Open Source Application Security arsenal



Application Security


While building Security Phoenix we had a thought on sharing some of the component (open source) to enable to build a custom arsenal of open source vulnerabilities


Various Phases


it all starts on pen and paper

I always like to start with a mindmap of the various component, might be old school but hey it works and helps to focus



What are the components of the framework:


*) Enumeration/Reconnaissance In this phase you list the various component of an application, web source, API etc...


Then you start the merry go round

  1. Static code analyser - you look at code and identify with regular expression what's good and bad

  2. Dependency-Check - this enables to create a software composition

  3. Code relationships - again this is related to how the code and libraries interdepend with each other

  4. Cloud Assessment - this is an extra component if you have a cloud deployment

  5. Network assessment - there are multiple one (from Nmap to nettacker) depends really hwo deep you want to go

  6. Web/API assessment - in this case, you want to test with script or interjection the code quality that you send to a web frontend (burp, zap are name in this case)

  7. Vulnerability Managers not many aggregators, that's why we've created Security Phoenix https://www.nsc42.co.uk/securityphoenix

  8. Intelligence framework - This is an extra step if you want to integrate a threat feed/scanner in the project




The core arsenal


*) Enumeration/Reconnasance

> https://sitereport.netcraft.com/

> https://github.com/rbsec/dnscan

> shodan.io

1) Static code analyser - https://github.com/ShiftLeftSecurity/sast-scan

2) Dependency-Check - https://github.com/jeremylong/DependencyCheck

3) Code relationships - https://github.com/crubier/code-to-graph

3) Cloud Assessment - Prowler - https://github.com/toniblyx/prowler

4) Network assessment - Nettacker - https://github.com/zdresearch/OWASP-Nettacker

> Tsunami - https://github.com/google/tsunami-security-scanner

*) Vulnerability Scanner/Management - Security Phoenix - https://landing.nsc42.com/register-phoenix

5. Intelligence framework - https://github.com/intelowlproject/IntelOwl


Some of the tool available



Feeds: https://www.findbestopensource.com/product/facebookincubator-nvdtools


Network Vuln assessment


Website Crawelers

> DNS Scan: https://github.com/rbsec/dnscan


Vulns - https://vuls.io/

https://github.com/future-architect/vuls

h4cker - https://h4cker.org

https://github.com/The-Art-of-Hacking/h4cker

Watchdog: https://github.com/flipkart-incubator/watchdog

Network:

www.seccubus.com

https://github.com/schubergphilis/Seccubus


Network Vuln Build:

This could be a set of tools you could launch from a central location with a VM/docker images


Idea of the build: www.seccubus.com