Starting a new web based project? This is a reference of useful security related links and tools. Mostly web focused generally related to technologies I happen to be working with.
There are many related terms which are not all the same, but do share much overlap; WebSec/WebSecOps, DevSec/DevSecOps, Cyber/CyberSec/Cyber Security, SDLC. Security in general should be one of the first considerations when planning a new feature. As with most things in software development, the earlier security is considered the cheaper it is to apply its principles. I won’t go in to details on that philosophy in this post, but this is also known as shifting left which is common when talking about testing strategies.
This post contains a selection of resources related to Cyber Security for an easy reference. There are a lot of these out there, so this particular list is by no means exhaustive.
Security Code Scan – static code analyser for .NET
Uses the public OSS Index database to scan for vulnerable Nuget packages.
Open Source library vulnerability scanning.
SSL Labs SSL Test
Check security related HTTP headers on publicly available sites.
‘;–have i been pwned?
Blogs / Podcasts
Andrew Lynes: The Blog
Information Resources / Databases
Microsoft Security Development Lifecycle
Common Vulnerabilities and Exposures
NIST National Vulnerability Database
I’d like to keep this somewhat up to date. If you have any other suggestions please let me know in the comments.