secureCodeBox, it really whips the llama’s ass.

If you get the winamp reference +1 old points to you.

As part of my role I conduct vulnerability scans against environments on a quarterly basis. It’s not massively taxing, I’ve documented so somebody else could do it… but it’s definitely something that could be automated. This is where secureCodeBox comes in!

At the moment I am playing with the features to automate what already exists with ZAP, SSLyze, nikto & nmap. I am looking to see the effort required to include other tools in custom scans since it’d be nice if GVM could be usable in a similar manner.

The nice thing with secureCodeBox is that it can happily output to an S3 compat. service, so that includes S3, Vultr block storage & its own in-built minio. It does have some potential to integrate with ES and it looks to be only a matter of time for DefectDojo which is what I’m waiting for.

Looking forward to playing with this more, it is really a great idea.