Photos from National Cyber Security Services's post
DevAudit:-- Open-source, cross-platform, multi-purpose #security #auditing #tool targeted at #developers and #teams adopting #DevOps and #DevSecOps that detects security #vulnerabilities at multiple levels of the solution stack.
Features:-
1. Cross-platform with a #Docker image also available.
2. #CLI interface.
3. Continuously updated vulnerabilities data.
4. Audit #operating #system and #development package dependencies.
5. Audit application #server configurations.
6. Audit application #configurations.
7. Audit application #code by #static analysis.
8. #Remote agentless auditing.
9. Agentless Docker container auditing.
10. #GitHub repository auditing.
11. #PowerShell support.
#Download #Link:-
https://github.com/OSSIndex/DevAudit
  DevAudit:-- Open-source, cross-platform, multi-purpose #security #auditing #tool targeted at #developers and #teams adopting #DevOps and #DevSecOps that detects security #vulnerabilities at multiple levels of the solution stack.
Features:-
1. Cross-platform with a #Docker image also available.
2. #CLI interface.
3. Continuously updated vulnerabilities data.
4. Audit #operating #system and #development package dependencies.
5. Audit application #server configurations.
6. Audit application #configurations.
7. Audit application #code by #static analysis.
8. #Remote agentless auditing.
9. Agentless Docker container auditing.
10. #GitHub repository auditing.
11. #PowerShell support.
#Download #Link:-
https://github.com/OSSIndex/DevAudit
Brakeman:-- A #static #analysis #security #vulnerability #scanner for #Ruby on #Rails #applications
#Compatibility:-
Brakeman should work with any version of Rails from 2.3.x to 6.x.
#Brakeman can analyze #code written with Ruby 1.8 syntax and #newer but requires at least Ruby 2.3.0 to run.
Brakeman assigns a confidence level to each #warning. This provides a rough estimate of how certain the tool is that a given warning is actually a problem. Naturally, these ratings should not be taken as absolute truth.
There are three levels of confidence:-
1. High - Either this is a simple warning (#boolean value) or user input is very likely being used in unsafe ways.
2. Medium - This generally indicates an unsafe use of a variable, but the #variable may or may not be user input.
3. Weak - Typically means user input was indirectly used in a potentially unsafe manner.
#Download #Link:-
https://github.com/presidentbeef/brakeman
Brakeman:-- A #static #analysis #security #vulnerability #scanner for #Ruby on #Rails #applications
#Compatibility:-
Brakeman should work with any version of Rails from 2.3.x to 6.x.
#Brakeman can analyze #code written with Ruby 1.8 syntax and #newer but requires at least Ruby 2.3.0 to run.
Brakeman assigns a confidence level to each #warning. This provides a rough estimate of how certain the tool is that a given warning is actually a problem. Naturally, these ratings should not be taken as absolute truth.
There are three levels of confidence:-
1. High - Either this is a simple warning (#boolean value) or user input is very likely being used in unsafe ways.
2. Medium - This generally indicates an unsafe use of a variable, but the #variable may or may not be user input.
3. Weak - Typically means user input was indirectly used in a potentially unsafe manner.
#Download #Link:-
https://github.com/presidentbeef/brakeman
  #Compatibility:-
Brakeman should work with any version of Rails from 2.3.x to 6.x.
#Brakeman can analyze #code written with Ruby 1.8 syntax and #newer but requires at least Ruby 2.3.0 to run.
Brakeman assigns a confidence level to each #warning. This provides a rough estimate of how certain the tool is that a given warning is actually a problem. Naturally, these ratings should not be taken as absolute truth.
There are three levels of confidence:-
1. High - Either this is a simple warning (#boolean value) or user input is very likely being used in unsafe ways.
2. Medium - This generally indicates an unsafe use of a variable, but the #variable may or may not be user input.
3. Weak - Typically means user input was indirectly used in a potentially unsafe manner.
#Download #Link:-
https://github.com/presidentbeef/brakeman
Brakeman:-- A #static #analysis #security #vulnerability #scanner for #Ruby on #Rails #applications
#Compatibility:-
Brakeman should work with any version of Rails from 2.3.x to 6.x.
#Brakeman can analyze #code written with Ruby 1.8 syntax and #newer but requires at least Ruby 2.3.0 to run.
Brakeman assigns a confidence level to each #warning. This provides a rough estimate of how certain the tool is that a given warning is actually a problem. Naturally, these ratings should not be taken as absolute truth.
There are three levels of confidence:-
1. High - Either this is a simple warning (#boolean value) or user input is very likely being used in unsafe ways.
2. Medium - This generally indicates an unsafe use of a variable, but the #variable may or may not be user input.
3. Weak - Typically means user input was indirectly used in a potentially unsafe manner.
#Download #Link:-
https://github.com/presidentbeef/brakeman
Photos from National Cyber Security Services's post
Memhunter:-- Live #Hunting Of #Code #Injection #Techniques.
Memhunter is an endpoint sensor tool that is specialized in detecing resident #malware, improving the threat hunter analysis process and remediation times. The tool detects and reports memory-resident malware living on endpoint processes. Memhunter detects known #malicious #memory injection techniques. The detection #process is performed through live analysis and without needing memory dumps. The tool was designed as a replacement for memory #forensic #volatility #plugins such as malfind and hollowfind. The idea of not requiring memory dumps helps on performing the memory-resident malware threat hunting at scale, without manual #analysis, and without the complex #infrastructure needed to move dumps to forensic environments.
#Download #Link:-
https://github.com/marcosd4h/memhunter
  Memhunter:-- Live #Hunting Of #Code #Injection #Techniques.
Memhunter is an endpoint sensor tool that is specialized in detecing resident #malware, improving the threat hunter analysis process and remediation times. The tool detects and reports memory-resident malware living on endpoint processes. Memhunter detects known #malicious #memory injection techniques. The detection #process is performed through live analysis and without needing memory dumps. The tool was designed as a replacement for memory #forensic #volatility #plugins such as malfind and hollowfind. The idea of not requiring memory dumps helps on performing the memory-resident malware threat hunting at scale, without manual #analysis, and without the complex #infrastructure needed to move dumps to forensic environments.
#Download #Link:-
https://github.com/marcosd4h/memhunter
