Cyber security

Awesome DevSecOps – A Comprehensive Guide To Resources And Tooling

DevSecOps is an extension of the DevOps movement that aims to bring security practices into the development lifecycle through developer-centric security tooling and processes.

Contributions welcome. Add links through pull requests or create an issue to start a discussion.

Contents

  • Resources
    • Articles
    • Books
    • Communities
    • Conferences
    • Newsletters
    • Podcasts
    • Secure Development Guidelines
    • Secure Development Lifecycle Framework
    • Toolchains
    • Training
    • Wikis
  • Tools
    • Dependency Management
    • Dynamic Analysis
    • Infrastructure as Code Analysis
    • Intentionally Vulnerable Applications
    • Monitoring
    • Secrets Management
    • Secrets Scanning
    • Static Analysis
    • Supply Chain Security
    • Threat Modelling
  • Related Lists

Resources

Articles

Books

  • Alice and Bob Learn Application SecurityTanya Janca – An accessible and thorough resource for anyone seeking to incorporate, from the beginning of the System Development Life Cycle, best security practices in software development.

Communities

  • MyDevSecOpsSnyk – A community that runs conferences, a blog, a podcast and a Slack workspace dedicated to DevSecOps.

Conferences

  • AppSec DayOWASP – An Australian application security conference run by OWASP.
  • DevSecConSnyk – A network of DevSecOps conferences run by Snyk.

Newsletters

  • Shift Security LeftCossack Labs – A free biweekly newsletter for security-aware developers covering application security, secure architecture, DevSecOps, cryptography, incidents, etc. that can be useful for builders and (to a lesser extent) for breakers.

Podcasts

  • Absolute AppSecSeth Law & Ken Johnson – Discussions about current events and specific topics related to application security.
  • Application Security PodcastSecurity Journey – Interviews with industry experts about specific application security concepts.
  • BeerSecOpsAqua Security – Breaking down the silos of Dev, Sec and Ops, discussing topics that span these subject areas.
  • DevSecOps Podcast SeriesOWASP – Discussions with thought leaders and practitioners to integrate security into the development lifecycle.
  • The Secure DeveloperSnyk – Discussion about security tools and best practices for software developers.

For more information click here.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Pystinger : Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…

1 week ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

1 week ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

1 week ago

How to Bash Append to File: A Simple Guide for Beginners

If you are working with Linux or writing bash scripts, one of the most common…

1 week ago

Mastering the Bash Case Statement with Simple Examples

What is a bash case statement? A bash case statement is a way to control…

1 week ago

How to Check if a File Exists in Bash – Simply Explained

Why Do We Check Files in Bash? When writing a Bash script, you often work…

2 weeks ago