Tools & frameworks
- https://www.defectdojo.org/ DEFECT DOJO: Security program and vulnerability management tool. Features: Imports XML output from nmap, nikto, burp, qualys, nessus, …Integrates to Jira. Generates reports.
- https://www.archerysec.com/ ArcherySec: Centralize Vulnerability Assessment and Management for DevSecOps Team
- https://github.com/dowjones/reapsaw Reapsaw: Reapsaw is a continuous security devsecops tool, which helps in enabling security into CI/CD Pipeline. It supports coverage for multiple programming languages.
- https://hackerone.com/hacktivity HackerOne Hacktivity: See the latest hacker activity on HackerOne
- https://bugcrowd.com/vulnerability-rating-taxonomy Bugcrowd VRT: Bugcrowd’s Vulnerability Rating Taxonomy
Standards & Guidelines
- https://github.com/OWASP/ASVS/tree/master/4.0/en OWASP ASVS 4.0: OWASP Application Security Verification Standard
- https://learn.cisecurity.org/benchmarks CIS benchmarks
- http://2016.eicar.org/85-0-Download.html EICAR virus test
- https://www.irs.gov/privacy-disclosure/nessus-audit-files IRS CIS Nessus audit files