https://github.com/upgundecha/applied-security
A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Cybersecurity
https://github.com/upgundecha/applied-security
appsec cloudsecurity cybersecurity devsecops infosec security security-tools
Last synced: 10 days ago
JSON representation
A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Cybersecurity
- Host: GitHub
- URL: https://github.com/upgundecha/applied-security
- Owner: upgundecha
- License: cc0-1.0
- Created: 2022-08-27T02:56:15.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2022-11-04T12:36:13.000Z (over 2 years ago)
- Last Synced: 2025-03-27T23:51:09.316Z (27 days ago)
- Topics: appsec, cloudsecurity, cybersecurity, devsecops, infosec, security, security-tools
- Language: JavaScript
- Homepage:
- Size: 260 KB
- Stars: 6
- Watchers: 2
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: contributing.md
- License: LICENSE
- Code of conduct: code-of-conduct.md
Awesome Lists containing this project
README
# Applied Cybersecurity
 [](https://github.com/upgundecha/applied-cybersecurity/actions/workflows/workflow.yml) [](https://github.com/upgundecha/applied-security/actions/workflows/codeql.yml) [](https://github.com/upgundecha/applied-security/actions/workflows/dependency-review.yml)
> A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Cybersecurity
## Introduction
__Applied Cybersecurity__ is a curated knowledge repository of best practices, tools, techniques, for Cybersecurity adopted by the leading technology or tech-savvy organizations.
Many organizations regularly come forward and share their best practices, tools, techniques and offer an insight into engineering culture on various public platforms like engineering blogs, conferences & meetups. The content is curated from these avenues and shared in this repository.
### Topics
* Cybersecruity
* AppSec
* InfoSec
* DevSecOps
* Cloud Security
* Incident Response & Post-Mortem
## Organizations
Airbnb
### Blog Posts
* [Sisyphus and the CVE Feed: Vulnerability Management at Scale](https://medium.com/airbnb-engineering/sisyphus-and-the-cve-feed-vulnerability-management-at-scale-e2749f86a7a4)
Asana
### Blog Posts
* [How Asana uses Asana: Security incident response](https://blog.asana.com/2021/09/engineering-security-incident-response/)
* [How our Security team solved a Central InfoSec CTF challenge](https://blog.asana.com/2021/07/engineering-security-team-central-infosec-ctf-challenge/)
* [Meet our Security team](https://blog.asana.com/2020/03/meet-security-engineering-team/)
ASOS
### Blog Posts
* [Cyber Security @ ASOS.com](https://medium.com/asos-techblog/cyber-security-asos-com-7d1d1f346e57)
* [Security Operations 24x7](https://medium.com/asos-techblog/security-operations-24-x-7-2e90c8e5e7e)
* [The skills we look for in Cyber Security Incident Response](https://medium.com/asos-techblog/the-skills-we-look-for-in-cyber-security-incident-response-12b327927e38)
Chargebee
### Blog Posts
* [Building AppSec Pipeline for Continuous Visibility](https://medium.com/chargebee-engineering/building-appsec-pipeline-for-continuous-visibility-d430beb0a78f)
* [Eliminating Technical Debt using Control Flow Graph Analysis](https://medium.com/chargebee-engineering/solving-engineering-problems-using-security-tools-technical-debt-elimination-using-codeql-83a1e4649e4b)
* [Perils of Parsing — Pixel Flood Attack on Java ImageIO](https://medium.com/chargebee-engineering/perils-of-parsing-pixel-flood-attack-on-java-imageio-a97aeb06637d)
DBS
### Blog Posts
* [Develop A Secure Banking Mobile Application With These Eight Security Methods](https://medium.com/dbs-tech-blog/develop-a-secure-banking-mobile-application-with-these-eight-security-methods-dbf126fc7979)
Dream11
### Blog Posts
* [Enhancing Cloud Security With Real-Time S3 Alerts at Dream11](https://blog.dream11engineering.com/enhancing-cloud-security-with-real-time-s3-alerts-at-dream11-fac99079fbf4)
Dropbox
### Blog Posts
* [How we handled a recent phishing incident that targeted Dropbox](https://dropbox.tech/security/a-recent-phishing-campaign-targeting-dropbox)
* [Dropbox bug bounty program has paid out over $1,000,000](https://dropbox.tech/security/dropbox-bug-bounty-program-has-paid-out-over--1-000-000)
* [How Dropbox Security builds tools for threat detection and incident response](https://dropbox.tech/security/how-dropbox-security-builds-better-tools-for-threat-detection-and-incident-response)
* [Towards better vendor security assessments](https://dropbox.tech/security/towards-better-vendor-security-assessments)
* [Offensive testing to make Dropbox (and the world) a safer place](https://dropbox.tech/security/offensive-testing-to-make-dropbox-and-the-world-a-safer-place)
* [Live-hacking Dropbox @ H1-3120](https://dropbox.tech/security/live-hacking-dropbox-h1-3120)
* [Security culture, the Dropbox way](https://dropbox.tech/security/security-culture--the-dropbox-way)
* [Protecting Security Researchers](https://dropbox.tech/security/protecting-security-researchers)
* [Security at scale: the Dropbox approach](https://dropbox.tech/security/security-at-scale-the-dropbox-approach)
* [Updates on the Dropbox Bug Bounty Program](https://dropbox.tech/security/updates-on-the-dropbox-bug-bounty-program)
* [Meet Securitybot: Open Sourcing Automated Security at Scale](https://dropbox.tech/security/meet-securitybot-open-sourcing-automated-security-at-scale)
* [Dropbox Bug Bounty Program: Best Practices](https://dropbox.tech/security/dropbox-bug-bounty-program-best-practices-2)
* [Introducing the Dropbox bug bounty program](https://dropbox.tech/security/introducing-the-dropbox-bug-bounty-program)
Goldman Sachs
### Blog Posts
* [Announcing CatchIT - Source Code Secret Scanner](https://developer.gs.com/blog/posts/catchit-source-code-secret-scanner)
Grammerly
### Blog Posts
* [Security Operations in an AWS Environment](https://www.grammarly.com/blog/engineering/security-infrastructure-aws/)
Gusto
### Blog Posts
* [Finding the Less-Risky Path Together: Security Partnership at Gusto](https://engineering.gusto.com/finding-the-less-risky-path-together-security-partnership-at-gusto/)
* [Security is Testing](https://engineering.gusto.com/security-is-testing/)
Macquarie
### Blog Posts
* [Our DevSecOps journey with Golang](https://medium.com/macquarie-engineering-blog/our-devsecops-journey-with-golang-a1af38328c36)
Mattermost
### Blog Posts
* [The Top 7 Open Source Tools for Securing Your Kubernetes Cluster](https://mattermost.com/blog/the-top-7-open-source-tools-for-securing-your-kubernetes-cluster/)
* [How to use GitHub Actions securely](https://mattermost.com/blog/how-to-use-github-actions-securely/)
* [DevSecOps: Collaborate Confidently with Open Source Tools](https://mattermost.com/blog/devsecops-collaboration-with-open-source-tools/)
Mercari
### Blog Posts
* [The Mobile Attack Surface](https://engineering.mercari.com/en/blog/entry/20220729-the-mobile-attack-surface/)
* [Securing the SDLC at Mercari: Solutions for Automated Code Scanning](https://engineering.mercari.com/en/blog/entry/20220610-securing-the-sdlc-at-mercari-solutions-for-automated-code-scanning/)
* [Detection Engineering and SOAR at Mercari](https://engineering.mercari.com/en/blog/entry/20220513-detection-engineering-and-soar-at-mercari/)
* [Threat Modeling at Mercari](https://engineering.mercari.com/en/blog/entry/20220426-threat-modeling-at-mercari/)
* [Security Tech Blog Series: Spring Cleaning for Security](https://engineering.mercari.com/en/blog/entry/20220421-security-tech-blog-series-spring-cleaning-for-security/)
* [DevSecOps: What Is It and Why Is It Gaining Momentum in the Industry?](https://engineering.mercari.com/en/blog/entry/20201214-devsecops-what-is-it-and-why-is-it-gaining-momentum-in-the-industry/)
Monzo Bank
### Blog Posts
* [Scaling our security detection pipeline with Sigma](https://monzo.com/blog/2022/08/05/scaling-our-security-detection-pipeline-with-sigma)
* [How we secure Monzo’s banking platform](https://monzo.com/blog/2022/03/31/how-we-secure-monzos-banking-platform)
* [How we protect our most sensitive secrets from the most determined attackers](https://monzo.com/blog/2021/11/18/protecting-our-most-sensitive-secrets)
* [How our security team handle secrets](https://monzo.com/blog/2019/10/11/how-our-security-team-handle-secrets)
* [We built network isolation for 1,500 services to make Monzo more secure](https://monzo.com/blog/we-built-network-isolation-for-1-500-services)
Nubank
### Blog Posts
* [Reinventing IT & Cyber Risk Management in the financial market](https://building.nubank.com.br/reinventing-it-and-cyber-risk-in-the-financial-market/)
Wix
### Blog Posts
* [Wix Continuous Security Posture Management- Part 1](https://www.wix.engineering/post/wix-continuous-security-posture-management-part-1)
* [Wix Continuous Security Posture Management- Part 2](https://www.wix.engineering/post/wix-continuous-security-posture-management-part-2)
## Credits
## Contribute
Contributions welcome! Read the [contribution guidelines](contributing.md) first.
## License
[](https://creativecommons.org/publicdomain/zero/1.0)
To the extent possible under law, Unmesh Gundecha has waived all copyright and
related or neighboring rights to this work.
---
If you decide to use this anywhere please give a credit to [@upgundecha](https://www.twitter.com/upgundecha) on twitter, also If you like my work, check out other projects on my Github.