DevSec
"DevSec", "DevSecOps", "SecDevOps"... lots of buzzwords, but here the idea is to aggregate all things related to a secure development & operations (always from the DEV perspective).
Welcome to the page where you will find all security related topics/tools/techniques made by developers for developers concerned about security.
This page is intended as an always updated source for devs, inspired in the work of "HackTricks", to serve as a reference for a secure development and related operations. Lots of references/resources in this page are extracted from other public sources, all credit to the original authors (that will be referenced as sources).
Introduction
You may heard about DevSecOps, the shifting left concept and GitOps...[1] They all share a lot of principles, reduce the time devs spend on security while achieving their objectives.
With DevOps, we shifted to make developers more accountable for operational topics and issues (joining the responsability of development and operations). Here the same mindset is meant to be done with Security in DevSecOps.
In lots of products or projects we are already shifting left a lot of controls earlier in the development lifecycle, where the development teams are (such as testing)... So why not including security testing to an earlier step? We could make fewer mistakes, and we can move more quickly (quickly addressing newly discovered vulnerabilities and fixing them).
The overall aim is to create a culture where everyone is responsible for security, reducing the risk of security issues and allowing teams to deliver secure, high-quality software more quickly.
This is a process change, it's not about a single/specific tool or controls. It's about making all of security more developer-centric.
Sources and links
Digital preservation
Due to the large amount of information and external links that could be stored in this "book", there is a daily process based in GitHub Actions (see the action) that archives in the Internet Archive all pages with the external links too.
This process allows us to always make available these pages and every referenced page in them, accesible and navigable at any time with multiple "versions" or snapshots.
So do not worry if a link goes down, a blog post gets deleted, some repository is made private or not available any more, we have all covered.
If you find yourself in that situation you can access the page by entering the following URL in your browser:
Where {URL} is the raw URL you are trying to access.
You can also use the Wayback Machine UI directly.
Please, if you find these functionality useful, consider donating to the Internet Archive (they do a very great work)...
License
Copyright (c) 2023 Raúl Piracés Alastuey. Except where otherwise specified (the external information copied into the book belongs to the original authors), the text on DevSecTricks by Raúl Piracés is licensed under the Attribution-NonCommercial 4.0 International (CC BY-NC 4.0) . If you want to use it with commercial purposes, contact me.
Disclaimer
Last updated
Was this helpful?