APT
@APT_Notes
13.9K subscribers
554 photos
27 videos
24 files
895 links
This channel discusses:

— Offensive Security
— RedTeam
— Malware Research
— OSINT
— etc

Disclaimer:
t.me/APT_Notes/6

Chat Link:
t.me/APT_Notes_PublicChat
Download Telegram
About
Blog
Apps
Platform
Join
APT
13.9K subscribers
APT
Awesome DevSecOps

https://github.com/devsecops/awesome-devsecops

#devsecops #awesome
GitHub
GitHub - devsecops/awesome-devsecops: An authoritative list of awesome devsecops tools with the help from community experiments…
An authoritative list of awesome devsecops tools with the help from community experiments and contributions. - devsecops/awesome-devsecops
158 viewsPaul Shmidt
APT
DevSecCon24 - 2021

Playlist: https://www.youtube.com/playlist?list=PLKWDDWZ_ETtDbTF3Xibc2VagzgHbkoKpA
Source: https://www.devseccon.com/devseccon24-2021/

#devsecops
152 viewsPaul Shmidt
APT
GitLab CI jobs unmasked passwords scanner

https://github.com/Whitespots-OU/gitlab-ci-secrets

#tools #secrets #devsecops
GitHub
GitHub - Whitespots-OU/gitlab-ci-secrets: Gitlab CI jobs stdout secrets finder
Gitlab CI jobs stdout secrets finder. Contribute to Whitespots-OU/gitlab-ci-secrets development by creating an account on GitHub.
439 viewsedited  
APT
DevSecOps pipelines

— Secrets scan
— Code scan
— Dependency check (code libraries + image packages)
— DAST
— Exposures check

Pipelines:
https://gitlab.com/whitespots-public/pipelines

Security scanners:
https://gitlab.com/whitespots-public/security-images

Example project integration:
https://gitlab.com/whitespots-public/vulnerable-python-app

#appsec #devsecops #pipelines
🔥3👍2
644 viewsedited  
APT
🎁 Application Security Pipelines
(Now with guides)

Scan your code, infrastructure configs and domains with many open source scanners.

Currently supported: trufflehog, gitleaks, bandit, gosec, spotbugs, terrascan, hadolint, retirejs, eslint, phpcs, sonarqube integration, semgrep, arachni, zap, subfinder, nuclei..

All reports will be passed to defectdojo

Guides:
https://github.com/Whitespots-OU/DevSecOps-Pipelines

Integration examples:
https://gitlab.com/whitespots-public/vulnerable-apps

#appsec #devsecops #pipelines
👍4🔥2
2.83K views
APT
👍 Whitespots: Application Security Platform

It’s a really powerful security automation platform for those of us who are working on defense side.

🚀 The platform solves such problems as:
Issues deduplication (within incremental scans + between different scanners using rules);
Automated verification (using rules);
Automated resolving (if the issue doesn’t exist in a new report);
Running of custom tools in a sequence (like Subfinder -> Naabu -> Httpx-> Nuclei);
Sequences scheduling.

🔗 Source:
https://gitlab.com/whitespots-public/appsec-portal

#devsecops #sast #dast #osa #automation
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
How to automate vulnerability scanning process?
Use Whitespots Appliation Security portal to quickly discover vulnerabilities within a few clicks
🔥7❤‍🔥4👎2
5.76K views
APT
🔎 FVLCN Secrets Hunter

One more, but may be just one secret scanner for your CI.

Unlike traditional tools, it analyzes variables where high entropy strings are assigned, such as secret_token = “......”;
api_key = “....”, for comprehensive coverage.

🔗 https://github.com/FVLCN/secrets-hunter

#tool #scanner #devsecops #appsec
1👍7❤‍🔥3🔥21
6.07K views
APT
📌Complete SSL pinning implementation for mobile apps in 2026

For those who didn’t even try or those who have trobles with cloudflare

Architecture and basics:
https://medium.com/@ddddddeniis/dynamic-ssl-pinning-server-architecture-signed-key-registry-and-full-deployment-e7405528d9d2

Implementation (step by step):
https://medium.com/@ddddddeniis/dynamic-ssl-pinning-on-android-integrating-the-sdk-and-walking-through-the-implementation-20334233416c

#appsec #guide #devsecops
1🔥14❤‍🔥52
3.13K views