Awesome List Updates on Jun 24, 2020

15 awesome lists updated today.

🏠 Home · 🔍 Search · 🔥 Feed · 📮 Subscribe · ❤️ Sponsor

1. Awesome Transit

GTFS Realtime Utilities / Rust

• manual-gtfsrt (⭐5) - A Go-based tool that serves a GTFS-RT feed created from editable JSON.

2. Awesome Cybersecurity Blueteam

Network perimeter defenses / Evidence collection

• Gatekeeper (⭐1.3k) - First open source Distributed Denial of Service (DDoS) protection system.

3. Awesome Ddd

Sample Projects / PHP

• DDD CQRS Todo Sample (⭐353) - DDD CQRS ADR hexagonal architecture implementation built with PHP 7 and Symfony 5.

4. Awesome Crystal

CLI Utils

• climate (⭐14) - Tiny tool to make your CLI output 🌈 coloured

5. Awesome Tmux

Tools and session management

• dmux (⭐328) Configurable tmux workspace manager written in Rust

6. Awesome Cl

Intermediate

• Lisp Tips (⭐124) - A blog with useful tips and tricks.

• Lisp project of the day - A blog showcasing many Lisp libraries.

7. Static Analysis

Meaning of Symbols:

• ℹ️ indicates that the community does not recommend to use this tool for new projects anymore. The icon links to the discussion issue.

8. Awesome Healthcare

Contents / EHR

• GNUmed - Electronic Medical Record software.

9. Awesome Prisma

🦺 Community Prisma Tools

• prisma-relay-cursor-connection (⭐263)

10. Awesome Dotnet Core

Frameworks, Libraries and Tools / GUI

• Lara (⭐149) - Lara Web Engine is a library for developing Web user interfaces in C#

11. Awesome Actions on Google

Codelabs/Courses

• Build Actions for Google Assistant using Actions Builder (Level 1)

• Build Actions for Google Assistant using Actions Builder (Level 2)

12. Awesome Seml

Tooling

• Git Large File System (LFS) - Replaces large files such as datasets with text pointers inside Git.

• OpenML - An inclusive movement to build an open, organized, online ecosystem for machine learning.

• Spark Machine Learning - Spark’s ML library consisting of common learning algorithms and utilities.

13. Free for Dev

APIs, Data, and ML

• Sheetson - Instantly turn any Google Sheets into a RESTful API. Free plan available.

14. Awesome Webaudio

Packages / Libraries

• soundfont-player - A soundfont loader/player to play MIDI sounds using WebAudio API.

Packages / Apps

• Web Audio Metronome (⭐576) - metronome app that uses the Web Audio scheduler and setTimeout scheduler

15. Awesome Devsecops

Articles

• Our Approach to Employee Security Training - Pager Duty - Guidelines to running security training within an organisation.

Conferences

• DevSecCon - Snyk - A network of DevSecOps conferences run by Snyk.

• AppSec Day - OWASP - An Australian application security conference run by OWASP.

Podcasts

• Absolute AppSec - Seth Law & Ken Johnson - Discussions about current events and specific topics related to application security.

• Application Security Podcast - Security Journey - Interviews with industry experts about specific application security concepts.

• BeerSecOps - Aqua Security - Breaking down the silos of Dev, Sec and Ops, discussing topics that span these subject areas.

• DevSecOps Podcast Series - OWASP - Discussions with thought leaders and practitioners to integrate security into the development lifecycle.

• The Secure Developer - Snyk - Discussion about security tools and best practices for software developers.

Secure Development Guidelines

• Application Security Verification Standard - OWASP - A framework of security requirements and controls to help developers design and develop secure web applications.

• Coding Standards - CERT - A collection of secure development standards for C, C++, Java and Android development.

• Proactive Controls - OWASP - OWASP's list of top ten controls that should be implemented in every software development project.

• Secure Coding Guidelines - Mozilla - A guideline containing specific secure development standards for secure web application development.

• Secure Coding Practices Quick Reference Guide - OWASP - A checklist to verify that secure development standards have been followed.

Secure Development Lifecycle Framework

• Secure Development Lifecycle - Microsoft - A collection of tools and practices that serve as a framework for the secure development lifecycle.

• Secure Software Development Framework - NIST - A framework consisting of practices, tasks and implementation examples for a secure development lifecycle.

• Software Assurance Maturity Model (⭐396) - OWASP - A framework to measure and improve the maturity of the secure development lifecycle.

Training

• Cybrary - Cybrary - Subscription based online courses with dedicated categories for cybersecurity and DevSecOps.

• PentesterLab - PentesterLab - Hands on labs to understand and exploit simple and advanced web vulnerabilities.

• Security Training for Engineers - Pager Duty - A presentation created and open-sourced by PagerDuty to provide security training to software engineers.

• Security Training for Everyone - Pager Duty - A presentation created and open-sourced by PagerDuty to provide security training employees.

• Web Security Academy - PortSwigger - A set of materials and labs to learn and exploit common web vulnerabilities.

Dependency Management

• Dependabot - GitHub - Automatically scan GitHub repositories for vulnerabilities and create pull requests to merge in patched dependencies.

• Dependency-Check - OWASP - Scans dependencies for publicly disclosed vulnerabilities using CLI or build server plugins.

• Dependency-Track - OWASP - Monitor the volume and severity of vulnerable dependencies across multiple projects over time.

• JFrog XRay - JFrog - Security and compliance analysis for artifacts stored in JFrog Artifactory.

• NPM Audit - NPM - Vulnerable package auditing for node packages built into the npm CLI.

• Renovate - WhiteSource - Automatically monitor and update software dependencies for multiple frameworks and languages using a CLI or git repository apps.

• Requires.io - Olivier Mansion & Alexis Tabary - Automated vulnerable dependency monitoring and upgrades for Python projects.

Dynamic Analysis

• Automatic API Attack Tool (⭐443) - Imperva - Perform automated security scanning against an API based on an API specification.

• BurpSuite Enterprise Edition - PortSwigger - BurpSuite's web application vulnerability scanner used widely by penetration testers, modified with CI/CD integration and continuous monitoring over multiple web applications.

• Gauntlt (⭐977) - Gauntlt - A Behaviour Driven Development framework to run security scans using common security tools and test output, defined using Gherkin syntax.

• SSL Labs Scan (⭐1.7k) - SSL Labs - Automated scanning for SSL / TLS configuration issues.

• Zed Attack Proxy (ZAP) (⭐12k) - OWASP - An open-source web application vulnerability scanner, including an API for CI/CD integration.

Infrastructure as Code Analysis / Cloud Formation

• Cfn Nag (⭐1.2k) - Stelligent - Scan AWS CloudFormation templates for insecure configuration.

Infrastructure as Code Analysis / Containers

• Clair (⭐10k) - Red Hat - Scan App Container and Docker containers for publicly disclosed vulnerabilities.

• Dagda (⭐1.1k) - Elías Grande - Compares OS and software dependency versions installed in Docker containers with public vulnerability databases, and also performs virus scanning.

• Snyk Container - Snyk - Scan Docker and Kubernetes applications for security vulnerabilities during CI/CD or via continuous monitoring.

Infrastructure as Code Analysis / Terraform

• Tfsec (⭐6.6k) - Liam Galvin - Scan Terraform templates for security misconfiguration and noncompliance with AWS, Azure and GCP security best practice.

Infrastructure as Code Analysis / Kubernetes

• Kube-Score (⭐2.7k) - Gustav Westling - Scan Kubernetes object definitions for security and performance misconfiguration.

• Kubectrl Kubesec (⭐505) - ControlPlane - Plugin for kubesec.io to perform security risk analysis for Kubernetes resources.

Intentionally Vulnerable Applications / Ansible

• Bad SSL (⭐2.8k) - The Chromium Project - A container running a number of webservers with poor SSL / TLS configuration. Useful for testing tooling.

• Damn Vulnerable Web App - Ryan Dewhurst - A web application that provides a safe environment to understand and exploit common web vulnerabilities.

• Juice Shop (⭐9.8k) - OWASP - A web application containing the OWASP Top 10 security vulnerabilities and more.

• NodeGoat (⭐1.8k) - OWASP - A Node.js web application that demonstrates and provides ways to address common security vulnerabilities.

Related Lists / Ruby

• Vulnerable Web Apps Directory - OWASP - A collection of vulnerable web applications for learning purposes.

• Awesome Threat Modelling (⭐1.3k) - Practical DevSecOps - A curated list of threat modeling resources.

• Awesome Dynamic Analysis (⭐899) - Matthias Endler - A collection of dynamic analysis tools and code quality checkers.

• Awesome Static Analysis (⭐13k) - Matthias Endler - A collection of static analysis tools and code quality checkers.

Monitoring / Ansible

• Csper - Csper - A set of Content Security Policy tools that can test policies, monitor CSP reports and provide metrics and alerts.

Secrets Management / Ansible

• Ansible Vault - Ansible - Securely store secrets within Ansible pipelines.

• Azure Key Vault - Microsoft Azure - Securely store secrets within Azure.

• BlackBox (⭐6.6k) - StackExchange - Encrypt credentials within your code repository.

• Chef Vault (⭐407) - Chef - Securely store secrets within Chef.

• CredStash (⭐2.1k) - Fugue - Securely store secrets within AWS using KMS and DynamoDB.

• CyberArk Application Access Manager - CyberArk - Secrets management for applications including secret rotation and auditing.

• Docker Secrets - Docker - Store and manage access to secrets within a Docker swarm.

• Git Secrets (⭐12k) - Amazon AWS - Scan git repositories for secrets committed within code or commit messages.

• Google Cloud Key Management Service (KMS) - Google Cloud Platform - Securely store secrets within GCP.

• HashiCorp Vault - HashiCorp - Securely store secrets via UI, CLI or HTTP API.

• Pinterest Knox (⭐1.2k) - Pinterest - Securely store, rotate and audit secrets.

• Secrets Operations (SOPS) (⭐16k) - Mozilla - Encrypt keys stored within YAML, JSON, ENV, INI and BINARY files.

Static Analysis / Multi-Language Support

• Graudit (⭐1.4k) - Eldar Marcussen - Grep source code for potential security flaws with custom or pre-configured regex signatures.

• LGTM - Semmle - Scan and monitor code for security vulnerabilities using custom or built-in CodeQL queries.

• RIPS - RIPS Technologies - Automated static analysis for PHP, Java and Node.js projects.

• SonarQube - SonarSource - Scan code for security and quality issues with support for a wide variety of languages.

Static Analysis / C / C++

• FlawFinder (⭐463) - David Wheeler - Scan C / C++ code for potential security weaknesses.

Static Analysis / C#

• Puma Scan (⭐443) - Puma Security - A Visual Studio plugin to scan .NET projects for potential security flaws.

Static Analysis / Configuration Files

• Conftest (⭐2.8k) - Instrumenta - Create custom tests to scan any configuration file for security flaws.

Static Analysis / Java

• Deep Dive - Discotek.ca - Static analysis for JVM deployment units including Ear, War, Jar and APK.

• Find Security Bugs (⭐2.2k) - OWASP - SpotBugs plugin for security audits of Java web applications. Supports Eclipse, IntelliJ, Android Studio and SonarQube.

• SpotBugs (⭐3.4k) - SpotBugs - Static code analysis for Java applications.

Static Analysis / JavaScript

• ESLint - JS Foundation - Linting tool for JavaScript with multiple security linting rules available.

Static Analysis / Go

• Golang Security Checker (⭐7.6k) - securego - CLI tool to scan Go code for potential security flaws.

Static Analysis / .NET

• Security Code Scan (⭐929) - Security Code Scan - Static code analysis for C# and VB.NET applications.

Static Analysis / PHP

• PHPCS Security Audit (⭐703) - Floe - PHP static analysis with rules for PHP, Drupal 7 and PHP related CVEs.

• Progpilot (⭐319) - Design Security - Static analysis for PHP source code.

Static Analysis / Python

• Bandit (⭐6.1k) - Python Code Quality Authority - Find common security vulnerabilities in Python code.

Static Analysis / Ruby

• Brakeman (⭐6.9k) - Justin Collins - Static analysis tool which checks Ruby on Rails applications for security vulnerabilities.

• DawnScanner (⭐733) - Paolo Perego - Security scanning for Ruby scripts and web application. Supports Ruby on Rails, Sinatra and Padrino frameworks.

Threat Modelling / Ruby

• SecuriCAD - Forseeti - Treat modelling and attack simulations for IT infrastructure.

• IriusRisk - IriusRisk - Draw threat models and capture threats and countermeasures and manage risk.

• Raindance Project (⭐44) - DevSecOps - Use attack maps to identify attack surface and adversary strategies that may lead to compromise.

• SD Elements - Security Compass - Identify and rank threats, generate actionable tasks and track related tickets.

• Threat Dragon - OWASP - Threat model diagramming tool.

• Threat Modelling Tool - Microsoft - Threat model diagramming tool.

• Threatspec - Threatspec - Define threat modelling as code.

• Prev: Jun 25, 2020
• Next: Jun 23, 2020