Home Cyber security SecHub : Streamlining Security Across Software Development Lifecycles

SecHub : Streamlining Security Across Software Development Lifecycles

December 11, 2024

The free and open-source security platform SecHub, provides a central API to test software with different security tools. SecHub supports many free and open-source as well as proprietary security tools.

SecHub Features:

Easy to use
Scan using one API/client
Single human readable report
Mark findings as false-positive
Supports many security tools
Provides IDE and text editor plugins

Supported Security Tools:

Code scanners
Secrets scanners
Web scanners
Infrastructure scanners
License scanners

Getting Started

SecHub Getting Started Guide

Documentation

Documentation

Introduction

SecHub orchestrates various security and vulnerability scanners which can find potential vulnerabilities in sourcecode, binaries or web applications.

This enables security, development and operation teams to review and fix security issues. As a result, SecHub improves application security.

SecHub basic architecture overview

                                                   +--------------+
                                              +--> | PDS + Tool A |
                                              |    +--------------+
+--------+                     +---------+    |
| SecHub | ---- scan data ---> | SecHub  | <--+
| Client | <---- report ------ |   API   | <--+
+--------+                     +---------+    |
                                              |    +--------------+
                                              +--> | PDS + Tool B |
                                                   +--------------+

The objective of SecHub is to help secure the software development lifecyle (SDLC) phases: development, deployment and maintenance.

From the first written line of code to the application being in production. SecHub can be used to scan the software continuously.

The security tools are categorized into modules which are named after the security testing method they perform: codeScan, licenseScan, secretScan, webScan etc.

Note The terms SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) are intentionally not used for the module names, because the designers feel those terms are vague and difficult to understand for non-security experts. On the other hand, security experts can easily map: codeScan to SAST and webScan to DAST.

For more information click here.

SecHub : Streamlining Security Across Software Development Lifecycles

SecHub Features:

Supported Security Tools:

Getting Started

Documentation

Introduction

LEAVE A REPLY Cancel reply

APPLICATIONS

EvilSelenium : A Tool That Weaponizes Selenium To Attack Chromium Based Browsers

SharpSCCM : A C# Utility For Interacting With SCCM

NullSection : A Revolutionary Anti-Reversing Tool For Enhancing Software Security

WMD – Weapon of Mass Destruction

HOT NEWS

Pwndora : Massive IPv4 Scanner, Find And Analyze Internet-Connected Devices In...

EVEN MORE NEWS

Hawker : The Comprehensive OSINT Toolkit For Cybersecurity Professionals

hrtng IDA Plugin : Elevating IDA’s Capabilities For Advanced Malware Analysis

DarkFlare : Bypassing Censorship With TCP-Over-CDN Technology

POPULAR CATEGORY

Free Threat Intel/IOC Feeds: Maximizing Cybersecurity Efficacy with Open-Source Intelligence Integration

Todesstern – The Advanced Mutator Engine For Injection Vulnerability Discovery

xzbot – A Strategic Approach To Counter CVE-2024-3094 Through Honeypots And...