https://github.com/contrast-security-oss/adr-runbooks
https://github.com/contrast-security-oss/adr-runbooks
Last synced: 10 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/contrast-security-oss/adr-runbooks
- Owner: Contrast-Security-OSS
- Created: 2024-12-03T22:27:14.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2025-02-19T13:38:13.000Z (over 1 year ago)
- Last Synced: 2025-03-16T03:45:00.719Z (over 1 year ago)
- Language: CSS
- Size: 101 KB
- Stars: 2
- Watchers: 2
- Forks: 2
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Application Detection and Response Runbooks
This repository contains detailed runbooks for responding to various security incidents detected by Contrast Security. These runbooks provide step-by-step guidance for security teams to effectively triage and respond to different types of security events.
## Available Runbooks
### Injection Attacks
- [Command Injection](_runbooks/command-injection.md) - Handling command injection attacks attempting to execute arbitrary system commands
- [JNDI Injection](_runbooks/jndi-injection.md) - Responding to JNDI injection attempts targeting Java applications
- [SQL Injection](_runbooks/sql-injection.md) - Managing SQL injection attacks against database systems
- [Expression Language Injection](_runbooks/expression-language-injection.md) - Addressing expression language injection vulnerabilities
### Access Control & Traversal
- [Path Traversal](_runbooks/path-traversal.md) - Handling attempts to access files outside intended directories
- [HTTP Method Tampering](_runbooks/http-method-tampering.md) - Managing unauthorized HTTP method manipulation
### Data & Parsing Vulnerabilities
- [Cross-Site Scripting (XSS)](_runbooks/cross-site-scripting.md) - Responding to XSS attacks injecting malicious scripts
- [XML External Entity Injection](_runbooks/xml-external-entity-injection.md) - Handling XXE attacks against XML parsers
- [Untrusted Deserialization](_runbooks/untrusted-deserialization.md) - Managing deserialization of untrusted data
## Using the Runbooks
1. Identify the type of security event/alert
2. Navigate to the corresponding runbook
3. Follow the decision tree to classify the event
4. Execute the recommended response procedures
5. Document actions taken and complete post-incident activities
## Contributing
See our [Contribution Guidelines](CONTRIBUTING.md) for information on how to contribute to these runbooks.