Skip to content

Timoo20/devsecops-lab

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
burp
burp
 
 
dvwa
dvwa
 
 
juice-shop
juice-shop
 
 
mutillidae
mutillidae
 
 
scripts
scripts
 
 
siem
siem
 
 
webgoat
webgoat
 
 
zap
zap
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

DevSecOps Advanced Lab

High‑Grade Application Security, Secure Coding, SIEM Engineering & DevSecOps Practice Environment

This repository provides a complete hands‑on offensive and defensive security lab. It includes intentionally vulnerable applications, guided exploitation labs, payload libraries, SIEM detection engineering, threat‑hunting guides, automation scripts, and security tooling documentation.

The lab is structured so that each directory contains:

  • INSTALL.md – How to set up the environment
  • LABS.md – Step‑by‑step exploitation or testing labs
  • PAYLOADS.md / RULES.md – Payloads, detection rules, correlation guides
  • SCRIPTS – Automation and tooling for red/blue team workflows

1. Vulnerable Applications

These applications are included for web exploitation, DevSecOps training, and OWASP Top 10 demonstrations.

Juice Shop

OWASP Juice Shop exploitation and DevSecOps security testing.

Mutillidae II

Large vulnerability coverage for web pentesting and OWASP awareness.

WebGoat

Interactive web application security lessons by OWASP.

2. SIEM & Threat Detection Engineering

A full SIEM engineering suite including Wazuh deployment, detection rules, and log correlation playbooks.

Wazuh SIEM

3. Security Automation Scripts

Automation to accelerate DevSecOps, logging, and attack simulation.

4. ZAP (OWASP Zed Attack Proxy)

Guides for automated and manual scanning using ZAP.

5. Burp Suite Professional Workflow

Comprehensive proxy configuration and advanced web exploitation steps.

6. Project Structure Overview

devsecops-lab/
│
├── juice-shop/
│   ├── INSTALL.md
│   ├── LABS.md
│   └── PAYLOADS.md
│
├── mutillidae/
│   ├── INSTALL.md
│   ├── LABS.md
│   └── PAYLOADS.md
│
├── webgoat/
│   ├── INSTALL.md
│   └── LABS.md
│
├── siem/
│   ├── DETECTION_RULES.md
│   ├── LOG_CORRELATION.md
│   └── WAZUH_INSTALL.md
│
├── scripts/
│   ├── attack-automation.sh
│   ├── log-collector.sh
│   └── start-dvwa.sh
│
├── zap/
│   ├── ATTACK_GUIDE.md
│   └── SCANNING.md
│
├── burp/
│   ├── HACKING_GUIDE.md
│   └── PROXY_SETUP.md
│
└── README.md

7. Purpose of This Repository

This lab is designed for:

  • DevSecOps Engineers
  • Cybersecurity Analysts
  • Penetration Testers
  • SOC Analysts
  • Students preparing for real‑world offensive and defensive security tasks

Each module provides structured and reproducible exercises that simulate enterprise‑grade security operations and attack scenarios.

8. Contributions

Pull requests are welcome. Ensure new content is:

  • Technically accurate
  • Written in clear Markdown
  • Structured into INSTALL.md, LABS.md, or PAYLOADS/RULES

9. License

MIT License.

10. Maintainer

Tim Murkomen

About

High-Grade Application Security & DevSecOps Advanced Lab

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages