| No. | DevSecOps Aspect | No. | Directory Name |
|---|---|---|---|
| 1 | Web Application Security | 09 | Active Directory Security |
| 2 | API Security | 10 | Infrastructure Security |
| 3 | Mobile Application Security | 11 | Threat Modeling |
| 4 | Thick Client Application Security | 12 | IoT Security |
| 5 | Source Code Review | 13 | OSINT (Open Source Intelligence) |
| 6 | Network Security | 14 | Blockchain Security |
| 7 | Wi-Fi Security | 15 | CI/CD Pipeline Security |
| 8 | Cloud Security | 16 | Docker Container Security |
| 9 | DevSecOps |
| No. | DevSecOps Aspect | Description |
|---|---|---|
| 1 | Web Application Security | Assess and secure web applications for vulnerabilities. |
| 2 | API Security | Test and enhance the security of APIs and microservices. |
| 3 | Mobile Application Security | Evaluate the security of mobile apps and devices. |
| 4 | Thick Client Application Security | Assess thick client applications for security issues. |
| 5 | Source Code Review | Analyze source code to identify and rectify vulnerabilities. |
| 6 | Network Security | Secure networks by identifying and addressing weaknesses. |
| 7 | Wi-Fi Network Security | Evaluate the security of Wi-Fi networks and access points. |
| 8 | Cloud Security | Assess the security of cloud-based systems and services. |
| 9 | Active Directory Security | Evaluate the security of Active Directory environments. |
| 10 | Infrastructure Security | Secure the underlying IT infrastructure and assets. |
| 11 | Threat Modeling | Model and assess threats to enhance system security. |
| 12 | IoT Security | Identify and mitigate vulnerabilities in IoT devices. |
| 13 | OSINT (Open Source Intelligence) | Gather intelligence from open sources for security analysis. |
| 14 | Blockchain Security | Assess blockchain systems for security and compliance. |
| 15 | CI/CD Pipeline Security | Evaluate the security of continuous integration pipelines. |
| 16 | Docker Container Security | Secure Docker containers and containerized applications. |
| 17 | DevSecOps | Integrate security practices throughout the DevOps lifecycle. |
| Category | Tools |
|---|---|
| Web App Pentesting | Burp Suite Pro 🌐, OWASP ZAP 🌐, Nmap 🌐, Nikto 🌐, Acunetix, HCL-AppScan 🌐, Wfuzz 🌐, SQLMap 🌐, Amass 🌐, NetSparker 🌐, Fortify-WebInspect 🌐 |
| Mobile App Pentesting | Android:: MobSF 📱, Frida 📱, APKTool 📱, JADX 📱, AndroidStudio/Genymotion 📱, Drozer 📱, Magisk Root 📱, APKX 📱, mitmproxy 📱, Objection 📱, adb 📱 iOS:: MobSF 📱, Frida 📱, Objection 📱, Cycript 📱, iOS Hook 📱, Needle 📱, Class-dump 📱, Burp Suite Mobile Assistant 📱, SSL Kill Switch 2 📱, iMazing 📱 |
| API Pentesting | Postman 📡, Insomnia 📡, Burp Suite Pro 📡, OWASP Amass 📡, 42Crunch API Security 📡, Swagger Inspector 📡, Kite Runner 📡, SecApps Intercept 📡 |
| Secure Code Review | SonarQube 🔐, Snyk 📡,Semgrep 🔐, Checkmarx 🔐, Veracode 🔐, Fortify-WorkbencAudit 🔐, CodeQL 🔐, Bandit 🔐, FindSecBugs 🔐, Gitleaks 🔐 |
| Thick Client Pentesting | Fiddler 💻, Burp Suite Pro 💻, dnSpy 💻, IDA Pro 💻, Ghidra 💻, Process Explorer 💻, CFF Explorer 💻, OllyDbg 💻, x64dbg 💻, Wireshark 💻 |
| Network Pentesting | Nmap 🌐, Wireshark 🌐, Metasploit Framework 🌐, Nessus 🌐, OpenVAS 🌐, Responder 🌐, CrackMapExec 🌐, BloodHound 🌐, Netcat 🌐, Bettercap 🌐 |
| Cloud Security | Prowler ☁️, ScoutSuite ☁️, CloudSploit ☁️, Pacu ☁️, Steampipe ☁️, CloudMapper ☁️, NCC Group Scout ☁️, kube-bench ☁️ |
| Container Security | Trivy 🐳, Aqua Microscanner 🐳, Clair 🐳, Anchore 🐳, Docker Bench 🐳, kube-hunter 🐳, Falco 🐳, Sysdig 🐳, Snyk 🐳 |
I appreciate your interest in contributing! please read Contribution Guidelines.
A heartfelt thank you to these amazing individuals for their contributions to this project. You can view emoji key to see the various ways you can contribute!
 Marko Živanović 🔧 |
 Madhurendra kumar 💻 |
 0xanon 💻 |
 InfoBugs 💻 |
 Ratnesh kumar 💻 |
