NUA Security

Minimum Viable Secure Product - Checklist

https://mvsp.dev/mvsp.en/index.html “Minimum Viable Secure Product is a minimalistic security checklist for B2B software and business process outsourcing suppliers.”

See als: https://www.jit.io/ “Automating product security for busy developers - Start with MVS, Minimal Viable Security plan as code, instantly achieve continuous security”

Docker image checker

https://github.com/docker/docker-bench-security

WAF

(Also called DAST - dynamic application analysis)

See Public/Tech/Security/WAF

Others

Zaproxy

https://github.com/zaproxy/zaproxy.git “The OWASP ZAP core project”
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It’s also a great tool for experienced pentesters to use for manual security testing.

NB: gros truc (200 KLOC de Java)
NB: Ce n’est pas un WAF. Ca peut quand même servir.

F5 NGINX App Protect: Web Application Firewall (WAF)

https://www.nginx.com/products/nginx-app-protect/web-application-firewall
Not open source.
Cool diagram

Page last modified: 2024-03-28 10:11:19