{"id":24678632,"url":"https://github.com/contrast-security-oss/adr-runbooks","last_synced_at":"2025-08-22T05:37:57.190Z","repository":{"id":266366858,"uuid":"898158866","full_name":"Contrast-Security-OSS/adr-runbooks","owner":"Contrast-Security-OSS","description":null,"archived":false,"fork":false,"pushed_at":"2025-02-19T13:38:13.000Z","size":103,"stargazers_count":2,"open_issues_count":1,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-16T03:45:00.719Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"CSS","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Contrast-Security-OSS.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-12-03T22:27:14.000Z","updated_at":"2025-02-26T15:08:06.000Z","dependencies_parsed_at":"2024-12-03T23:27:01.705Z","dependency_job_id":"ef009472-99fc-4321-a9ca-98f8ace61e6d","html_url":"https://github.com/Contrast-Security-OSS/adr-runbooks","commit_stats":null,"previous_names":["contrast-security-oss/adr-runbooks"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Contrast-Security-OSS%2Fadr-runbooks","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Contrast-Security-OSS%2Fadr-runbooks/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Contrast-Security-OSS%2Fadr-runbooks/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Contrast-Security-OSS%2Fadr-runbooks/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Contrast-Security-OSS","download_url":"https://codeload.github.com/Contrast-Security-OSS/adr-runbooks/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244845865,"owners_count":20520035,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-01-26T13:17:47.530Z","updated_at":"2025-03-21T18:24:44.176Z","avatar_url":"https://github.com/Contrast-Security-OSS.png","language":"CSS","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Application Detection and Response Runbooks\n\nThis repository contains detailed runbooks for responding to various security incidents detected by Contrast Security. These runbooks provide step-by-step guidance for security teams to effectively triage and respond to different types of security events.\n\n## Available Runbooks\n\n### Injection Attacks\n- [Command Injection](_runbooks/command-injection.md) - Handling command injection attacks attempting to execute arbitrary system commands\n- [JNDI Injection](_runbooks/jndi-injection.md) - Responding to JNDI injection attempts targeting Java applications\n- [SQL Injection](_runbooks/sql-injection.md) - Managing SQL injection attacks against database systems\n- [Expression Language Injection](_runbooks/expression-language-injection.md) - Addressing expression language injection vulnerabilities\n\n### Access Control \u0026 Traversal\n- [Path Traversal](_runbooks/path-traversal.md) - Handling attempts to access files outside intended directories\n- [HTTP Method Tampering](_runbooks/http-method-tampering.md) - Managing unauthorized HTTP method manipulation\n\n### Data \u0026 Parsing Vulnerabilities  \n- [Cross-Site Scripting (XSS)](_runbooks/cross-site-scripting.md) - Responding to XSS attacks injecting malicious scripts\n- [XML External Entity Injection](_runbooks/xml-external-entity-injection.md) - Handling XXE attacks against XML parsers\n- [Untrusted Deserialization](_runbooks/untrusted-deserialization.md) - Managing deserialization of untrusted data\n\n## Using the Runbooks\n\n1. Identify the type of security event/alert\n2. Navigate to the corresponding runbook\n3. Follow the decision tree to classify the event\n4. Execute the recommended response procedures\n5. Document actions taken and complete post-incident activities\n\n## Contributing\n\nSee our [Contribution Guidelines](CONTRIBUTING.md) for information on how to contribute to these runbooks.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcontrast-security-oss%2Fadr-runbooks","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcontrast-security-oss%2Fadr-runbooks","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcontrast-security-oss%2Fadr-runbooks/lists"}