dsogroup / DevSecOps
开发和安全和运营:DevSecOps-Software development (Dev) and Security (Sec) and IT operations (Ops).
☆23Updated 11 months ago
Alternatives and similar repositories for DevSecOps:
Users that are interested in DevSecOps are comparing it to the libraries listed below
- 《深入理解DAST动态应用程序安全测试》Dynamic Application Security Testing.☆49Updated 2 years ago
- 手把手教你写IAST系列☆24Updated last year
- 代码审计自动化系统,底层架构为蜻蜓编排系统,墨菲SCA,fortify,SemGrep,hema☆27Updated 2 weeks ago
- cloud-audit (云安全审计助手)是检测公有云厂商AK/SK泄漏被利用的工具,通过定期调用云平台接口审计日志,基于异常行为/黑特征/基线发现疑似入侵行为。☆37Updated 9 months ago
- CodeQL中文资料和常见使用解释。Chinese version of Codeql documents☆9Updated 4 years ago
- 基于SpringBoot编写的常见Web漏洞安全开发学习平台☆24Updated 3 years ago
- 解答开发关于安全漏洞的常见问题☆41Updated 4 years ago
- burp extension for SSRF☆27Updated last year
- springboot getRequestURI acl bypass☆37Updated 4 years ago
- vulhub-compose是一款屏蔽docker-compose的命令行工具,目的是降低火线平台社区用户使用vulhub靶场的难度,减少学习docker-compose的时间成本;同时,支持直接安装洞态IAST(原灵芝IAST)到vulhub靶场,用于漏洞复现、漏洞挖掘。☆45Updated 3 years ago
- �收录go语言编写的项目、框架和组件出现的cve,或者一些相关的利用方式的文章☆38Updated 2 years ago
- 一个可快速“搬运”cookie的Burp Suite插件☆25Updated 6 years ago
- 收集规则☆30Updated 2 years ago
- WAF自动化质量测试工具☆20Updated 2 years ago
- API Security DAST & Oprations☆16Updated last year
- AWVS13和xray的自动化扫描脚本☆17Updated 4 years ago
- 打CTF实在厌倦了找利用链,就知道一个fastjson的版本,一堆依赖找啊找,头都疼。为了解决这个烦恼,用了卓卓师傅的fastjson黑名单工具和库,自己改造了一下。☆32Updated 5 years ago
- notes☆27Updated 2 years ago
- 是我阅读各种源码写的笔记☆71Updated 2 years ago
- 简单记录下自己在挖掘SRC☆32Updated 4 years ago
- javaweb-codereview☆30Updated 6 years ago
- CodeQL extractor for java, which don't need to compile java source☆10Updated last year
- CVE-2021-43297 POC,Apache Dubbo<= 2.7.13时可以实现RCE☆38Updated 3 years ago
- Rich woman scanner --富婆扫描器☆34Updated 2 years ago
- ☆10Updated 2 years ago
- 《JNDI-深入理解Java万恶之源》☆37Updated last year
- Ni-nuclei二开☆38Updated last year
- 安全手册,企业安全实践、攻防与安全研究知识库☆35Updated 3 months ago
- 🌏 [WIP]整理好了之后迁移到 cdk-team/document,包含各类容器、K8s攻防场景的CDK文档。☆24Updated 2 years ago
- ☆28Updated 4 years ago