Starting a new web based project? This is a reference of useful security related links and tools. Mostly web focused generally related to technologies I happen to be working with.
There are many related terms which are not all the same, but do share much overlap; WebSec/WebSecOps, DevSec/DevSecOps, Cyber/CyberSec/Cyber Security, SDLC. Security in general should be one of the first considerations when planning a new feature. As with most things in software development, the earlier security is considered the cheaper it is to apply its principles. I won’t go in to details on that philosophy in this post, but this is also known as shifting left which is common when talking about testing strategies.
This post contains a selection of resources related to Cyber Security for an easy reference. There are a lot of these out there, so this particular list is by no means exhaustive.
Tools
Security Code Scan – static code analyser for .NET
https://security-code-scan.github.io/
Audit.Net
https://github.com/OSSIndex/audit.net
Uses the public OSS Index database to scan for vulnerable Nuget packages.
WhiteSource
https://www.whitesourcesoftware.com/
Open Source library vulnerability scanning.
Services
SSL Labs SSL Test
https://www.ssllabs.com/ssltest/
Security Headers
Check security related HTTP headers on publicly available sites.
‘;–have i been pwned?
Blogs / Podcasts
Troy Hunt
Security Now
https://www.grc.com/SecurityNow.htm
Andrew Lynes: The Blog
https://anlynes.wordpress.com/category/cyber-security/
Information Resources / Databases
OWASP
Microsoft Security Development Lifecycle
https://www.microsoft.com/en-us/securityengineering/sdl/
Common Vulnerabilities and Exposures
NIST National Vulnerability Database
I’d like to keep this somewhat up to date. If you have any other suggestions please let me know in the comments.
Šmonland 