Skip to content

Commit

Permalink
docs: update links with additional tools
Browse files Browse the repository at this point in the history
  • Loading branch information
gipo355 committed Jun 13, 2024
1 parent 19e0e74 commit 501efa2
Showing 1 changed file with 29 additions and 1 deletion.
30 changes: 29 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,10 +29,15 @@
- [References](#references)
- [Alternatives/Additions](#alternativesadditions)
- [Considered Strongest, but paid](#considered-strongest-but-paid)
- [others](#others)
- [Free](#free)
- [Other static analysis tools](#other-static-analysis-tools)
- [Find out more](#find-out-more)
<!--toc:end-->
- [Github actions interesting links](#github-actions-interesting-links)
- [Artifacts](#artifacts)
- [Expressions](#expressions)
- [Summaries](#summaries)
<!--toc:end-->

Proof of concept for a tomcat webapp boilerplate with automated testing and security checks.

Expand Down Expand Up @@ -85,6 +90,7 @@ Vulnerability assessment actions:
- can be customized and improved. <https://github.com/wapiti-scanner/wapiti/blob/master/doc/wapiti.ronn>
- OWASP ZAP (Zed Attack Proxy)
- using the base full-scan option
- can use the API scan instead (<https://www.zaproxy.org/docs/docker/api-scan/>, <https://github.com/zaproxy/action-api-scan>) can be fed and openapi spec
- can be customized and improved. Can be put in a custom action to get the full cli power and adding extensions/addons (like sarif report <https://www.zaproxy.org/docs/desktop/addons/report-generation/report-sarif-json/>)

Reports that won't generate a sarif are uploaded to github pages or are made available with custom actions at [issues](https://github.com/gipo999/tomcat-webapp-boilerplate/issues)
Expand Down Expand Up @@ -129,6 +135,8 @@ Requires commits to be made following the `commitizen` format
- wapiti
- others can be added with custom actions or adding to the nmap cli tool created

Please check [Alternative/Additions](#alternativesadditions)

### Sarif Reports

Sarif reports can be uploaded to github with the `upload-sarif` action.
Expand Down Expand Up @@ -174,6 +182,26 @@ After a succesful release, the docker image is uploaded to dockerhub and github

- purpleteam

#### others

- astra <https://www.getastra.com/pentest/pricing>

- apiscan <https://www.apisec.ai/>

- pentest tools <https://pentest-tools.com/pricing>

- portswigger <https://portswigger.net/burp/vulnerability-scanner/api-security-testing>

<https://owasp.org/www-community/api_security_tools>

<https://nordicapis.com/api-vulnerability-scanners/>

<https://github.com/arainho/awesome-api-security>

<https://github.com/sbilly/awesome-security>

<https://github.com/okhosting/awesome-cyber-security>

#### Free

- nuclei
Expand Down

0 comments on commit 501efa2

Please sign in to comment.