud Platform Specialization (Coursera)
Книги
Best practices
- The Early Security Engineer’s First 90 Days Checklist
- AWS Security Best Practices
- 10 Docker Image Security Best Practices
Безопасность облачных платформ (Clouds)
Amazon Web Services (AWS)
- AWS re:Invent 2017: Making the Shift from DevOps to Practical DevSecOps (ABD337)
- DevOps and Cyber Security in AWS (DevSecOps)
Google Cloud Platform (GCP)
- 8 Google Cloud Security Best Practices
- A Security Practitioners Guide to Best Practice GCP Security (Cloud Next '18)
- Best Practices for Privacy and Security in GCE (Cloud Next '19)
Разное
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].