OWASP Web Application Penetration Checklist
his comprehensive checklist, from the Open Web Application Security Project (OWASP), is a valuable tool for penetration testers and developers alike.
It provides a systematic approach to identifying vulnerabilities, and can be used as a guide to help ensure that your web applications are as secure as possible.
#docs #web
his comprehensive checklist, from the Open Web Application Security Project (OWASP), is a valuable tool for penetration testers and developers alike.
It provides a systematic approach to identifying vulnerabilities, and can be used as a guide to help ensure that your web applications are as secure as possible.
#docs #web
🤔4👍1
OWASP Web Application Penetration Checklist.pdf
413.4 KB
OWASP Web Application Penetration Checklist
👍5
Forwarded from CyberSecBastion
DevSecOps Guides
Our guides cover a wide range of topics related to DevSecOps, including:
🔹Secure coding practices: Learn how to write code that is resistant to common security threats such as SQL injection, cross-site noscripting, and buffer overflow.
🔹Threat modeling: Learn how to identify potential security vulnerabilities in your applications and prioritize them based on their impact and likelihood of occurrence.
🔹Security testing: Learn about different types of security testing, such as penetration testing, vulnerability scanning, and code review, and how to incorporate them into your DevSecOps workflow.
🔹Infrastructure security: Learn about securing the infrastructure that supports your applications, including servers, networks, and databases.
🔹 Compliance and regulations: Learn about compliance requirements and regulations such as GDPR, HIPAA, and PCI-DSS
Our guides cover a wide range of topics related to DevSecOps, including:
🔹Secure coding practices: Learn how to write code that is resistant to common security threats such as SQL injection, cross-site noscripting, and buffer overflow.
🔹Threat modeling: Learn how to identify potential security vulnerabilities in your applications and prioritize them based on their impact and likelihood of occurrence.
🔹Security testing: Learn about different types of security testing, such as penetration testing, vulnerability scanning, and code review, and how to incorporate them into your DevSecOps workflow.
🔹Infrastructure security: Learn about securing the infrastructure that supports your applications, including servers, networks, and databases.
🔹 Compliance and regulations: Learn about compliance requirements and regulations such as GDPR, HIPAA, and PCI-DSS
👍5🔥3
Неплохо для новичков о базе построения DevSecOps
В статей дается обзор стадий базового workflow, ключевых инструментах анализа безопасности CD/CI процесса и некоторых контролях secure pipeline, которые must have
Источник
#SecDevOps
В статей дается обзор стадий базового workflow, ключевых инструментах анализа безопасности CD/CI процесса и некоторых контролях secure pipeline, которые must have
Источник
#SecDevOps
Хабр
Как превратить DevOps-пайплайн в DevSecOps-пайплайн. Обзор концепции Shift Left
Привет, Хабр! Меня зовут Алексей Колосков, я DevOps/Cloud-инженер в Hilbert Team. Вместе с моим коллегой Михаилом Кажемским в этой статье мы расскажем об особенностях DevSecOps-пайплайна и концепции...
👍4
Изменилась ли оплата труда в отечественном ИТ секторе за последние 6 - 9 месяцев (после начала санкций в РФ, миграции спецов зарубеж, курса на импортозамещение, инициатив правительтсва по стимуляции отраслии т.д.)?
Anonymous Poll
17%
Да, выросли ЗП, есть скачок спроса на кадры в отечественные компании
12%
ЗП поднялись только в некоторых компаниях, остальные на том же уровне что и было до зимы 2022
19%
Ничего не поменялось абсолютно - Москва в шоколаде, регионы в G@вне
9%
Стало только хуже, количество позиций уменьшилось, ЗП упали, конкуренция за вакансию больше
23%
Работаю за еду как и раньше
20%
Свой вариант (пиши в чат)
🔥7
Active Directory Security Assessment, 2023
Microsoft provides Active Directory Security Assessments for their customers, which is great, but unfortunately not everyone has the money nor the people to do these kind of Security Assess-ment, and since AD is the backbone of identities for many organizations.
Different examples from real world experience has been covered, where I have managed to see these misconfigurations in production environments.
#windows #audit
Microsoft provides Active Directory Security Assessments for their customers, which is great, but unfortunately not everyone has the money nor the people to do these kind of Security Assess-ment, and since AD is the backbone of identities for many organizations.
Different examples from real world experience has been covered, where I have managed to see these misconfigurations in production environments.
#windows #audit
👍4
Certified Ethical Hacker v 12 Exam Preparation. Sample Questions with Answers, Compiled by Mohammad Alkhudari
#useful
#useful
👍2🔥2
Certified Ethical Hacker Exam Preparation_CEH12_PDF.pdf
1.5 MB
Certified Ethical Hacker v 12 Exam Preparation. Sample Questions with Answers, Compiled by Mohammad Alkhudari
👍7
Attacked From Behind Application, Hadess, 2023
Adversaries may attempt to take advantage of a weakness in an Internet-facing computer or
program using software, data, or commands in order to cause unintended or unanticipated
behavior. The weakness in the system can be a bug, a glitch, or a design vulnerability.
These applications are often websites, but can include databases (like SQL), standard services (like SMB or SSH), network device administration and management protocols (like SNMP and Smart Install), and any other applications with Internet accessible open sockets, such as web servers and related services.
Some of the most significant and most dangerous vulnerabilities and the attacks they have enabled have involved using RCE for Exploit Public-Facing Application.
#pentest
Adversaries may attempt to take advantage of a weakness in an Internet-facing computer or
program using software, data, or commands in order to cause unintended or unanticipated
behavior. The weakness in the system can be a bug, a glitch, or a design vulnerability.
These applications are often websites, but can include databases (like SQL), standard services (like SMB or SSH), network device administration and management protocols (like SNMP and Smart Install), and any other applications with Internet accessible open sockets, such as web servers and related services.
Some of the most significant and most dangerous vulnerabilities and the attacks they have enabled have involved using RCE for Exploit Public-Facing Application.
#pentest
🔥3😱1