Secure development, DevSecOps
OWASP, OpenSAMM and related
IETF
Best Current Practices
- RFC 3552 Guidelines for Writing RFC Text on Security Considerations
- Internet Threat Model
- Which attacks are in-scope versus out of scope
- RFC 6973 Privacy Considerations for Internet Protocols
- Threats
- Threat mitigation
- Guidelines
Vendors
Concepts
Secure coding
Securit of Machine Learning
DevSecOps - Security testing in continuous integration and DevOps
See also SCAP/OpenSCAP
NIST
Tools
- Sysdig
- Sonatype - Nexus repositories, source code analysis, libraries, Nexus source code scanner
- Mend.io - Ron and Rami - ex-WhiteSource
- 42Crunch - Isabelle Mauny - includes API security
- Frida Greasemonkey for native apps, i.e. a dynamic code instrumentation toolkit that lets you inject snippets of JavaScript or your own library into native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX
- Fortify - Wikipedia
- Fortify - Microfocus - originally static code analysis
- Tenable - manage cyber exposure - home of Nessus
- Mittn - an evolving suite of security testing tools to be run in Continuous Integration context that uses Python and Behave.
- Gauntlt
- BDD security- publications
Building blocks
Training
Solution providers
Tools