The links provided on this website are for informational purposes only. I do not necessarily agree with, endorse, or take responsibility for the content, views, or accuracy of any external websites linked here. Use them at your own discretion.
OWASP TOP 10 is a open source website that highlight most critical security risks to web applications
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This site can be used to automate vulnerability management.
SAST is a white-box testing approach that focuses on the source code of an application to identify vulnerabilities.
DAST is a black-box testing approach that focuses on the scanning the applications and APIs to identify vulnerabilities. Unlike SAST, DAST does not need access to source code.
DAST tools
Burp Suite
https://portswigger.net/burp/communitydownload
SAST tools
SonarQube (community version is free)
https://www.sonarsource.com/products/sonarqube/downloads/
https://hub.docker.com/_/sonarqube/tags
GitLab
Container scanning is done automatically when images are pushed to quay.io, docker Hub, or Azure Container Registry.
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.