René's URL Explorer Experiment


Title: GitHub - fystack/developer-security-handbook: Your go-to guide to avoid getting rekt by hackers, step-by-step security playbook with threat models, checklists, and hardening recipes · GitHub

Open Graph Title: GitHub - fystack/developer-security-handbook: Your go-to guide to avoid getting rekt by hackers, step-by-step security playbook with threat models, checklists, and hardening recipes

X Title: GitHub - fystack/developer-security-handbook: Your go-to guide to avoid getting rekt by hackers, step-by-step security playbook with threat models, checklists, and hardening recipes

Description: Your go-to guide to avoid getting rekt by hackers, step-by-step security playbook with threat models, checklists, and hardening recipes - fystack/developer-security-handbook

Open Graph Description: Your go-to guide to avoid getting rekt by hackers, step-by-step security playbook with threat models, checklists, and hardening recipes - fystack/developer-security-handbook

X Description: Your go-to guide to avoid getting rekt by hackers, step-by-step security playbook with threat models, checklists, and hardening recipes - fystack/developer-security-handbook

Mail addresses
dev@company.com

Opengraph URL: https://github.com/fystack/developer-security-handbook

X: @github

direct link

Domain: github.com

route-pattern/:user_id/:repository
route-controllerfiles
route-actiondisambiguate
fetch-noncev2:5e635ff9-0d37-30fb-f4cf-010458db3115
current-catalog-service-hashf3abb0cc802f3d7b95fc8762b94bdcb13bf39634c40c357301c4aa1d67a256fb
request-id92D8:3B3FE4:121B79:1DA2C4:6A591BA0
html-safe-noncea642e73137408e0c69a901cf23ef254d1127384371b8383b641c3bfb12bc3023
visitor-payloadeyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI5MkQ4OjNCM0ZFNDoxMjFCNzk6MURBMkM0OjZBNTkxQkEwIiwidmlzaXRvcl9pZCI6IjU2MDU4NzQzMDgxNzY0ODUyODAiLCJyZWdpb25fZWRnZSI6Indlc3R1czIiLCJyZWdpb25fcmVuZGVyIjoid2VzdHVzMiJ9
visitor-hmacfa1fa7a5f5c389b8d6877c5988f67681f80d14a3ed2e0a6158e9ccc6f97dcab7
hovercard-subject-tagrepository:990134570
github-keyboard-shortcutsrepository,copilot
google-site-verificationApib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-urlhttps://collector.github.com/github/collect
analytics-location//
fb:app_id1401488693436528
apple-itunes-appapp-id=1477376905, app-argument=https://github.com/fystack/developer-security-handbook
twitter:imagehttps://opengraph.githubassets.com/3b27b7da0cf7e15cbccd9a845e016e438f504212a93181262b1c971307024241/fystack/developer-security-handbook
twitter:cardsummary_large_image
og:imagehttps://opengraph.githubassets.com/3b27b7da0cf7e15cbccd9a845e016e438f504212a93181262b1c971307024241/fystack/developer-security-handbook
og:image:altYour go-to guide to avoid getting rekt by hackers, step-by-step security playbook with threat models, checklists, and hardening recipes - fystack/developer-security-handbook
og:image:width1200
og:image:height600
og:site_nameGitHub
og:typeobject
hostnamegithub.com
expected-hostnamegithub.com
Nonede7b53b927e5bfbf02672a5b2960bf82d1608d91c6d7888039c826ebf8d4ca76
turbo-cache-controlno-cache
go-importgithub.com/fystack/developer-security-handbook git https://github.com/fystack/developer-security-handbook.git
octolytics-dimension-user_id149689344
octolytics-dimension-user_loginfystack
octolytics-dimension-repository_id990134570
octolytics-dimension-repository_nwofystack/developer-security-handbook
octolytics-dimension-repository_publictrue
octolytics-dimension-repository_is_forkfalse
octolytics-dimension-repository_network_root_id990134570
octolytics-dimension-repository_network_root_nwofystack/developer-security-handbook
turbo-body-classeslogged-out env-production page-responsive
disable-turbofalse
browser-stats-urlhttps://api.github.com/_private/browser/stats
browser-errors-urlhttps://api.github.com/_private/browser/errors
release020f8e5d3a42ae1a22d3f297198ccfca124edd1d
ui-targetfull
theme-color#1e2327
color-schemelight dark

Links:

Skip to contenthttps://github.com/fystack/developer-security-handbook#start-of-content
https://github.com/
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Ffystack%2Fdeveloper-security-handbook
GitHub CopilotWrite better code with AIhttps://github.com/features/copilot
GitHub Copilot appDirect agents from issue to mergehttps://github.com/features/ai/github-app
MCP RegistryNewIntegrate external toolshttps://github.com/mcp
ActionsAutomate any workflowhttps://github.com/features/actions
CodespacesInstant dev environmentshttps://github.com/features/codespaces
IssuesPlan and track workhttps://github.com/features/issues
Code ReviewManage code changeshttps://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilitieshttps://github.com/security/advanced-security
Code securitySecure your code as you buildhttps://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they starthttps://github.com/security/advanced-security/secret-protection
Why GitHubhttps://github.com/why-github
Documentationhttps://docs.github.com
Bloghttps://github.blog
Changeloghttps://github.blog/changelog
Marketplacehttps://github.com/marketplace
View all featureshttps://github.com/features
Enterpriseshttps://github.com/enterprise
Small and medium teamshttps://github.com/team
Startupshttps://github.com/enterprise/startups
Nonprofitshttps://github.com/solutions/industry/nonprofits
App Modernizationhttps://github.com/solutions/use-case/app-modernization
DevSecOpshttps://github.com/solutions/use-case/devsecops
DevOpshttps://github.com/solutions/use-case/devops
CI/CDhttps://github.com/solutions/use-case/ci-cd
View all use caseshttps://github.com/solutions/use-case
Healthcarehttps://github.com/solutions/industry/healthcare
Financial serviceshttps://github.com/solutions/industry/financial-services
Manufacturinghttps://github.com/solutions/industry/manufacturing
Governmenthttps://github.com/solutions/industry/government
View all industrieshttps://github.com/solutions/industry
View all solutionshttps://github.com/solutions
AIhttps://github.com/resources/articles?topic=ai
Software Developmenthttps://github.com/resources/articles?topic=software-development
DevOpshttps://github.com/resources/articles?topic=devops
Securityhttps://github.com/resources/articles?topic=security
View all topicshttps://github.com/resources/articles
Customer storieshttps://github.com/customer-stories
Events & webinarshttps://github.com/resources/events
Ebooks & reportshttps://github.com/resources/whitepapers
Business insightshttps://github.com/solutions/executive-insights
GitHub Skillshttps://skills.github.com
Documentationhttps://docs.github.com
Customer supporthttps://support.github.com
Community forumhttps://github.com/orgs/community/discussions
Trust centerhttps://github.com/trust-center
Partnershttps://github.com/partners
View all resourceshttps://github.com/resources
GitHub SponsorsFund open source developershttps://github.com/open-source/sponsors
Security Labhttps://securitylab.github.com
Maintainer Communityhttps://maintainers.github.com
Acceleratorhttps://github.com/open-source/accelerator
GitHub Starshttps://stars.github.com
Archive Programhttps://archiveprogram.github.com
Topicshttps://github.com/topics
Trendinghttps://github.com/trending
Collectionshttps://github.com/collections
Enterprise platformAI-powered developer platformhttps://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security featureshttps://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI featureshttps://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 supporthttps://github.com/enterprise/premium-support
Pricinghttps://github.com/pricing
Search syntax tipshttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentationhttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Ffystack%2Fdeveloper-security-handbook
Sign up https://github.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E&source=header-repo&source_repo=fystack%2Fdeveloper-security-handbook
Reloadhttps://github.com/fystack/developer-security-handbook
Reloadhttps://github.com/fystack/developer-security-handbook
Reloadhttps://github.com/fystack/developer-security-handbook
Please reload this pagehttps://github.com/fystack/developer-security-handbook
fystack https://github.com/fystack
developer-security-handbookhttps://github.com/fystack/developer-security-handbook
Notifications https://github.com/login?return_to=%2Ffystack%2Fdeveloper-security-handbook
Fork 19 https://github.com/login?return_to=%2Ffystack%2Fdeveloper-security-handbook
Star 88 https://github.com/login?return_to=%2Ffystack%2Fdeveloper-security-handbook
Code https://github.com/fystack/developer-security-handbook
Issues 0 https://github.com/fystack/developer-security-handbook/issues
Pull requests 0 https://github.com/fystack/developer-security-handbook/pulls
Actions https://github.com/fystack/developer-security-handbook/actions
Projects https://github.com/fystack/developer-security-handbook/projects
Security and quality 0 https://github.com/fystack/developer-security-handbook/security
Insights https://github.com/fystack/developer-security-handbook/pulse
Code https://github.com/fystack/developer-security-handbook
Issues https://github.com/fystack/developer-security-handbook/issues
Pull requests https://github.com/fystack/developer-security-handbook/pulls
Actions https://github.com/fystack/developer-security-handbook/actions
Projects https://github.com/fystack/developer-security-handbook/projects
Security and quality https://github.com/fystack/developer-security-handbook/security
Insights https://github.com/fystack/developer-security-handbook/pulse
https://github.com/fystack/developer-security-handbook
Brancheshttps://github.com/fystack/developer-security-handbook/branches
Tagshttps://github.com/fystack/developer-security-handbook/tags
https://github.com/fystack/developer-security-handbook/branches
https://github.com/fystack/developer-security-handbook/tags
9 Commitshttps://github.com/fystack/developer-security-handbook/commits/main/
https://github.com/fystack/developer-security-handbook/commits/main/
README.mdhttps://github.com/fystack/developer-security-handbook/blob/main/README.md
README.mdhttps://github.com/fystack/developer-security-handbook/blob/main/README.md
github_yubikey.webphttps://github.com/fystack/developer-security-handbook/blob/main/github_yubikey.webp
github_yubikey.webphttps://github.com/fystack/developer-security-handbook/blob/main/github_yubikey.webp
image-1.pnghttps://github.com/fystack/developer-security-handbook/blob/main/image-1.png
image-1.pnghttps://github.com/fystack/developer-security-handbook/blob/main/image-1.png
image-10.pnghttps://github.com/fystack/developer-security-handbook/blob/main/image-10.png
image-10.pnghttps://github.com/fystack/developer-security-handbook/blob/main/image-10.png
image-11.pnghttps://github.com/fystack/developer-security-handbook/blob/main/image-11.png
image-11.pnghttps://github.com/fystack/developer-security-handbook/blob/main/image-11.png
image-2.pnghttps://github.com/fystack/developer-security-handbook/blob/main/image-2.png
image-2.pnghttps://github.com/fystack/developer-security-handbook/blob/main/image-2.png
image-3.pnghttps://github.com/fystack/developer-security-handbook/blob/main/image-3.png
image-3.pnghttps://github.com/fystack/developer-security-handbook/blob/main/image-3.png
image-4.pnghttps://github.com/fystack/developer-security-handbook/blob/main/image-4.png
image-4.pnghttps://github.com/fystack/developer-security-handbook/blob/main/image-4.png
image-5.pnghttps://github.com/fystack/developer-security-handbook/blob/main/image-5.png
image-5.pnghttps://github.com/fystack/developer-security-handbook/blob/main/image-5.png
image-6.pnghttps://github.com/fystack/developer-security-handbook/blob/main/image-6.png
image-6.pnghttps://github.com/fystack/developer-security-handbook/blob/main/image-6.png
image-7.pnghttps://github.com/fystack/developer-security-handbook/blob/main/image-7.png
image-7.pnghttps://github.com/fystack/developer-security-handbook/blob/main/image-7.png
image-8.pnghttps://github.com/fystack/developer-security-handbook/blob/main/image-8.png
image-8.pnghttps://github.com/fystack/developer-security-handbook/blob/main/image-8.png
image-9.pnghttps://github.com/fystack/developer-security-handbook/blob/main/image-9.png
image-9.pnghttps://github.com/fystack/developer-security-handbook/blob/main/image-9.png
image.pnghttps://github.com/fystack/developer-security-handbook/blob/main/image.png
image.pnghttps://github.com/fystack/developer-security-handbook/blob/main/image.png
pepe-handbook.jpghttps://github.com/fystack/developer-security-handbook/blob/main/pepe-handbook.jpg
pepe-handbook.jpghttps://github.com/fystack/developer-security-handbook/blob/main/pepe-handbook.jpg
pepe.jpghttps://github.com/fystack/developer-security-handbook/blob/main/pepe.jpg
pepe.jpghttps://github.com/fystack/developer-security-handbook/blob/main/pepe.jpg
READMEhttps://github.com/fystack/developer-security-handbook
https://github.com/fystack/developer-security-handbook#security-handbook-for-developers
https://github.com/fystack/developer-security-handbook/blob/main/pepe.jpg
Security handbook for developershttps://github.com/fystack/developer-security-handbook#security-handbook-for-developers
Part I — Developer Identity & Workstationhttps://github.com/fystack/developer-security-handbook#part-i--developer-identity--workstation
1. SSH Keys: Hackers' Easiest Target & Prime Hotspotshttps://github.com/fystack/developer-security-handbook#1-ssh-keys-hackers-easiest-target--prime-hotspots
🔐 Maximum Security: Store Your SSH Key on a YubiKey (FIDO2)https://github.com/fystack/developer-security-handbook#-maximum-security-store-your-ssh-key-on-a-yubikey-fido2
2. Don't Let Hackers Impersonate You, Lock Down Commits with GPGhttps://github.com/fystack/developer-security-handbook#2-dont-let-hackers-impersonate-you-lock-down-commits-with-gpg
3. Enforce Strong Password Practices & Secure Credential Managementhttps://github.com/fystack/developer-security-handbook#3-enforce-strong-password-practices--secure-credential-management
4. Secrets Aren’t for Sharing, Not Even with Your Teamhttps://github.com/fystack/developer-security-handbook#4-secrets-arent-for-sharing-not-even-with-your-team
5. Don't Store Secrets for Development in .env Files – Use a Secure Secret Vaulthttps://github.com/fystack/developer-security-handbook#5-dont-store-secrets-for-development-in-env-files--use-a-secure-secret-vault
6. Secure Firewall Policy for Developer Desktopshttps://github.com/fystack/developer-security-handbook#6-secure-firewall-policy-for-developer-desktops
7. Monitor for Compromised Developer Deviceshttps://github.com/fystack/developer-security-handbook#7-monitor-for-compromised-developer-devices
Part II — Supply Chain & Dependencieshttps://github.com/fystack/developer-security-handbook#part-ii--supply-chain--dependencies
8. No Blind Installs: Treat Each Package Like a Potential Trojanhttps://github.com/fystack/developer-security-handbook#8-no-blind-installs-treat-each-package-like-a-potential-trojan
9. 🐳 Don't Let Docker Be Your Trojan Horse: Lock Down Your Containershttps://github.com/fystack/developer-security-handbook#9--dont-let-docker-be-your-trojan-horse-lock-down-your-containers
10. Verify Website URLs Carefully Before Downloading Anythinghttps://github.com/fystack/developer-security-handbook#10-verify-website-urls-carefully-before-downloading-anything
11. Weaponized PDFs & File Traps: Don't Get Baitedhttps://github.com/fystack/developer-security-handbook#11-weaponized-pdfs--file-traps-dont-get-baited
Part III — DevSecOps & Shift-Lefthttps://github.com/fystack/developer-security-handbook#part-iii--devsecops--shift-left
12. Secure Your CI/CD Pipelines: Attackers Love Automated Trusthttps://github.com/fystack/developer-security-handbook#12-secure-your-cicd-pipelines-attackers-love-automated-trust
13. Secure Coding: Write Code That Resists Attackshttps://github.com/fystack/developer-security-handbook#13-secure-coding-write-code-that-resists-attacks
14. Security Testing: Shift Left and Catch Issues Earlyhttps://github.com/fystack/developer-security-handbook#14-security-testing-shift-left-and-catch-issues-early
Part IV — Access & Infrastructurehttps://github.com/fystack/developer-security-handbook#part-iv--access--infrastructure
15. VPN connection is required to access critical resourcehttps://github.com/fystack/developer-security-handbook#15-vpn-connection-is-required-to-access-critical-resource
16. Implement Just-In-Time (JIT) Privilegeshttps://github.com/fystack/developer-security-handbook#16-implement-just-in-time-jit-privileges
17. Cloud Security: Shared Responsibility Modelhttps://github.com/fystack/developer-security-handbook#17-cloud-security-shared-responsibility-model
Part V — Detect & Respondhttps://github.com/fystack/developer-security-handbook#part-v--detect--respond
18. Security Logging & Alerting: Detecting Threats Before They Strikehttps://github.com/fystack/developer-security-handbook#18-security-logging--alerting-detecting-threats-before-they-strike
19. Incident Response: Be Prepared for the Worsthttps://github.com/fystack/developer-security-handbook#19-incident-response-be-prepared-for-the-worst
https://github.com/fystack/developer-security-handbook#part-i--developer-identity--workstation
https://github.com/fystack/developer-security-handbook#1-ssh-keys-hackers-easiest-target--prime-hotspots
https://github.com/fystack/developer-security-handbook/blob/main/image-1.png
https://www.ssh.com/blog/ssh-key-scan-attack-honeypot)—thathttps://www.ssh.com/blog/ssh-key-scan-attack-honeypot)%E2%80%94that
https://github.com/fystack/developer-security-handbook#-maximum-security-store-your-ssh-key-on-a-yubikey-fido2
https://github.com/fystack/developer-security-handbook/blob/main/github_yubikey.webp
YubiKey + SSH + Git: Super-Secure Your Development Workflowhttps://medium.com/@harrishcluo/yubikey-ssh-git-super-secure-your-development-workflow-2-2-1899379fb882
https://github.com/fystack/developer-security-handbook#2-dont-let-hackers-impersonate-you-lock-down-commits-with-gpg
https://github.com/fystack/developer-security-handbook/blob/main/image-2.png
https://github.com/fystack/developer-security-handbook/blob/main/image-4.png
https://github.com/fystack/developer-security-handbook/blob/main/image-3.png
https://github.com/fystack/developer-security-handbook#3-enforce-strong-password-practices--secure-credential-management
https://github.com/fystack/developer-security-handbook/blob/main/image-11.png
https://github.com/fystack/developer-security-handbook#best-practices-for-strong-password-security
https://github.com/fystack/developer-security-handbook#4-secrets-arent-for-sharing-not-even-with-your-team
https://github.com/fystack/developer-security-handbook#5-dont-store-secrets-for-development-in-env-files--use-a-secure-secret-vault
https://github.com/fystack/developer-security-handbook#6-secure-firewall-policy-for-developer-desktops
https://ostechnix.com/opensnitch-application-level-firewall-for-linux/https://ostechnix.com/opensnitch-application-level-firewall-for-linux/
https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntuhttps://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu
https://github.com/fystack/developer-security-handbook#7-monitor-for-compromised-developer-devices
https://github.com/fystack/developer-security-handbook#part-ii--supply-chain--dependencies
https://github.com/fystack/developer-security-handbook#8-no-blind-installs-treat-each-package-like-a-potential-trojan
https://github.com/fystack/developer-security-handbook/blob/main/image-5.png
https://github.com/fystack/developer-security-handbook#real-world-supply-chain-ambushes
Malicious NPM Packages Target Ethereum Developers' Private Keyshttps://www.bleepingcomputer.com/news/security/malicious-npm-packages-target-ethereum-developers-private-keys/
Hackers Deploy Malicious npm Packages Targeting Crypto Usershttps://thehackernews.com/2025/01/hackers-deploy-malicious-npm-packages.html
Ripple's xrpl.js npm Package Backdoored with Malicious Codehttps://thehackernews.com/2025/04/ripples-xrpljs-npm-package-backdoored.html
Malicious Python Package Found Stealing Ethereum Private Keyshttps://www.scworld.com/brief/malicious-python-package-found-stealing-ethereum-private-keys
TON Wallet Security Threat: Malicious NPM Package Steals Cryptocurrency Wallet Keyshttps://socket.dev/blog/ton-wallet-security-threat-malicious-npm-package-steals-cryptocurrency-wallet-keys
The trojanized Golang BoltDB repo went undetected for over three yearshttps://www.theregister.com/2025/02/04/golang_supply_chain_attack/?utm_source=chatgpt.com
https://github.com/fystack/developer-security-handbook#common-attack-patterns
https://github.com/fystack/developer-security-handbook/blob/main/image-6.png
https://github.com/fystack/developer-security-handbook#9--dont-let-docker-be-your-trojan-horse-lock-down-your-containers
Tesla Kubernetes Hack (2018)https://arstechnica.com/information-technology/2018/02/tesla-cloud-resources-are-hacked-to-run-cryptocurrency-mining-malware/
Docker Hub Data Breach (2019)https://thehackernews.com/2019/04/docker-hub-data-breach.html
TeamTNT Docker API Attacks (2020–2021)https://www.bleepingcomputer.com/news/security/teamtnt-hackers-target-your-poorly-configured-docker-servers/
Kinsing Malware on Docker (2020)https://www.aquasec.com/blog/threat-alert-kinsing-malware-container-vulnerability/
Graboid Docker Worm (2019)https://unit42.paloaltonetworks.com/graboid-first-ever-cryptojacking-worm-found-in-images-on-docker-hub/
SaltStack RCE via Docker (2020)https://www.immersivelabs.com/resources/blog/hackers-are-currently-attacking-vulnerable-saltstack-systems/
Dero Miner Targeting Docker (2025)https://www.techradar.com/pro/security/misconfigured-docker-instances-are-being-hacked-to-mine-cryptocurrency
https://github.com/fystack/developer-security-handbook#best-practices-for-secure-docker-usage
https://github.com/aquasecurity/trivyhttps://github.com/aquasecurity/trivy
https://github.com/goodwithtech/docklehttps://github.com/goodwithtech/dockle
Cosignhttps://github.com/sigstore/cosign
Cilium Tetragonhttps://github.com/cilium/tetragon
https://github.com/fystack/developer-security-handbook#10-verify-website-urls-carefully-before-downloading-anything
https://github.com/fystack/developer-security-handbook/blob/main/image-7.png
targeted by sophisticated phishing campaignshttps://www.bleepingcomputer.com/news/security/fake-homebrew-google-ads-target-mac-users-with-malware/
virustotal.comhttps://virustotal.com
https://github.com/fystack/developer-security-handbook#11-weaponized-pdfs--file-traps-dont-get-baited
https://github.com/fystack/developer-security-handbook/blob/main/image-9.png
https://www.techtarget.com/searchmobilecomputing/definition/application-sandboxinghttps://www.techtarget.com/searchmobilecomputing/definition/application-sandboxing
https://github.com/fystack/developer-security-handbook/blob/main/image-8.png
https://github.com/fystack/developer-security-handbook/blob/main/image-10.png
https://github.com/fystack/developer-security-handbook#part-iii--devsecops--shift-left
https://github.com/fystack/developer-security-handbook#12-secure-your-cicd-pipelines-attackers-love-automated-trust
SolarWinds Orion (2020)https://www.reversinglabs.com/blog/ci/cd-security-breaches-update-software-security-approach
Codecov (2021)https://about.codecov.io/security-update/
CircleCI (2023)https://circleci.com/blog/january-4-2023-security-alert/
Travis CI (2022)https://www.trendmicro.com/en_us/research/22/j/travis-ci-exposed-secrets-in-public-logs.html
PHP Git Server (2021)https://www.bleepingcomputer.com/news/security/php-official-git-repository-hacked-code-backdoored/
SolarMarker via Jenkins (2022)https://www.reversinglabs.com/blog/ci/cd-security-breaches-update-software-security-approach
Codecov-like Bash Uploader Imitation (2021)https://www.reversinglabs.com/blog/ci/cd-security-breaches-update-software-security-approach
https://github.com/fystack/developer-security-handbook#13-secure-coding-write-code-that-resists-attacks
https://github.com/fystack/developer-security-handbook#14-security-testing-shift-left-and-catch-issues-early
OWASP Testing Guidehttps://owasp.org/www-project-web-security-testing-guide/
NIST Secure SDLC Frameworkhttps://csrc.nist.gov/pubs/sp/800/218/final
GitHub Advanced Securityhttps://docs.github.com/en/code-security
Microsoft Security Development Lifecyclehttps://www.microsoft.com/en-us/securityengineering/sdl
OWASP ZAP Tutorialshttps://www.zaproxy.org/docs/
https://github.com/fystack/developer-security-handbook#part-iv--access--infrastructure
https://github.com/fystack/developer-security-handbook#15-vpn-connection-is-required-to-access-critical-resource
https://github.com/ukncsc/secure-development-and-deploymenthttps://github.com/ukncsc/secure-development-and-deployment
https://github.com/fystack/developer-security-handbook#16-implement-just-in-time-jit-privileges
https://github.com/fystack/developer-security-handbook#17-cloud-security-shared-responsibility-model
AWS IAM Best Practiceshttps://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
Google Cloud IAM Overviewhttps://cloud.google.com/iam/docs
Azure RBAC Docshttps://learn.microsoft.com/en-us/azure/role-based-access-control/overview
AWS VPC Security Best Practiceshttps://docs.aws.amazon.com/vpc/latest/userguide/VPC_Security.html
Azure Networking Securityhttps://learn.microsoft.com/en-us/azure/security/fundamentals/network-best-practices
GCP VPC Best Practiceshttps://cloud.google.com/vpc/docs/best-practices
AWS Encryption Optionshttps://docs.aws.amazon.com/whitepapers/latest/introduction-aws-security/encryption.html
Azure Data Encryption Guidehttps://learn.microsoft.com/en-us/azure/security/fundamentals/encryption-overview
GCP Data Encryption Documentationhttps://cloud.google.com/security/encryption-at-rest
AWS CloudTrail Setuphttps://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html
Google Cloud Operations Suite (formerly Stackdriver)https://cloud.google.com/products/operations
Azure Monitor Docshttps://learn.microsoft.com/en-us/azure/azure-monitor/overview
Checkovhttps://github.com/bridgecrewio/checkov
tfsechttps://github.com/aquasecurity/tfsec
Checkov Documentationhttps://www.checkov.io/
IaC Security Guide by Bridgecrewhttps://www.bridgecrew.cloud/iac-security/
Terraform Security Best Practiceshttps://developer.hashicorp.com/terraform/tutorials/security/overview
https://github.com/fystack/developer-security-handbook#part-v--detect--respond
https://github.com/fystack/developer-security-handbook#18-security-logging--alerting-detecting-threats-before-they-strike
NIST SP 800-92: Guide to Computer Security Log Managementhttps://csrc.nist.gov/publications/detail/sp/800-92/final
Introduction to SIEMhttps://www.rapid7.com/fundamentals/siem/
Elastic SIEM Overviewhttps://www.elastic.co/what-is/siem
Wazuh SIEM + XDR Documentationhttps://documentation.wazuh.com/current/index.html
Graylog Log Management Guidehttps://go2.graylog.org/rs/graylog/images/Graylog_Security_Log_Management_Best_Practices.pdf
Falco (CNCF)https://falco.org/
Osqueryhttps://osquery.io/
MITRE ATT&CK Frameworkhttps://attack.mitre.org/
https://github.com/fystack/developer-security-handbook#19-incident-response-be-prepared-for-the-worst
NIST SP 800-61r2: Computer Security Incident Handling Guidehttps://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final
SANS Incident Handler's Handbookhttps://www.sans.org/white-papers/1741/
MITRE ATT&CK Frameworkhttps://attack.mitre.org/
AWS Incident Response Guidehttps://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-ir.html
Google Cloud Incident Response Guidehttps://cloud.google.com/security/incident-response
Microsoft 365 IR Frameworkhttps://learn.microsoft.com/en-us/security/compass/incident-response-overview
GRR Rapid Response (remote forensics)https://github.com/google/grr
TheHive + Cortex (collaborative incident handling)https://thehive-project.org/
Zeek (network traffic analysis)https://zeek.org/
fystack.iohttps://fystack.io
Readme https://github.com/fystack/developer-security-handbook#readme-ov-file
Please reload this pagehttps://github.com/fystack/developer-security-handbook
Activityhttps://github.com/fystack/developer-security-handbook/activity
Custom propertieshttps://github.com/fystack/developer-security-handbook/custom-properties
19 forkshttps://github.com/fystack/developer-security-handbook/forks
Report repository https://github.com/contact/report-content?content_url=https%3A%2F%2Fgithub.com%2Ffystack%2Fdeveloper-security-handbook&report=fystack+%28user%29
Releaseshttps://github.com/fystack/developer-security-handbook/releases
Packages 0https://github.com/orgs/fystack/packages?repo_name=developer-security-handbook
Please reload this pagehttps://github.com/fystack/developer-security-handbook
Contributorshttps://github.com/fystack/developer-security-handbook/graphs/contributors
Please reload this pagehttps://github.com/fystack/developer-security-handbook
https://github.com
Termshttps://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacyhttps://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Securityhttps://github.com/security
Statushttps://www.githubstatus.com/
Communityhttps://github.community/
Docshttps://docs.github.com/
Contacthttps://support.github.com?tags=dotcom-footer

Viewport: width=device-width


URLs of crawlers that visited me.