{"id":17285206,"url":"https://github.com/upgundecha/applied-security","last_synced_at":"2025-04-14T10:41:54.152Z","repository":{"id":146177665,"uuid":"529465102","full_name":"upgundecha/applied-security","owner":"upgundecha","description":"A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Cybersecurity","archived":false,"fork":false,"pushed_at":"2022-11-04T12:36:13.000Z","size":266,"stargazers_count":6,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-27T23:51:09.316Z","etag":null,"topics":["appsec","cloudsecurity","cybersecurity","devsecops","infosec","security","security-tools"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc0-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/upgundecha.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"contributing.md","funding":null,"license":"LICENSE","code_of_conduct":"code-of-conduct.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-08-27T02:56:15.000Z","updated_at":"2022-11-07T04:00:20.000Z","dependencies_parsed_at":null,"dependency_job_id":"5b130c3e-58ad-468c-887d-6c2d6f8effc6","html_url":"https://github.com/upgundecha/applied-security","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":"upgundecha/howtheysre","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/upgundecha%2Fapplied-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/upgundecha%2Fapplied-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/upgundecha%2Fapplied-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/upgundecha%2Fapplied-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/upgundecha","download_url":"https://codeload.github.com/upgundecha/applied-security/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248867138,"owners_count":21174676,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["appsec","cloudsecurity","cybersecurity","devsecops","infosec","security","security-tools"],"created_at":"2024-10-15T09:56:03.122Z","updated_at":"2025-04-14T10:41:54.126Z","avatar_url":"https://github.com/upgundecha.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Applied Cybersecurity\n\n![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square) [![CI](https://github.com/upgundecha/applied-cybersecurity/actions/workflows/workflow.yml/badge.svg)](https://github.com/upgundecha/applied-cybersecurity/actions/workflows/workflow.yml) [![CodeQL](https://github.com/upgundecha/applied-security/actions/workflows/codeql.yml/badge.svg)](https://github.com/upgundecha/applied-security/actions/workflows/codeql.yml) [![Dependency Review](https://github.com/upgundecha/applied-security/actions/workflows/dependency-review.yml/badge.svg)](https://github.com/upgundecha/applied-security/actions/workflows/dependency-review.yml)\n\n\u003e A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Cybersecurity\n\n## Introduction\n\n__Applied Cybersecurity__ is a curated knowledge repository of best practices, tools, techniques, for Cybersecurity adopted by the leading technology or tech-savvy organizations.\n\nMany organizations regularly come forward and share their best practices, tools, techniques and offer an insight into engineering culture on various public platforms like engineering blogs, conferences \u0026 meetups. The content is curated from these avenues and shared in this repository.\n\n### Topics\n\n* Cybersecruity\n* AppSec\n* InfoSec\n* DevSecOps\n* Cloud Security\n* Incident Response \u0026 Post-Mortem\n\n## Organizations\n\n\u003cdetails\u003e\n  \u003csummary\u003eAirbnb\u003c/summary\u003e\n\n### Blog Posts\n\n* [Sisyphus and the CVE Feed: Vulnerability Management at Scale](https://medium.com/airbnb-engineering/sisyphus-and-the-cve-feed-vulnerability-management-at-scale-e2749f86a7a4)\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003eAsana\u003c/summary\u003e\n\n### Blog Posts\n\n* [How Asana uses Asana: Security incident response](https://blog.asana.com/2021/09/engineering-security-incident-response/)\n* [How our Security team solved a Central InfoSec CTF challenge](https://blog.asana.com/2021/07/engineering-security-team-central-infosec-ctf-challenge/)\n* [Meet our Security team](https://blog.asana.com/2020/03/meet-security-engineering-team/)\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003eASOS\u003c/summary\u003e\n\n### Blog Posts\n\n* [Cyber Security @ ASOS.com](https://medium.com/asos-techblog/cyber-security-asos-com-7d1d1f346e57)\n* [Security Operations 24x7](https://medium.com/asos-techblog/security-operations-24-x-7-2e90c8e5e7e)\n* [The skills we look for in Cyber Security Incident Response](https://medium.com/asos-techblog/the-skills-we-look-for-in-cyber-security-incident-response-12b327927e38)\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003eChargebee\u003c/summary\u003e\n\n### Blog Posts\n\n* [Building AppSec Pipeline for Continuous Visibility](https://medium.com/chargebee-engineering/building-appsec-pipeline-for-continuous-visibility-d430beb0a78f)\n* [Eliminating Technical Debt using Control Flow Graph Analysis](https://medium.com/chargebee-engineering/solving-engineering-problems-using-security-tools-technical-debt-elimination-using-codeql-83a1e4649e4b)\n* [Perils of Parsing — Pixel Flood Attack on Java ImageIO](https://medium.com/chargebee-engineering/perils-of-parsing-pixel-flood-attack-on-java-imageio-a97aeb06637d)\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003eDBS\u003c/summary\u003e\n\n### Blog Posts\n\n* [Develop A Secure Banking Mobile Application With These Eight Security Methods](https://medium.com/dbs-tech-blog/develop-a-secure-banking-mobile-application-with-these-eight-security-methods-dbf126fc7979)\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003eDream11\u003c/summary\u003e\n\n### Blog Posts\n\n* [Enhancing Cloud Security With Real-Time S3 Alerts at Dream11](https://blog.dream11engineering.com/enhancing-cloud-security-with-real-time-s3-alerts-at-dream11-fac99079fbf4)\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003eDropbox\u003c/summary\u003e\n\n### Blog Posts\n\n* [How we handled a recent phishing incident that targeted Dropbox](https://dropbox.tech/security/a-recent-phishing-campaign-targeting-dropbox)\n* [Dropbox bug bounty program has paid out over $1,000,000](https://dropbox.tech/security/dropbox-bug-bounty-program-has-paid-out-over--1-000-000)\n* [How Dropbox Security builds tools for threat detection and incident response](https://dropbox.tech/security/how-dropbox-security-builds-better-tools-for-threat-detection-and-incident-response)\n* [Towards better vendor security assessments](https://dropbox.tech/security/towards-better-vendor-security-assessments)\n* [Offensive testing to make Dropbox (and the world) a safer place](https://dropbox.tech/security/offensive-testing-to-make-dropbox-and-the-world-a-safer-place)\n* [Live-hacking Dropbox @ H1-3120](https://dropbox.tech/security/live-hacking-dropbox-h1-3120)\n* [Security culture, the Dropbox way](https://dropbox.tech/security/security-culture--the-dropbox-way)\n* [Protecting Security Researchers](https://dropbox.tech/security/protecting-security-researchers)\n* [Security at scale: the Dropbox approach](https://dropbox.tech/security/security-at-scale-the-dropbox-approach)\n* [Updates on the Dropbox Bug Bounty Program](https://dropbox.tech/security/updates-on-the-dropbox-bug-bounty-program)\n* [Meet Securitybot: Open Sourcing Automated Security at Scale](https://dropbox.tech/security/meet-securitybot-open-sourcing-automated-security-at-scale)\n* [Dropbox Bug Bounty Program: Best Practices](https://dropbox.tech/security/dropbox-bug-bounty-program-best-practices-2)\n* [Introducing the Dropbox bug bounty program](https://dropbox.tech/security/introducing-the-dropbox-bug-bounty-program)\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003eGoldman Sachs\u003c/summary\u003e\n\n### Blog Posts\n\n* [Announcing CatchIT - Source Code Secret Scanner](https://developer.gs.com/blog/posts/catchit-source-code-secret-scanner)\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003eGrammerly\u003c/summary\u003e\n\n### Blog Posts\n\n* [Security Operations in an AWS Environment](https://www.grammarly.com/blog/engineering/security-infrastructure-aws/)\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003eGusto\u003c/summary\u003e\n\n### Blog Posts\n\n* [Finding the Less-Risky Path Together: Security Partnership at Gusto](https://engineering.gusto.com/finding-the-less-risky-path-together-security-partnership-at-gusto/)\n* [Security is Testing](https://engineering.gusto.com/security-is-testing/)\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003eMacquarie\u003c/summary\u003e\n\n### Blog Posts\n\n* [Our DevSecOps journey with Golang](https://medium.com/macquarie-engineering-blog/our-devsecops-journey-with-golang-a1af38328c36)\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003eMattermost\u003c/summary\u003e\n\n### Blog Posts\n\n* [The Top 7 Open Source Tools for Securing Your Kubernetes Cluster](https://mattermost.com/blog/the-top-7-open-source-tools-for-securing-your-kubernetes-cluster/)\n* [How to use GitHub Actions securely](https://mattermost.com/blog/how-to-use-github-actions-securely/)\n* [DevSecOps: Collaborate Confidently with Open Source Tools](https://mattermost.com/blog/devsecops-collaboration-with-open-source-tools/)\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003eMercari\u003c/summary\u003e\n\n### Blog Posts\n\n* [The Mobile Attack Surface](https://engineering.mercari.com/en/blog/entry/20220729-the-mobile-attack-surface/)\n* [Securing the SDLC at Mercari: Solutions for Automated Code Scanning](https://engineering.mercari.com/en/blog/entry/20220610-securing-the-sdlc-at-mercari-solutions-for-automated-code-scanning/)\n* [Detection Engineering and SOAR at Mercari](https://engineering.mercari.com/en/blog/entry/20220513-detection-engineering-and-soar-at-mercari/)\n* [Threat Modeling at Mercari](https://engineering.mercari.com/en/blog/entry/20220426-threat-modeling-at-mercari/)\n* [Security Tech Blog Series: Spring Cleaning for Security](https://engineering.mercari.com/en/blog/entry/20220421-security-tech-blog-series-spring-cleaning-for-security/)\n* [DevSecOps: What Is It and Why Is It Gaining Momentum in the Industry?](https://engineering.mercari.com/en/blog/entry/20201214-devsecops-what-is-it-and-why-is-it-gaining-momentum-in-the-industry/)\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003eMonzo Bank\u003c/summary\u003e\n\n### Blog Posts\n\n* [Scaling our security detection pipeline with Sigma](https://monzo.com/blog/2022/08/05/scaling-our-security-detection-pipeline-with-sigma)\n* [How we secure Monzo’s banking platform](https://monzo.com/blog/2022/03/31/how-we-secure-monzos-banking-platform)\n* [How we protect our most sensitive secrets from the most determined attackers](https://monzo.com/blog/2021/11/18/protecting-our-most-sensitive-secrets)\n* [How our security team handle secrets](https://monzo.com/blog/2019/10/11/how-our-security-team-handle-secrets)\n* [We built network isolation for 1,500 services to make Monzo more secure](https://monzo.com/blog/we-built-network-isolation-for-1-500-services)\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003eNubank\u003c/summary\u003e\n\n### Blog Posts\n\n* [Reinventing IT \u0026 Cyber Risk Management in the financial market](https://building.nubank.com.br/reinventing-it-and-cyber-risk-in-the-financial-market/)\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003eWix\u003c/summary\u003e\n\n### Blog Posts\n\n* [Wix Continuous Security Posture Management- Part 1](https://www.wix.engineering/post/wix-continuous-security-posture-management-part-1)\n* [Wix Continuous Security Posture Management- Part 2](https://www.wix.engineering/post/wix-continuous-security-posture-management-part-2)\n\n\u003c/details\u003e\n\n## Credits\n\n## Contribute\n\nContributions welcome! Read the [contribution guidelines](contributing.md) first.\n\n## License\n\n[![CC0](https://mirrors.creativecommons.org/presskit/buttons/88x31/svg/cc-zero.svg)](https://creativecommons.org/publicdomain/zero/1.0)\n\nTo the extent possible under law, Unmesh Gundecha has waived all copyright and\nrelated or neighboring rights to this work.\n\n---\n\nIf you decide to use this anywhere please give a credit to [@upgundecha](https://www.twitter.com/upgundecha) on twitter, also If you like my work, check out other projects on my Github.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fupgundecha%2Fapplied-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fupgundecha%2Fapplied-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fupgundecha%2Fapplied-security/lists"}