| No. | DevSecOps Aspect | No. | Directory Name |
|---|---|---|---|
| 1 | Web Application Security | 09 | Active Directory Security |
| 2 | API Security | 10 | Infrastructure Security |
| 3 | Mobile Application Security | 11 | Threat Modeling |
| 4 | Thick Client Application Security | 12 | IoT Security |
| 5 | Source Code Review | 13 | OSINT (Open Source Intelligence) |
| 6 | Network Security | 14 | Blockchain Security |
| 7 | Wi-Fi Security | 15 | CI/CD Pipeline Security |
| 8 | Cloud Security | 16 | Docker Container Security |
| 9 | DevSecOps |
| No. | DevSecOps Aspect | Description |
|---|---|---|
| 1 | Web Application Security | Assess and secure web applications for vulnerabilities. |
| 2 | API Security | Test and enhance the security of APIs and microservices. |
| 3 | Mobile Application Security | Evaluate the security of mobile apps and devices. |
| 4 | Thick Client Application Security | Assess thick client applications for security issues. |
| 5 | Source Code Review | Analyze source code to identify and rectify vulnerabilities. |
| 6 | Network Security | Secure networks by identifying and addressing weaknesses. |
| 7 | Wi-Fi Network Security | Evaluate the security of Wi-Fi networks and access points. |
| 8 | Cloud Security | Assess the security of cloud-based systems and services. |
| 9 | Active Directory Security | Evaluate the security of Active Directory environments. |
| 10 | Infrastructure Security | Secure the underlying IT infrastructure and assets. |
| 11 | Threat Modeling | Model and assess threats to enhance system security. |
| 12 | IoT Security | Identify and mitigate vulnerabilities in IoT devices. |
| 13 | OSINT (Open Source Intelligence) | Gather intelligence from open sources for security analysis. |
| 14 | Blockchain Security | Assess blockchain systems for security and compliance. |
| 15 | CI/CD Pipeline Security | Evaluate the security of continuous integration pipelines. |
| 16 | Docker Container Security | Secure Docker containers and containerized applications. |
| 17 | DevSecOps | Integrate security practices throughout the DevOps lifecycle. |
| Category | Tools |
|---|---|
| Web App Pentesting | Burp Suite Pro π, OWASP ZAP π, Nmap π, Nikto π, Acunetix, HCL-AppScan π, Wfuzz π, SQLMap π, Amass π, NetSparker π, Fortify-WebInspect π |
| Mobile App Pentesting | Android:: MobSF π±, Frida π±, APKTool π±, JADX π±, AndroidStudio/Genymotion π±, Drozer π±, Magisk Root π±, APKX π±, mitmproxy π±, Objection π±, adb π± iOS:: MobSF π±, Frida π±, Objection π±, Cycript π±, iOS Hook π±, Needle π±, Class-dump π±, Burp Suite Mobile Assistant π±, SSL Kill Switch 2 π±, iMazing π± |
| API Pentesting | Postman π‘, Insomnia π‘, Burp Suite Pro π‘, OWASP Amass π‘, 42Crunch API Security π‘, Swagger Inspector π‘, Kite Runner π‘, SecApps Intercept π‘ |
| Secure Code Review | SonarQube π, Snyk π‘,Semgrep π, Checkmarx π, Veracode π, Fortify-WorkbencAudit π, CodeQL π, Bandit π, FindSecBugs π, Gitleaks π |
| Thick Client Pentesting | Fiddler π», Burp Suite Pro π», dnSpy π», IDA Pro π», Ghidra π», Process Explorer π», CFF Explorer π», OllyDbg π», x64dbg π», Wireshark π» |
| Network Pentesting | Nmap π, Wireshark π, Metasploit Framework π, Nessus π, OpenVAS π, Responder π, CrackMapExec π, BloodHound π, Netcat π, Bettercap π |
| Cloud Security | Prowler βοΈ, ScoutSuite βοΈ, CloudSploit βοΈ, Pacu βοΈ, Steampipe βοΈ, CloudMapper βοΈ, NCC Group Scout βοΈ, kube-bench βοΈ |
| Container Security | Trivy π³, Aqua Microscanner π³, Clair π³, Anchore π³, Docker Bench π³, kube-hunter π³, Falco π³, Sysdig π³, Snyk π³ |
I appreciate your interest in contributing! please read Contribution Guidelines.
A heartfelt thank you to these amazing individuals for their contributions to this project. You can view emoji key to see the various ways you can contribute!
 Marko Ε½ivanoviΔ π§ |
 Madhurendra kumar π» |
 0xanon π» |
 InfoBugs π» |
 Ratnesh kumar π» |
 Chandrabhushan Kumar π» |
