Some open source and commercial AppSec tools and articles that have come up in my news feeds recently. Plan to set some of these up in a lab environment and share my thoughts and findings.
Trivy - https://github.com/aquasecurity/trivy
Vulnerability Scanner for Containers, Suitable for CI.
Microsoft Application Inspector - https://www.microsoft.com/security/blog/2020/01/16/introducing-microsoft-application-inspector/
Source code analyzer that helps you understand what a program does by identifying interesting features and characteristics.
Semmle, now bought by Github - https://semmle.com
Code analysis platform for finding zero-days and automating variant analysis.
Synopsys Seeker - https://www.synopsys.com/software-integrity/security-testing/interactive-application-security-testing.html
IAST tool.
Dependabot now on Github - https://github.blog/2019-05-23-introducing-new-ways-to-keep-your-code-secure/#automated-security-fixes-with-dependabot
https://dependabot.com/blog/hello-github/
Free SCA for Github repos.
Sqreen - https://www.sqreen.com/
AppSec management platform.
Software-Defined network security in AWS - https://pages.awscloud.com/awsmp-ss-sec-Fortinet-SoftwareDefinedSec.html
Webinar, find recording.
Wuzz HTTP inspection in terminal - https://github.com/asciimoo/wuzz
Interactive cli tool for HTTP inspection.
Cloud secrets management vault - https://www.akeyless.io/
See how this compares to Hashicorp.