From 83501f6cb65e1a3c5d91fd66ea38120169f77162 Mon Sep 17 00:00:00 2001 From: Robin Rainwalker Date: Fri, 15 Mar 2019 12:49:35 -0400 Subject: [PATCH 1/5] Added Legion to Scanning / Penetration Testing [Legion](https://github.com/GoVanguard/legion) - Open source semi-automated discovery and reconnaissance network penetration testing framework by @GoVanguard. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 283a153..98485f9 100644 --- a/README.md +++ b/README.md @@ -63,6 +63,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Nmap](https://nmap.org) - Nmap is a free and open source utility for network discovery and security auditing. - [Amass](https://github.com/caffix/amass) - Amass performs DNS subdomain enumeration by scraping the largest number of disparate data sources, recursive brute forcing, crawling of web archives, permuting and altering names, reverse DNS sweeping and other techniques. - [Anevicon](https://github.com/Gymmasssorla/anevicon) - The most powerful UDP-based load generator, written in Rust. +- [Legion](https://github.com/GoVanguard/legion) - Open source semi-automated discovery and reconnaissance network penetration testing framework. ### Monitoring / Logging From 64a9eea4dc4acda181e3b02918d1ebdc9ab26fb0 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Sun, 31 Mar 2019 21:16:53 +0200 Subject: [PATCH 2/5] Added OWASP Juice Shop docker image --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 283a153..bb485d8 100644 --- a/README.md +++ b/README.md @@ -165,6 +165,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - `docker pull danmx/docker-owasp-webgoat` - [OWASP WebGoat Project docker image](https://hub.docker.com/r/danmx/docker-owasp-webgoat/) - `docker-compose build && docker-compose up` - [OWASP NodeGoat](https://github.com/owasp/nodegoat#option-3---run-nodegoat-on-docker) - `docker pull citizenstig/nowasp` - [OWASP Mutillidae II Web Pen-Test Practice Application](https://hub.docker.com/r/citizenstig/nowasp/) +- `docker pull bkimminich/juice-shop` - [OWASP Juice Shop](https://hub.docker.com/r/bkimminich/juice-shop) ## Endpoint From c8c3611e400cd8cfa91cadd0d62bbe96a4621496 Mon Sep 17 00:00:00 2001 From: francisyzy Date: Mon, 1 Apr 2019 16:00:24 +0800 Subject: [PATCH 3/5] Add OpenSnitch --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 283a153..d1451fd 100644 --- a/README.md +++ b/README.md @@ -74,6 +74,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Node Security Platform](https://nodesecurity.io/) - Similar feature set to Snyk, but free in most cases, and very cheap for others. - [ntopng](http://www.ntop.org/products/traffic-analysis/ntop/) - Ntopng is a network traffic probe that shows the network usage, similar to what the popular top Unix command does. - [Fibratus](https://github.com/rabbitstack/fibratus) - Fibratus is a tool for exploration and tracing of the Windows kernel. It is able to capture the most of the Windows kernel activity - process/thread creation and termination, file system I/O, registry, network activity, DLL loading/unloading and much more. Fibratus has a very simple CLI which encapsulates the machinery to start the kernel event stream collector, set kernel event filters or run the lightweight Python modules called filaments. +- [opensnitch](https://github.com/evilsocket/opensnitch) - OpenSnitch is a GNU/Linux port of the Little Snitch application firewall ### IDS / IPS / Host IDS / Host IPS From c15ef49da2e93e4e4ed0f1c7994be62f0f94cb03 Mon Sep 17 00:00:00 2001 From: Jake Jarvis Date: Fri, 31 May 2019 10:39:46 -0400 Subject: [PATCH 4/5] Add Shodan Awesome List to Security Awesome Lists category --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 283a153..3caa2cd 100644 --- a/README.md +++ b/README.md @@ -341,6 +341,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [Awesome Threat Detection and Hunting](https://github.com/0x4D31/awesome-threat-detection) - A curated list of awesome threat detection and hunting resources. - [Awesome Container Security](https://github.com/kai5263499/container-security-awesome) - A curated list of awesome resources related to container building and runtime security - [Awesome Crypto Papers](https://github.com/pFarb/awesome-crypto-papers) - A curated list of cryptography papers, articles, tutorials and howtos. +- [Awesome Shodan Search Queries](https://github.com/jakejarvis/awesome-shodan-queries) - A collection of interesting, funny, and depressing search queries to plug into Shodan.io. ### Other Common Awesome Lists From 8c44b9ffd64db2777c0e24627cebf5523482b031 Mon Sep 17 00:00:00 2001 From: Neil Madden Date: Mon, 17 Jun 2019 17:09:08 +0100 Subject: [PATCH 5/5] Add API Security in Action --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 283a153..68b029a 100644 --- a/README.md +++ b/README.md @@ -260,6 +260,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c ### Development +- [API Security in Action](https://www.manning.com/books/api-security-in-action) - Book covering API security including secure development, token-based authentication, JSON Web Tokens, OAuth 2, and Macaroons. (early access, published continuously, final release summer 2020) - [Secure by Design](https://www.manning.com/books/secure-by-design?a_aid=danbjson&a_bid=0b3fac80) - Book that identifies design patterns and coding styles that make lots of security vulnerabilities less likely. (early access, published continuously, final release fall 2017) - [Securing DevOps](https://www.manning.com/books/securing-devops) - Book that explores how the techniques of DevOps and Security should be applied together to make cloud services safer. (early access, published continuously, final release January 2018) - [Understanding API Security](https://www.manning.com/books/understanding-api-security) - Free eBook sampler that gives some context for how API security works in the real world by showing how APIs are put together and how the OAuth protocol can be used to protect them.