Skip to content

Commit

Permalink
feat: added security part resources for app security
Browse files Browse the repository at this point in the history
  • Loading branch information
marcel-haag committed Dec 9, 2023
1 parent 8319208 commit ea405b7
Show file tree
Hide file tree
Showing 8 changed files with 63 additions and 0 deletions.
63 changes: 63 additions & 0 deletions 1_security/1_theorie/Anwendungssicherheit.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
# Anwendungssicherheit

![Übersicht](../99_assets/images/appsec_overview.png)

## Planung

### Methoden zum Planen sicherer Anwendungen:

* Threat Modeling
1. Anwendung zerlegen
2. Bestimmen Sie Vermögenswerte und Sicherheitsziele
3. Ermitteln Sie Bedrohungen
4. Bedrohungen einstufen
5. Bestimmen Sie Gegenmaßnahmen und Schadensbegrenzung

## Coden

### Sichres Design: Die wichtigsten Sicherheitsprinzipien
* Geringstes Privileg
* Aufgabentrennung
* Verteidigung in der Tiefe
* Sicher scheitern
* Offenes Design
* Sicherheit durch Dunkelheit vermeiden
* Minimierung der Angriffsfläche

### Nützliche Ressourcen für Entwickler
[OWASP Web Security Top 10](https://owasp.org/www-project-top-ten/)

[OWASP API Security Top 10](https://owasp.org/API-Security/editions/2023/en/0x00-header/)

## Bauen & Testen

![Testing Pyramide](../99_assets/images/testing_pyramide.png)

### ToDo's für jeden Layer der Pyramide

* Static Application Security Testing (SAST)
![SAST](../99_assets/images/SAST.png)


* Dynamic Application Security Testing (DAST)
![DAST](../99_assets/images/DAST.png)


* Security Tools für die CI-/CD-Pipeline
![CICD Tooling](../99_assets/images/CICD_tools.png)


* Code Reviews


* Pentests
![Pentestflow](../99_assets/images/pentest_schritte.png)


* Software Composition Analysis (SCA)
![SCA](../99_assets/images/SCA.png)

### Nützliche Ressourcen für Entwickler
[OWASP Websecurity Testing Guide](https://owasp.org/www-project-web-security-testing-guide)

[OWASP Security-C4PO Anwendung](https://owasp.org/www-project-security-c4po/)
Binary file added 1_security/99_assets/images/CICD_tools.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added 1_security/99_assets/images/DAST.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added 1_security/99_assets/images/SAST.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added 1_security/99_assets/images/SCA.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added 1_security/99_assets/images/appsec_overview.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added 1_security/99_assets/images/testing_pyramide.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit ea405b7

Please sign in to comment.