security-tools.md

July 15, 2021 · View on GitHub

La sécurité applicative est un enjeu qui doit être pris en compte dès la conception du projet, chaperonné tout au long du cycle de développement.

:calendar: published on: 2021-06-22
tags: dependency-injection, security-tools

GitHub - Atomicorp/ossec-docker: Official OSSEC docker container

^{https://github.com/Atomicorp/ossec-docker}

Official OSSEC docker container. Contribute to Atomicorp/ossec-docker development by creating an account on GitHub.

tags: docker, security-tools, monitoring, ossec, log-analyzer, devops-tools, server-application
:octocat: source code

GitHub - Atomicorp/openvas-docker: A docker container for openvas

^{https://github.com/Atomicorp/openvas-docker}

A docker container for openvas. Contribute to Atomicorp/openvas-docker development by creating an account on GitHub.

tags: security-tools, monitoring, devops-tools, openvas, docker
:octocat: source code

GitHub - Atomicorp/gvm: Greenbone Vulnerability Manager / Openvas packaging project

^{https://github.com/Atomicorp/gvm}

Greenbone Vulnerability Manager / Openvas packaging project - Atomicorp/gvm

tags: security-tools, openvas, monitoring, devops-tools
:octocat: source code

Threat Dragon home page

^{https://threatdragon.org/}

Threat Dragon is a free, open-source threat modeling tool from OWASP. It can be used as a standalone desktop app for Windows and MacOS (Linux coming soon) or as a web application. The desktop app is g...

tags: security, security-tools, threat-model
:octocat: source code

Falco home page

^{https://falco.org/}

Falco, the cloud-native runtime security project, is the de facto Kubernetes threat detection engine

tags: security, security-tools, kubernetes, cluster-computing
:octocat: source code

CyberChef home page

^{https://gchq.github.io/CyberChef/}

The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

tags: security, security-tools, cryptography
:octocat: source code

CSP Evaluator

^{https://csp-evaluator.withgoogle.com/}

CSP Evaluator allows developers and security experts to check if a Content Security Policy (CSP) serves as a strong mitigation against cross-site scripting attacks. It assists with the process of revi...

tags: security-tools, content-security-policy

BeEF - The Browser Exploitation Framework Project

^{https://beefproject.com/}

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.

tags: security, penetration-testing, security-tools
:octocat: source code

HTTP Strict Transport Security Header Testing Tool

^{https://gf.dev/hsts-test}

Check if your site is defending from cookie hijacking & protocol downgrade attack

tags: http, security-tools, http-headers

CWE - Common Weakness Enumeration

^{https://cwe.mitre.org/index.html}

CWE™ is a community-developed list of software and hardware weakness types. It serves as a common language, a measuring stick for security tools, and as a baseline for weakness identification, mitigat...

tags: security, security-tools, software-development

OWASP ZAP

^{https://www.zaproxy.org/}

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find s...

tags: security, security-tools
:octocat: source code

mitmproxy - an interactive HTTPS proxy

^{https://mitmproxy.org/}

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

tags: http-proxy, security, security-tools, proxy
:octocat: source code

What do SAST, DAST, IAST and RASP mean to developers?

^{https://www.softwaresecured.com/what-do-sast-dast-iast-and-rasp-mean-to-developers/}

It’s estimated that 90 percent of security incidents result from attackers exploiting known software bugs. Needless to say, squashing those bugs in the development phase of software could reduce the i...