This repository contains detailed runbooks for responding to various security incidents detected by Contrast Security. These runbooks provide step-by-step guidance for security teams to effectively triage and respond to different types of security events.
- Command Injection - Handling command injection attacks attempting to execute arbitrary system commands
- JNDI Injection - Responding to JNDI injection attempts targeting Java applications
- SQL Injection - Managing SQL injection attacks against database systems
- Expression Language Injection - Addressing expression language injection vulnerabilities
- Path Traversal - Handling attempts to access files outside intended directories
- HTTP Method Tampering - Managing unauthorized HTTP method manipulation
- Cross-Site Scripting (XSS) - Responding to XSS attacks injecting malicious scripts
- XML External Entity Injection - Handling XXE attacks against XML parsers
- Untrusted Deserialization - Managing deserialization of untrusted data
- Identify the type of security event/alert
- Navigate to the corresponding runbook
- Follow the decision tree to classify the event
- Execute the recommended response procedures
- Document actions taken and complete post-incident activities
See our Contribution Guidelines for information on how to contribute to these runbooks.
