Skip to content

Instantly share code, notes, and snippets.

View sp3nx0r's full-sized avatar

sp3nx0r

11 followers · 11 following
View GitHub Profile
@apolloclark
apolloclark / devsecops_maturity_model.md
Last active January 22, 2024 05:08
DevSecOps Maturity Model

DevSecOps Maturity Model

DevSecOps has finally become popular within the wider IT industry in 2019. I started as a web developer in 2001, learned about testing automation, system deployment automation, and "infrastructure as code" in 2012, when DevOps was becoming a popular term. DevOps became common after the release of The Phoenix Project in Jan 2013. It has taken 7+ years for security to become integrated within the DevOps methodology. The following is a list of concepts I go through with project owners, project managers, operations, developers, and security teams, to help establish how mature their DevOps and security automation is, and to help them increase that maturity over time. This model is based on experience consulting with a variety of US Financial, Healthcare, and Department of Defense, organizations, and combines:

@kesor
kesor / cloudtrail-template-elasticsearch.json
Last active February 5, 2022 02:59
An ElasticSearch Index template for CloudTrail events
PUT _template/cloudtrail
{
"index_patterns": ["cloudtrail-*"],
"settings": {
"number_of_shards": 1,
"mapping": {
"total_fields": {
"limit": 10000
}
}
@technion
technion / Password References.md
Last active May 2, 2024 23:32
A set of references on modern password policies

References on modern password policies

Below links provide source, reference link and relevant quote

Standards

NIST

https://github.com/usnistgov/800-63-3/blob/nist-pages/sp800-63b/sec5_authenticators.md

Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.

Major organisations

@atoponce
atoponce / gist:07d8d4c833873be2f68c34f9afc5a78a
Last active March 19, 2024 17:24 — forked from tqbf/gist:be58d2d39690c3b366ad
Cryptographic Best Practices

Cryptographic Best Practices

Putting cryptographic primitives together is a lot like putting a jigsaw puzzle together, where all the pieces are cut exactly the same way, but there is only one correct solution. Thankfully, there are some projects out there that are working hard to make sure developers are getting it right.

The following advice comes from years of research from leading security researchers, developers, and cryptographers. This Gist was [forked from Thomas Ptacek's Gist][1] to be more readable. Additions have been added from

@apolloclark
apolloclark / aws cli cheatsheet.md
Last active April 24, 2024 14:25