Git Product home page Git Product logo

secops's Introduction

目录

基础安全

网络

IP

  • ip2region 准确率99.9%的ip地址定位库,0.0x毫秒级查询,数据库文件大小只有1.5M

Linux

主机安全

驭龙 HIDS 一款由 YSRC 开源的主机入侵检测系统

SSHFS
目的:通过SSH映射远程服务器目录,进行文件扫描 步骤:

  • 客户端何服务器安装 sshfs
  • 客户端访问 密码认证 sshfs -o allow_other aka77@hd:/home/aka77/ /mnt/hd
  • 客户端访问 证书认证 sshfs -o IdentityFile=~/.ssh/id_rsa aka77@jp:/home/aka77/ ~/jp

数据库安全

数据库中间件:

开发

git

HTML/CSS

http://www.ibootstrap.cn/

Python

爬虫,代理服务:

Java

Java 安全

Java 开发安全框架:

  • Spring Security
  • Apache Shiro

Spring Boot 入门

https://github.com/ChaoZeyi/SpringBootLearning

Spring Security DEMO & Guides

�组件安全

Dependency Check 第三方组件安全检查

./dependency-check.sh --project "Web" -s ~/Downloads/S2-046-PoC-master/

静态扫描:

IRC Client for Macos

  • LimeChat_2.42

应用安全

Android

  • BytecodeViewer Java Jar 代码查看,比jd-gui强

安全技能:

  • sqlmap 、mitmproxy BeEF

Web安全标准:

  • OWASP
  • WASC

社工库:

OWASP

Developer How To Guide

  • How To Fix SQL Injection
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)

测试

静态扫描:

测试社区:

持续集成:

Sonar 测试框架

[SonarSource Rules]

Plugins:

[Dependency Check] [ThreadFix] :The ThreadFix plugin allows importing results from application security scanning tools, such as AppScan, WebInspect, Fortify, Checkmarx, BurpSuite and many others.

[ZAP]:Parses OWASP ZAP reports and imports results into SonarQube

Slack:Multiple independent plugins (with coincidentally identical plugin keys) exist to send SonarQube notifications to the specified Slack channel.

测试工具

  • 开源工具
  • Hitchhiker 是一款开源的 Restful Api 测试工具,支持Schedule, 数据对比,压力测试,支持上传脚本定制请求,可以轻松部署到本地,和你的team成员一起管理Api

威胁情报

安全漏洞信息

CNVD:

CVSS:

GitHub 泄露监控系统/工具

  • Hawkeye 泄露监控系统
  • gitrob Ruby开发,支持通过postgresql数据库
  • weakfilescan Python开发,多线程,猪猪侠开发中文注释,个性化定制,需要beautifulsoup4,用于渗透人员在对网站进行网站渗透时查找敏感文件(配置文件、临时文件)、敏感目录,会首先爬取目标站点的三层目录资源,生成目录FUZZ和文件FUZZ
  • GitPrey Python开发,国人开发中文支持,用于企业搜索关键词,及时发现潜在的敏感信息,需要登录
  • GitMiner Python开发,功能简单

漏洞管理

creditease-sec/insight 洞察-宜信集应用系统资产管理、漏洞全生命周期管理、安全知识库管理三位一体的平台。

移动安全

Android 安全

OWASP

  • owasp-mstg The Mobile Security Testing Guide (MSTG)

数据安全

治理:

区块链

超级账本

中文翻译材料

Fabric / Composer �入门:

加密技术

Cryptographic Storage Cheat Sheet

  • Key exchange: Diffie–Hellman key exchange with minimum 2048 bits
  • Message Integrity: HMAC-SHA2
  • Message Hash: SHA2 256 bits
  • Assymetric encryption: RSA 2048 bits
  • Symmetric-key algorithm: AES 128 bits
  • Password Hashing: PBKDF2, Scrypt, Bcrypt

书籍/文摘

安全测试

很用心的文章

安全事件

《微服务:从设计到部署》中文版

secops's People

Contributors

aka99 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.