### Run cicd-goat with Docker Compose Source: https://github.com/sbilly/awesome-security/blob/master/README.md Starts the cicd-goat application in detached mode using Docker Compose. ```bash docker-compose -d up ``` -------------------------------- ### Host-Based Detection Deployment Pattern Source: https://github.com/sbilly/awesome-security/blob/master/_autodocs/implementation-patterns.md Depicts the architecture for Host-Based Detection, starting from endpoint agents to behavioral detection and response actions. ```text [Endpoint Agents] (OSSEC/Wazuh) ↓ [File Monitoring] (integrity checking) ↓ [Log Collection] (syslog/agent protocol) ↓ [Central Manager] (Wazuh/OSSEC) ↓ [Behavioral Detection] (CrowdSec) ↓ [Response Actions] (firewall, alerts, isolation) ``` -------------------------------- ### Deployment Pattern: Deception Architecture Source: https://github.com/sbilly/awesome-security/blob/master/_autodocs/implementation-patterns.md Outlines a deception architecture, starting from the internet and moving through firewalls to T-Pot sensors, various honeypots, Cuckoo Sandbox for analysis, and finally to an intelligence feed. ```text [Internet] → [Firewall] → [T-Pot Sensors] (distributed) ↙ ↓ ↘ [Kippo] [Glastopf] [Conpot] ↓ [Cuckoo Sandbox] ↓ [Malware Analysis] ↓ [Intelligence Feed] ``` -------------------------------- ### Deployment Pattern: IntelMQ to Security Tools Source: https://github.com/sbilly/awesome-security/blob/master/_autodocs/implementation-patterns.md Illustrates the flow of external feeds through IntelMQ processing to MISP storage, and then distributing to various security tools like IDS, Firewalls, and SIEMs. ```text [External Feeds] ↓ [IntelMQ Processing] ↓ [MISP Storage & Correlation] ↓ ↙ ↓ ↘ [IDS Rules] [Firewall Rules] [Detection Rules] ↓ ↓ ↓ [Sensors] [Gateways] [SIEM Platform] ``` -------------------------------- ### Accessing the Original Repository Source: https://github.com/sbilly/awesome-security/blob/master/_autodocs/README.md Use this command to clone the original Awesome-Security repository from GitHub to access the latest updates and the full list of resources. ```bash https://github.com/sbilly/awesome-security ``` -------------------------------- ### Pull Vulnerable WordPress Docker Image Source: https://github.com/sbilly/awesome-security/blob/master/README.md Pulls a vulnerable WordPress installation Docker image for security practice. ```bash docker pull wpscanteam/vulnerablewordpress ``` -------------------------------- ### Build and Run OWASP NodeGoat with Docker Compose Source: https://github.com/sbilly/awesome-security/blob/master/README.md Builds and runs the OWASP NodeGoat application using Docker Compose. ```bash docker-compose build && docker-compose up ``` -------------------------------- ### Web Application Security Pipeline Deployment Pattern Source: https://github.com/sbilly/awesome-security/blob/master/_autodocs/implementation-patterns.md Outlines the deployment pattern for a Web Application Security Pipeline, covering testing, scanning, WAF, and RASP integration. ```text [Pre-Prod Testing] ↓ [ZAP Scanning] → [sqlmap] → [Scanmycode] ↓ [Vulnerability Review] ↓ [Production Deployment] ↓ [ModSecurity/WAF] ← [Rules Updates] ↓ [Application] + [RASP Agent] ↓ [Response/Alerting] ``` -------------------------------- ### Network Security Monitoring Deployment Pattern Source: https://github.com/sbilly/awesome-security/blob/master/_autodocs/implementation-patterns.md Illustrates a typical flow for Network Security Monitoring, from internet ingress through sensors, capture, aggregation, and analysis. ```text Internet → [Snort/Suricata Sensor] → [Alert Queue] ↓ [Zeek Sensor] → [Behavioral Data] ↓ [PCAP Capture] → [Moloch/stenographer] ↓ [Security Onion Aggregator] ↓ [Elasticsearch/ELK] ↓ [Analyst Dashboard] ``` -------------------------------- ### Pull OWASP Juice Shop Docker Image Source: https://github.com/sbilly/awesome-security/blob/master/README.md Pulls the OWASP Juice Shop Docker image, a deliberately insecure web application for security training. ```bash docker pull bkimminich/juice-shop ``` -------------------------------- ### Deployment Pattern: Data Protection Architecture Source: https://github.com/sbilly/awesome-security/blob/master/_autodocs/implementation-patterns.md Illustrates data protection flows, including encryption for data in transit and at rest, and access control mechanisms for credentials and databases. It shows client-to-database encryption and separate flows for credentials and secrets. ```text [Client] ↓ (TLS) [Application] ↓ (Themis/Encryption) [acra Proxy] ↓ (Encrypted queries) [Database] ↓ (Stored encrypted) [Persistent Storage] [Credentials] → [Vault] → [Client Applications] [Secrets] → [Sops] → [Configuration Management] ``` -------------------------------- ### Pull OWASP WebGoat Docker Image Source: https://github.com/sbilly/awesome-security/blob/master/README.md Pulls the OWASP WebGoat Project Docker image for learning web application security. ```bash docker pull danmx/docker-owasp-webgoat ``` -------------------------------- ### Deployment Pattern: Container Security Pipeline Source: https://github.com/sbilly/awesome-security/blob/master/_autodocs/implementation-patterns.md Details the container security pipeline from source code through build and runtime phases. It includes SAST, secret scanning, dependency checks, policy enforcement, and runtime monitoring. ```text [Source Code] ↓ [Build Stage] ↙ ↓ ↘ [SAST] [Secrets] [Dependencies] ↓ ↓ ↓ [Scanmycode] [SecretScanner] [Trivy] ↓ [Policy Check] (Checkov) ↓ [Container Registry] ↓ [Kubernetes Cluster] ↙ ↓ ↘ [Falco] [Wazuh] [Network Policy] ↓ [Alert/Response] ``` -------------------------------- ### Deployment Pattern: Secrets Management Architecture Source: https://github.com/sbilly/awesome-security/blob/master/_autodocs/implementation-patterns.md Shows the architecture for secrets management, with a central Vault server interacting with applications, infrastructure, and development environments via SDKs, specific tools, or local storage. ```text [Vault Server] (Protected) ↓ ↙ ↓ ↘ [Application] [Infrastructure] [Development] ↓ ↓ ↓ [SDK/API] [chamber/credstash] [aws-vault] ↓ ↓ ↓ [Database] [AWS Services] [Local Keychain] ``` -------------------------------- ### Incident Response Workflow Deployment Pattern Source: https://github.com/sbilly/awesome-security/blob/master/_autodocs/implementation-patterns.md Details the deployment pattern for an Incident Response workflow, from alert triggering to recovery and hardening. ```text [Alert Triggered] ↓ [Incident Confirmation] ↓ [GRR Agent Deploy] → [Live Investigation] ↓ [Memory Dump] → [Volatility Analysis] ↓ [Log Collection] → [Timeline Reconstruction] ↓ [Root Cause Determination] ↓ [Remediation Planning] ↓ [Response Execution] ↓ [Recovery & Hardening] ``` -------------------------------- ### Pull OWASP Security Shepherd Docker Image Source: https://github.com/sbilly/awesome-security/blob/master/README.md Pulls the OWASP Security Shepherd Docker image for security training. ```bash docker pull ismisepaul/securityshepherd ```