zeroXten/secdevops

SevDevOps tools and resources

Contributing

Send a pull request :)

SevDevOps tools & resources

Culture & Training

Presentations

• https://speakerdeck.com/iodboi/crafting-an-effective-security-organisation-qcon-nyc

Conferences

• http://www.devseccon.com/

Design & Development

SDLC

• https://www.owasp.org/index.php/Secure_SDLC_Cheat_Sheet
• https://www.microsoft.com/en-us/sdl/

Secure coding practices

Agile threat modelling

• https://github.com/pki-io/threatspec
• https://github.com/srenatus/threatspec-playground
• https://www.sec.in.tum.de/code-nahe-schutzkonzepte

Secure architecture

Build

• Automated static analysis (unsafe functions and more)
• Supply chain vulnerability management (controlling and monitoring your upstream dependencies)

Testing

• Automated security testing (file access/permissions, port scans, web testing through proxy, fuzzing etc)

Operations

• Automated use of encryption
• Automated centralised collection of logs and metrics
• Automated management of security policies (e.g. firewalls, HIDS)
• Continuous patching
• Automated identity and access management