https://github.com/cloudfy/security-program

Last synced: 5 months ago
JSON representation

Host: GitHub
URL: https://github.com/cloudfy/security-program
Owner: cloudfy
License: mit
Created: 2024-02-21T07:29:13.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2024-05-06T08:15:24.000Z (about 2 years ago)
Last Synced: 2025-06-27T16:50:17.391Z (12 months ago)
Size: 4.88 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Security Program

Implementing a security program is critical to ensure good code practices. Often many of the threats deal with the OWASP Top 10 Web Application Security Risks.

As a minimum, a security program should include:

- Software Composition Analysis (SCA) - Security and Licenses
- Static Application Security Testing (SAST) - code scanning
- Dynamic Application Security Test (DAST)
- Penetration Testing (PENTEST)
- Security Log Management (SLM)
- Cyber Threat Intelligence (CTI)

- Secrets detection
- Container scanning
- Security Operations
- Infrastructure as code scanning
- Security Self-Assessment (SSA) or Security Posture.
- Data Protections Agreements and arrangements. Should be compromised into an ISAE 3000 GDPR.
- Bug bounty program
- Responsible Disclosure (RD)

# Tools
## Static Code Analysis (SCA) Tools
- Snyk (https://snyk.io/)
- Aikido (https://www.aikido.dev/)

## Static Application Security Testing (SAST) Tools
- Polaris
- SonarCube

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/cloudfy/security-program

Awesome Lists containing this project

README