Security Resources & Tools

Application Security

OWASP - Open Web Application Security Project

The OWASP Foundation works to improve the security of software through its community-led open source software projects, hundreds of chapters worldwide, tens of thousands of members, and by hosting local and global conferences.

• OWASP Top 10 - The most critical security risks to web applications
• OWASP Web Security Testing Guide (WSTG)
• OWASP Application Security Verification Standard (ASVS)
• OWASP Vulnerability Categories
• OWASP API Security Top 10
• OWASP Mobile Top 10
• OWASP Cheat Sheet Series
• Fix Security Misconfiguration in Symfony Apps (Medium)

Personal Security

Personal Security Checklist

A curated checklist of 300+ tips for protecting digital security and privacy in 2024. Comprehensive guide covering all aspects of personal cybersecurity.

• Personal Security Checklist by Lissy93
• Digital Defense - Interactive Security Guide
• Privacy Tools - Encryption Against Global Mass Surveillance

Network Security

Network Security & Scanning Tools

Tools and resources for network security assessment, vulnerability scanning, and network diagram generation.

• Scanopy - Automatic Network Diagram Creation Tool (French)
• Nmap - Network Mapper for Security Auditing
• Wireshark - Network Protocol Analyzer
• Masscan - Fast TCP Port Scanner
• OpenVAS - Open Vulnerability Assessment Scanner (Greenbone)

System Hardening

System Hardening & CIS Benchmarks

Best practices and benchmarks for hardening systems and improving security posture.

• CIS Benchmarks Guide (French) - Security Configuration Benchmarks
• CIS Benchmarks Official Site
• System Hardening Guides (French)
• DevSec Hardening Framework
• OpenSCAP - Security compliance and configuration assessment
• Lynis - Security auditing and hardening tool for Unix-based systems
• Ansible Collection Hardening (dev-sec)
• VM Hardening with OpenSCAP & Ansible (Medium)
• Automated System Hardening & Security Audit Script (Medium)

SSH Security

SSH Security & Hardening

Comprehensive guides for securing SSH access and hardening SSH configurations.

• SSH Hardening Guide (French) - Complete SSH Security Tutorial
• SSH.COM Security Guide
• SSH Scan by Mozilla - SSH Configuration Scanner
• ssh-audit - SSH server & client configuration auditor
• Mozilla OpenSSH Security Guidelines

Standards & Compliance

Security Standards & Compliance

Industry standards, compliance frameworks, and regulatory guidelines for security.

• NIST Cybersecurity Framework
• ISO/IEC 27001 - Information Security Management
• PCI DSS - Payment Card Industry Data Security Standard
• GDPR - General Data Protection Regulation

Vulnerability Management

Vulnerability Management & Scanning

Tools and resources for identifying, assessing, and managing vulnerabilities.

• National Vulnerability Database (NVD)
• CVE - Common Vulnerabilities and Exposures
• CISA Known Exploited Vulnerabilities Catalog
• Trivy - Comprehensive Security Scanner
• OWASP ZAP - Web Application Security Scanner

Vulnerability Scanning / DAST / SAST

Vulnerability Scanning / DAST / SAST

Multi-scanner and AI-powered static/dynamic analysis tools.

• OSTE Meta Scan - Multi-scanner vulnerability tool
• TheAuditor – AI-powered SAST Security Tool (korben.info)

Penetration Testing

Pentest-Tools.com

Online penetration testing and vulnerability scanning platform.

• Pentest-Tools.com App - Network & Web Security Testing

SIEM / Malware Detection

SIEM / Malware Detection

Security monitoring and malware detection resources.

• Wazuh – ClamAV Malware Detection Logs

DevSecOps

DevSecOps Tools & Practices

Tools and practices for integrating security into the DevOps pipeline.

• FluxCD – Encrypting Secrets with HashiCorp Vault (SOPS)
• FastAPI Security Without Slowness (Medium)
• MegaLinter - Multi-language linter (recommended; most tools below are included)
• Trivy - Vulnerability & misconfiguration scanner (containers, IaC, SBOM)
• Gitleaks - Detect secrets in git repos and files
• pre-commit - Git hooks (e.g. detect-private-key, encryption-check)
• Bandit - Security linter for Python code
• pre-commit-terraform - Terraform/Terragrunt hooks (fmt, validate, docs, tflint, trivy)
• Checkov - IaC & container security (Terraform, K8s, Dockerfile, etc.)
• KICS - Find security issues and misconfigurations in IaC
• Hadolint - Linter for Dockerfiles
• CNCF TAG Security
• CodeQL - Semantic Code Analysis Engine
• Semgrep - Fast Static Analysis Tool
• TruffleHog - Find Secrets in Your Code
• GitGuardian - Secrets scanning & remediation

Authentication & JWT

Authentication & JWT

Boilerplates and guides for secure authentication and JWT.

• FastAPI + Async SQLAlchemy 2.0 + JWT + PostgreSQL Boilerplate (Medium)

App & Infrastructure Security

App & Infrastructure Security

Best practices for securing applications and infrastructure platforms.

• TrueNAS – Securing Apps

Cloud Security

Cloud Security Resources

Best practices and tools for securing cloud infrastructure and services.

• Cloud Security Fundamentals
• Prowler - AWS Security Assessment Tool
• Google Cloud Security Best Practices
• Azure Security Documentation

Learning & Training

Security Learning Resources

Platforms and resources for learning and improving security skills.

• TryHackMe - Hands-on Cyber Security Training
• Hack The Box - Penetration Testing Labs
• Web Security Academy by PortSwigger
• Offensive Security - Professional Security Training