{"id":46541517,"url":"https://github.com/codebytes/mitre-attack-for-devs","last_synced_at":"2026-04-02T18:48:47.637Z","repository":{"id":337350534,"uuid":"1153212520","full_name":"codebytes/mitre-attack-for-devs","owner":"codebytes","description":"MITRE ATT\u0026CK for Developers - Beyond OWASP. Conference talk slides and code samples.","archived":false,"fork":false,"pushed_at":"2026-03-29T22:43:58.000Z","size":13059,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-30T00:59:12.993Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"CSS","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/codebytes.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-09T03:21:52.000Z","updated_at":"2026-03-29T22:43:52.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/codebytes/mitre-attack-for-devs","commit_stats":null,"previous_names":["codebytes/mitre-attack-for-devs"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/codebytes/mitre-attack-for-devs","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codebytes%2Fmitre-attack-for-devs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codebytes%2Fmitre-attack-for-devs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codebytes%2Fmitre-attack-for-devs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codebytes%2Fmitre-attack-for-devs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/codebytes","download_url":"https://codeload.github.com/codebytes/mitre-attack-for-devs/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codebytes%2Fmitre-attack-for-devs/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31313397,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-02T12:59:32.332Z","status":"ssl_error","status_checked_at":"2026-04-02T12:54:48.875Z","response_time":89,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-03-07T01:10:40.731Z","updated_at":"2026-04-02T18:48:47.628Z","avatar_url":"https://github.com/codebytes.png","language":"CSS","funding_links":[],"categories":[],"sub_categories":[],"readme":"# MITRE ATT\u0026CK for Developers — Beyond OWASP\n\nThis repository contains the slide deck, demos, and additional resources for the \"MITRE ATT\u0026CK for Developers — Beyond OWASP\" talk by Chris Ayers, Principal Software Engineer at Microsoft. The talk bridges the gap between threat intelligence and practical development, showing how to apply adversarial thinking to your code.\n\n## Slides\n\nYou can access the slides for the talk at [https://chris-ayers.com/mitre-attack-for-devs/](https://chris-ayers.com/mitre-attack-for-devs/).\n\n## Repository Content\n\nThis repository provides insights, code samples, and demonstrations for applying the MITRE ATT\u0026CK framework to application development. Topics covered include:\n\n- Understanding the MITRE ATT\u0026CK framework and its 14 tactics\n- How ATT\u0026CK complements OWASP — vulnerabilities vs. adversary behavior\n- Practical code examples mapping ATT\u0026CK techniques to real development scenarios\n- Detection and defense patterns for common attack techniques\n- Supply chain security, credential access, and data exfiltration defenses\n- Building an adversary-informed development workflow\n\n## Code Samples\n\nThe `samples/` directory contains educational code samples in three languages, each demonstrating attack techniques and corresponding defenses mapped to ATT\u0026CK technique IDs:\n\n- **[Python](./samples/python/)** — Credential stuffing detection, command injection, unsafe deserialization, tamper-evident logging, data access monitoring, secrets scanning\n- **[.NET/C#](./samples/dotnet/)** — Command injection, session security, tamper-evident logging, secrets management, web shell detection\n- **[JavaScript](./samples/javascript/)** — SQL injection, session security, credential stuffing detection, supply chain verification, data exfiltration detection, secrets detection\n\n## Resources\n\n- [MITRE ATT\u0026CK Enterprise Matrix](https://attack.mitre.org/matrices/enterprise/)\n- [MITRE ATT\u0026CK Techniques](https://attack.mitre.org/techniques/enterprise/)\n- [OWASP Top 10](https://owasp.org/www-project-top-ten/)\n- [MITRE D3FEND](https://d3fend.mitre.org/)\n- [ATT\u0026CK Navigator](https://mitre-attack.github.io/attack-navigator/)\n- [NIST Cybersecurity Framework](https://www.nist.gov/cyberframework)\n\n## Connect with Chris Ayers\n\nFeel free to connect with Chris Ayers on social media and visit his blog for more information on security and other topics:\n\n- BlueSky: [@chris-ayers.com](https://bsky.app/profile/chris-ayers.com)\n- LinkedIn: [chris-l-ayers](https://linkedin.com/in/chris-l-ayers/)\n- Blog: [https://chris-ayers.com/](https://chris-ayers.com/)\n- GitHub: [Codebytes](https://github.com/codebytes)\n- Mastodon: [@Chrisayers@hachyderm.io](https://hachyderm.io/@Chrisayers)\n\n## License\n\nThis project is licensed under the MIT License. See the [LICENSE](LICENSE) file for more information.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodebytes%2Fmitre-attack-for-devs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcodebytes%2Fmitre-attack-for-devs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodebytes%2Fmitre-attack-for-devs/lists"}