No. | DevSecOps Aspect | No. | Directory Name |
---|---|---|---|
1 | Web Application Security | 09 | Active Directory Security |
2 | API Security | 10 | Infrastructure Security |
3 | Mobile Application Security | 11 | Threat Modeling |
4 | Thick Client Application Security | 12 | IoT Security |
5 | Source Code Review | 13 | OSINT (Open Source Intelligence) |
6 | Network Security | 14 | Blockchain Security |
7 | Wi-Fi Security | 15 | CI/CD Pipeline Security |
8 | Cloud Security | 16 | Docker Container Security |
9 | DevSecOps |
No. | DevSecOps Aspect | Description |
---|---|---|
1 | Web Application Security | Assess and secure web applications for vulnerabilities. |
2 | API Security | Test and enhance the security of APIs and microservices. |
3 | Mobile Application Security | Evaluate the security of mobile apps and devices. |
4 | Thick Client Application Security | Assess thick client applications for security issues. |
5 | Source Code Review | Analyze source code to identify and rectify vulnerabilities. |
6 | Network Security | Secure networks by identifying and addressing weaknesses. |
7 | Wi-Fi Network Security | Evaluate the security of Wi-Fi networks and access points. |
8 | Cloud Security | Assess the security of cloud-based systems and services. |
9 | Active Directory Security | Evaluate the security of Active Directory environments. |
10 | Infrastructure Security | Secure the underlying IT infrastructure and assets. |
11 | Threat Modeling | Model and assess threats to enhance system security. |
12 | IoT Security | Identify and mitigate vulnerabilities in IoT devices. |
13 | OSINT (Open Source Intelligence) | Gather intelligence from open sources for security analysis. |
14 | Blockchain Security | Assess blockchain systems for security and compliance. |
15 | CI/CD Pipeline Security | Evaluate the security of continuous integration pipelines. |
16 | Docker Container Security | Secure Docker containers and containerized applications. |
17 | DevSecOps | Integrate security practices throughout the DevOps lifecycle. |
Category | Tools |
---|---|
Web App Pentesting | Burp Suite Pro 🌐, Acunetix 🌐, HCL-AppScan 🌐, invicti netsparker 🌐, Fortify-WebInspect 🌐, wp-scan 🌐, Nikto 🌐, Wfuzz 🌐, SQLMap 🌐, OWASP ZAP 🌐, Nmap 🌐 |
Mobile App Pentesting | Android:: MobSF 📱, Frida 📱, APKTool 📱, JADX 📱, AndroidStudio/Genymotion 📱, Drozer 📱, Magisk Root 📱, APKX 📱, mitmproxy 📱, Objection 📱, adb 📱 iOS:: MobSF 📱, Frida 📱, Objection 📱, Cycript 📱, iOS Hook 📱, Needle 📱, Class-dump 📱, Burp Suite Mobile Assistant 📱, SSL Kill Switch 2 📱, iMazing 📱 |
API Pentesting | Postman 📡, Burp Suite Pro 📡, Swagger Inspector 📡, Kite Runner 📡, SecApps Intercept 📡 Insomnia 📡, OWASP Amass 📡, 42Crunch API Security 📡 |
Secure Code Review | SonarQube 🔐, Snyk 📡,Semgrep 🔐,Fortify-WorkbencAudit 🔐 Checkmarx 🔐, Veracode 🔐, , CodeQL 🔐, Bandit 🔐, FindSecBugs 🔐, Gitleaks 🔐 |
Thick Client Pentesting | Fiddler 💻, Sysinternals Suite💻 , dnSpy 💻, de4dot💻, IDA Pro 💻,Process Explorer 💻, CFF Explorer 💻, OllyDbg 💻 x64dbg 💻, Ghidra 💻, Burp Suite Pro 💻 , Wireshark 💻, |
Network Pentesting | Nmap 🌐, Wireshark 🌐, Metasploit Framework 🌐, Nessus 🌐, OpenVAS 🌐, Responder 🌐, CrackMapExec 🌐, BloodHound 🌐, Netcat 🌐, Bettercap 🌐 |
Cloud Security | Prowler ☁️, ScoutSuite ☁️, CloudSploit ☁️, Pacu ☁️, Steampipe ☁️, CloudMapper ☁️, NCC Group Scout ☁️, kube-bench ☁️ |
Container Security | Trivy 🐳, Aqua Microscanner 🐳, Clair 🐳, Anchore 🐳, Docker Bench 🐳, kube-hunter 🐳, Falco 🐳, Sysdig 🐳, Snyk 🐳 |
I appreciate your interest in contributing! please read Contribution Guidelines.
A heartfelt thank you to these amazing individuals for their contributions to this project. You can view emoji key to see the various ways you can contribute!
Marko Živanović 🔧 |
Madhurendra kumar 💻 |
0xanon 💻 |
InfoBugs 💻 |
Ratnesh kumar 💻 |
Chandrabhushan Kumar 💻 |