{"id":25034,"date":"2023-07-06T15:30:00","date_gmt":"2023-07-06T15:30:00","guid":{"rendered":"https:\/\/nsfocusglobal.com\/?p=25034"},"modified":"2026-04-17T18:07:40","modified_gmt":"2026-04-17T18:07:40","slug":"an-insight-into-rsa-2023-5-open-source-security-tools-all-developers-should-know-about","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/an-insight-into-rsa-2023-5-open-source-security-tools-all-developers-should-know-about\/","title":{"rendered":"An Insight into RSA 2023: 5 Open Source Security Tools All Developers Should Know About"},"content":{"rendered":"<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD HTML 4.0 Transitional\/\/EN\" \"http:\/\/www.w3.org\/TR\/REC-html40\/loose.dtd\">\n<html><body><p>In the process of developing code, developers will worry about whether there are security problems in the image of code, dependencies and projects packaged. In the RSAC 2023 this year, David Melamed and Luke O&#8217;Malley recommended five open source security tools in their speech &#8220;5 Open Source Security Tools All Developers Should Know About&#8221;.<\/p>\n\n\n\n<p>When evaluating each category of security tools, the contestants of security tools under this category is listed, and the optimal security tools under this category are finally evaluated by integrating multiple factors.<\/p>\n\n\n\n<p>When evaluating security tools, a comprehensive evaluation is mainly carried out from the following aspects:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Result quality: accuracy of results from a development perspective<\/li>\n\n\n\n<li>DevX: It can be used from the command line or integrated with various IDEs, which is fast and easy to understand<\/li>\n\n\n\n<li>Maturity: community support, bug repair and certificate<\/li>\n\n\n\n<li>Customizability: Tools can be easily extended to suit developers<\/li>\n<\/ul>\n\n\n\n<p>The recommended tools for each category are as follows:<\/p>\n\n\n\n<p class=\"has-text-align-center\">Table 1 Recommended open source tools for each category<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>Categories<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\"><strong>Tool Name<\/strong><\/td><td><strong>Link<\/strong><\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">Code Scanners<\/td><td class=\"has-text-align-center\" data-align=\"center\">Semgrep<\/td><td>https:\/\/github.com\/returntocorp\/semgrep<br>Semgrep<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">Dependency Checkers<\/td><td class=\"has-text-align-center\" data-align=\"center\">OSV-Scanner<\/td><td>https:\/\/github.com\/google\/osv-scanner<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">Infrastructure as Code Scanners<\/td><td class=\"has-text-align-center\" data-align=\"center\">KICS<\/td><td>https:\/\/github.com\/Checkmarx\/kics<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">Container Scanning<\/td><td class=\"has-text-align-center\" data-align=\"center\">Trivy<\/td><td>https:\/\/github.com\/aquasecurity\/trivy<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">Runtime Scanning<\/td><td class=\"has-text-align-center\" data-align=\"center\">ZAP<\/td><td>https:\/\/github.com\/zaproxy\/zaproxy<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">1. <strong>Code Scanners<\/strong><\/h2>\n\n\n\n<p>Code scanning is mainly used to find vulnerabilities in the code. Typically, this includes:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OWASP Top 10<\/li>\n\n\n\n<li>CWE Top 25<\/li>\n\n\n\n<li>Secrets<\/li>\n\n\n\n<li>Custom rules (e.g. authentication\/authorization information, etc.)<\/li>\n<\/ul>\n\n\n\n<p>Finally, Semgrep was selected from the following contestants.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-1.jpg\"><img fetchpriority=\"high\" decoding=\"async\" width=\"995\" height=\"421\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-1.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-25035\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-1.jpg 995w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-1-300x127.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-1-768x325.jpg 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-1-600x254.jpg 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-1-200x85.jpg 200w\" sizes=\"(max-width: 995px) 100vw, 995px\" \/><\/a><figcaption class=\"wp-element-caption\">Figure 1 Contestants of Code Scanners<\/figcaption><\/figure>\n<\/div>\n\n\n<p>Semgrep&#8217;s rules integrate many security tools (such as Gitleaks, Findsecbugs, Gosec, etc.) and support more than 30 languages. From a usability point of view, it is compile-free and can run on any environment (command line, Docker, IDE). It&#8217;s also easy to extend, just by writing rules. Semgrep has a large community and active contributors.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-2.jpg\"><img decoding=\"async\" width=\"953\" height=\"214\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-2.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-25037\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-2.jpg 953w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-2-300x67.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-2-768x172.jpg 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-2-600x135.jpg 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-2-200x45.jpg 200w\" sizes=\"(max-width: 953px) 100vw, 953px\" \/><\/a><figcaption class=\"wp-element-caption\">Figure 2 List of languages supported by Semgrep<\/figcaption><\/figure>\n<\/div>\n\n\n<p>As shown in the figure below, scan the code with Semgrep. The result shows that there is a line of eval($arg) code in src\/test.php, which has command injection vulnerabilities:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-3.jpg\"><img decoding=\"async\" width=\"857\" height=\"682\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-3.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-25039\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-3.jpg 857w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-3-300x239.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-3-768x611.jpg 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-3-600x477.jpg 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-3-200x159.jpg 200w\" sizes=\"(max-width: 857px) 100vw, 857px\" \/><\/a><figcaption class=\"wp-element-caption\">Figure 3 Semgrep scanning results<\/figcaption><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\"><strong>2. Dependency Checkers<\/strong><\/h2>\n\n\n\n<p>Dependency checking is mainly used to find vulnerable components on which the project code depends. The main step is to first identify the open source components used by the software and then compare them with a database of known vulnerabilities to check for any publicly disclosed vulnerabilities in these dependencies. This is called SCA, or <a href=\"https:\/\/nsfocusglobal.com\/pt-br\/key-technologies-for-software-supply-chain-security-detection-techniques-part-1-software-composition-analysis\/\" target=\"_blank\" rel=\"noreferrer noopener\">Software Composition Analysis<\/a>.<\/p>\n\n\n\n<p>Finally, OSV-Scanner was selected from the following contestants.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-4.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"981\" height=\"433\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-4.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-25041\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-4.jpg 981w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-4-300x132.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-4-768x339.jpg 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-4-600x265.jpg 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-4-200x88.jpg 200w\" sizes=\"(max-width: 981px) 100vw, 981px\" \/><\/a><figcaption class=\"wp-element-caption\">Figure 4 Contestants of Dependency Checkers<\/figcaption><\/figure>\n<\/div>\n\n\n<p><\/p>\n\n\n\n<p>OSV-Scanner uses Google-maintained OSV database (open source vulnerability library), supports 13 languages, and can scan specified SBOM and lockfile files. OSV-Scanner is growing in popularity and community support:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-5.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"950\" height=\"389\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-5.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-25043\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-5.jpg 950w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-5-300x123.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-5-768x314.jpg 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-5-600x246.jpg 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-5-200x82.jpg 200w\" sizes=\"(max-width: 950px) 100vw, 950px\" \/><\/a><figcaption class=\"wp-element-caption\">Figure 5 Stargazers over time of OSV-Scanner<\/figcaption><\/figure>\n<\/div>\n\n\n<p>As shown in the figure below, use osv-scanner to scan npm lockfile. It scanned 1,531 software packages and found some security issues. Each question has an OSV URL (ID of the security vulnerability) to provide more information about the vulnerabilities, and also lists the package name and version number associated with each vulnerability.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-6.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"256\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-6-1024x256.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-25045\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-6-1024x256.jpg 1024w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-6-300x75.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-6-768x192.jpg 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-6-600x150.jpg 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-6-200x50.jpg 200w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-6.jpg 1069w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><figcaption class=\"wp-element-caption\">Figure 6 Use osv-scanner to scan the output of npm lockfile<\/figcaption><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\"><strong>3. Infrastructure as Code Scanners<\/strong><\/h2>\n\n\n\n<p>Infrastructure scanning, which treats the configuration and management of infrastructure as code, is mainly to detect security configuration errors before the code is submitted to the cloud. These errors may include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Missing encryption<\/li>\n\n\n\n<li>Broad permissions<\/li>\n\n\n\n<li>No logging<\/li>\n\n\n\n<li>Default settings<\/li>\n<\/ul>\n\n\n\n<p>Finally, KICS was selected from the following contestants.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-7.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"627\" height=\"251\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-7.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-25047\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-7.jpg 627w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-7-300x120.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-7-600x240.jpg 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-7-200x80.jpg 200w\" sizes=\"(max-width: 627px) 100vw, 627px\" \/><\/a><figcaption class=\"wp-element-caption\">Figure 7 Contestants of IaC Scanners<\/figcaption><\/figure>\n<\/div>\n\n\n<p>KICS supports 18 frameworks and provides 200+ built-in remediation recipes. It can run everywhere (IDE plugin, local, CI)<\/p>\n\n\n\n<p>Below is an example of creating an EBS volume in Terraform:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-8.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"730\" height=\"461\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-8.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-25049\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-8.jpg 730w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-8-300x189.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-8-600x379.jpg 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-8-200x126.jpg 200w\" sizes=\"(max-width: 730px) 100vw, 730px\" \/><\/a><figcaption class=\"wp-element-caption\">Figure 8 Create an EBS volume in Terraform<\/figcaption><\/figure>\n<\/div>\n\n\n<p>KICS can scan two medium-risk vulnerabilities, one is undefined by IAM Access Analyzer and the other is that encryption of EBS volume is not enabled.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-9.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"528\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-9-1024x528.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-25051\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-9-1024x528.jpg 1024w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-9-300x155.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-9-768x396.jpg 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-9-600x309.jpg 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-9-200x103.jpg 200w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-9.jpg 1080w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><figcaption class=\"wp-element-caption\">Figure 9 KICS scanning results<\/figcaption><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\"><strong>4. Container Scanning<\/strong><\/h2>\n\n\n\n<p>The main purpose of container scanning is to detect vulnerabilities and configuration issues in container images.<\/p>\n\n\n\n<p>Finally, Trivy was selected from the following contestants.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-10.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"955\" height=\"358\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-10.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-25053\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-10.jpg 955w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-10-300x112.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-10-768x288.jpg 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-10-600x225.jpg 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-10-200x75.jpg 200w\" sizes=\"(max-width: 955px) 100vw, 955px\" \/><\/a><figcaption class=\"wp-element-caption\">Figure 10 Contestants of Container Scanning<\/figcaption><\/figure>\n<\/div>\n\n\n<p>Trivy supports scanning container images, file systems, git repositories, virtual machines, etc. It can also generate SBOMs. The following figure shows the vulnerabilities discovered by Trivy scanning wordpress images. A total of 3 vulnerabilities were found, namely CVE-2021-33574, CVE-2022-23218 and CVE-2022-23219.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-11.jpg\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-11-1024x283.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-25055\" width=\"840\" height=\"232\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-11-1024x283.jpg 1024w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-11-300x83.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-11-768x213.jpg 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-11-600x166.jpg 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-11-200x55.jpg 200w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-11.jpg 1080w\" sizes=\"(max-width: 840px) 100vw, 840px\" \/><\/a><figcaption class=\"wp-element-caption\">Figure 11 Results of Trivy scanning WordPress image<\/figcaption><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\"><strong>5. Runtime Scanning<\/strong><\/h2>\n\n\n\n<p>Runtime scanning refers to discovering vulnerabilities when Web applications or APIs are running. Runtime scanning typically uses Dynamic Application Security Testing (DAST) to simulate attacks and detect vulnerabilities in applications or APIs. Finally, ZAP was selected from the following contestants.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-12.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"748\" height=\"295\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-12.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-25057\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-12.jpg 748w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-12-300x118.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-12-600x237.jpg 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-12-200x79.jpg 200w\" sizes=\"(max-width: 748px) 100vw, 748px\" \/><\/a><figcaption class=\"wp-element-caption\">Figure 12 Contestants of Running Scanning<\/figcaption><\/figure>\n<\/div>\n\n\n<p>ZAP can detect OWASP Top 10 risks and also includes more than 250 curated rules. ZAP is also one of Github&#8217;s top 1,000 projects, very popular and has a large community. As shown in the figure below, ZAP has detected an XSS vulnerability and gives a description of the vulnerability, risk level and possible solutions. In addition, the output includes detailed information about vulnerabilities, such as the location of vulnerability discovery, parameters, and values of parameters that can trigger vulnerabilities. This information can help developers better understand and fix vulnerabilities. Finally, reference links are included in the output that provide more information about vulnerabilities.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-13.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"479\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-13-1024x479.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-25059\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-13-1024x479.jpg 1024w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-13-300x140.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-13-768x359.jpg 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-13-600x281.jpg 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-13-200x94.jpg 200w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Figure-13.jpg 1080w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><figcaption class=\"wp-element-caption\">Figure 13 Scanning results of ZAP<\/figcaption><\/figure>\n<\/div>\n\n\n<p><a href=\"https:\/\/nsfocusglobal.com\/pt-br\/software-supply-chain-security-solution-supply-chain-security-supervision-part-2\/\"><\/a>Companies usually have relevant tools and process systems for code auditing and penetration testing, but these open-source security tools can also be used for self-inspection during development to find various security problems in codes, dependencies, configurations and images and fix them in time, avoiding the accumulation of security problems until they are exposed at a later stage. They can be helpful to improve the efficiency and overall security of the project. Of course, when using open source software, <a href=\"https:\/\/nsfocusglobal.com\/pt-br\/software-supply-chain-security-solution-supply-chain-security-supervision-part-2\/\">open source software risk monitoring<\/a> should also be done well.<\/p>\n\n\n\n<p>REFERENCE<\/p>\n\n\n\n<p>[1]&nbsp;<a href=\"https:\/\/www.rsaconference.com\/library\/Presentation\/USA\/2023\/5%20Open%20Source%20Security%20Tools%20All%20Developers%20Should%20Know%20About\">5 Open Source Security Tools All Developers Should Know About<\/a><\/p>\n<\/body><\/html>\n","protected":false},"excerpt":{"rendered":"<p>In the process of developing code, developers will worry about whether there are security problems in the image of code, dependencies and projects packaged. In the RSAC 2023 this year, David Melamed and Luke O&#8217;Malley recommended five open source security tools in their speech &#8220;5 Open Source Security Tools All Developers Should Know About&#8221;. When [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":25063,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[3],"tags":[675],"class_list":["post-25034","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-supply-chain-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>An Insight into RSA 2023: 5 Open Source Security Tools All Developers Should Know About - NSFOCUS<\/title>\n<meta name=\"description\" content=\"In the process of developing code, developers will worry about whether there are security problems in the image of code, dependencies and projects packaged. In the RSAC 2023 this year, David Melamed and Luke O&#039;Malley recommended five open source security tools in their speech &quot;5 Open Source Security Tools All Developers Should Know About&quot;.\" \/>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"An Insight into RSA 2023: 5 Open Source Security Tools All Developers Should Know About - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"In the process of developing code, developers will worry about whether there are security problems in the image of code, dependencies and projects packaged. In the RSAC 2023 this year, David Melamed and Luke O&#039;Malley recommended five open source security tools in their speech &quot;5 Open Source Security Tools All Developers Should Know About&quot;.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/an-insight-into-rsa-2023-5-open-source-security-tools-all-developers-should-know-about\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2023-07-06T15:30:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-17T18:07:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Open-Source.jpg\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"An Insight into RSA 2023: 5 Open Source Security Tools All Developers Should Know About - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"In the process of developing code, developers will worry about whether there are security problems in the image of code, dependencies and projects packaged. In the RSAC 2023 this year, David Melamed and Luke O&#039;Malley recommended five open source security tools in their speech &quot;5 Open Source Security Tools All Developers Should Know About&quot;.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Open-Source.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/an-insight-into-rsa-2023-5-open-source-security-tools-all-developers-should-know-about\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/an-insight-into-rsa-2023-5-open-source-security-tools-all-developers-should-know-about\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\"},\"headline\":\"An Insight into RSA 2023: 5 Open Source Security Tools All Developers Should Know About\",\"datePublished\":\"2023-07-06T15:30:00+00:00\",\"dateModified\":\"2026-04-17T18:07:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/an-insight-into-rsa-2023-5-open-source-security-tools-all-developers-should-know-about\\\/\"},\"wordCount\":983,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/an-insight-into-rsa-2023-5-open-source-security-tools-all-developers-should-know-about\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2023\\\/07\\\/Open-Source.jpg\",\"keywords\":[\"supply chain security;\"],\"articleSection\":[\"Blog\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/an-insight-into-rsa-2023-5-open-source-security-tools-all-developers-should-know-about\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/an-insight-into-rsa-2023-5-open-source-security-tools-all-developers-should-know-about\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/an-insight-into-rsa-2023-5-open-source-security-tools-all-developers-should-know-about\\\/\",\"name\":\"An Insight into RSA 2023: 5 Open Source Security Tools All Developers Should Know About - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/an-insight-into-rsa-2023-5-open-source-security-tools-all-developers-should-know-about\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/an-insight-into-rsa-2023-5-open-source-security-tools-all-developers-should-know-about\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2023\\\/07\\\/Open-Source.jpg\",\"datePublished\":\"2023-07-06T15:30:00+00:00\",\"dateModified\":\"2026-04-17T18:07:40+00:00\",\"description\":\"In the process of developing code, developers will worry about whether there are security problems in the image of code, dependencies and projects packaged. In the RSAC 2023 this year, David Melamed and Luke O'Malley recommended five open source security tools in their speech \\\"5 Open Source Security Tools All Developers Should Know About\\\".\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/an-insight-into-rsa-2023-5-open-source-security-tools-all-developers-should-know-about\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/an-insight-into-rsa-2023-5-open-source-security-tools-all-developers-should-know-about\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/an-insight-into-rsa-2023-5-open-source-security-tools-all-developers-should-know-about\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2023\\\/07\\\/Open-Source.jpg\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2023\\\/07\\\/Open-Source.jpg\",\"width\":400,\"height\":274,\"caption\":\"Open source concept with related keywords cloud.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/an-insight-into-rsa-2023-5-open-source-security-tools-all-developers-should-know-about\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"An Insight into RSA 2023: 5 Open Source Security Tools All Developers Should Know About\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/nsfocusglobal.com\"],\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"An Insight into RSA 2023: 5 Open Source Security Tools All Developers Should Know About - NSFOCUS","description":"In the process of developing code, developers will worry about whether there are security problems in the image of code, dependencies and projects packaged. In the RSAC 2023 this year, David Melamed and Luke O'Malley recommended five open source security tools in their speech \"5 Open Source Security Tools All Developers Should Know About\".","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"pt_BR","og_type":"article","og_title":"An Insight into RSA 2023: 5 Open Source Security Tools All Developers Should Know About - NSFOCUS","og_description":"In the process of developing code, developers will worry about whether there are security problems in the image of code, dependencies and projects packaged. In the RSAC 2023 this year, David Melamed and Luke O&#039;Malley recommended five open source security tools in their speech &quot;5 Open Source Security Tools All Developers Should Know About&quot;.","og_url":"https:\/\/nsfocusglobal.com\/an-insight-into-rsa-2023-5-open-source-security-tools-all-developers-should-know-about\/","og_site_name":"NSFOCUS","article_published_time":"2023-07-06T15:30:00+00:00","article_modified_time":"2026-04-17T18:07:40+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Open-Source.jpg","type":"","width":"","height":""}],"author":"admin","twitter_card":"summary_large_image","twitter_title":"An Insight into RSA 2023: 5 Open Source Security Tools All Developers Should Know About - NSFOCUS","twitter_description":"In the process of developing code, developers will worry about whether there are security problems in the image of code, dependencies and projects packaged. In the RSAC 2023 this year, David Melamed and Luke O&#039;Malley recommended five open source security tools in their speech &quot;5 Open Source Security Tools All Developers Should Know About&quot;.","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Open-Source.jpg","twitter_misc":{"Escrito por":"admin","Est. tempo de leitura":"7 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/an-insight-into-rsa-2023-5-open-source-security-tools-all-developers-should-know-about\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/an-insight-into-rsa-2023-5-open-source-security-tools-all-developers-should-know-about\/"},"author":{"name":"admin","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d"},"headline":"An Insight into RSA 2023: 5 Open Source Security Tools All Developers Should Know About","datePublished":"2023-07-06T15:30:00+00:00","dateModified":"2026-04-17T18:07:40+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/an-insight-into-rsa-2023-5-open-source-security-tools-all-developers-should-know-about\/"},"wordCount":983,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/an-insight-into-rsa-2023-5-open-source-security-tools-all-developers-should-know-about\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Open-Source.jpg","keywords":["supply chain security;"],"articleSection":["Blog"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/an-insight-into-rsa-2023-5-open-source-security-tools-all-developers-should-know-about\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/an-insight-into-rsa-2023-5-open-source-security-tools-all-developers-should-know-about\/","url":"https:\/\/nsfocusglobal.com\/an-insight-into-rsa-2023-5-open-source-security-tools-all-developers-should-know-about\/","name":"An Insight into RSA 2023: 5 Open Source Security Tools All Developers Should Know About - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/an-insight-into-rsa-2023-5-open-source-security-tools-all-developers-should-know-about\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/an-insight-into-rsa-2023-5-open-source-security-tools-all-developers-should-know-about\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Open-Source.jpg","datePublished":"2023-07-06T15:30:00+00:00","dateModified":"2026-04-17T18:07:40+00:00","description":"In the process of developing code, developers will worry about whether there are security problems in the image of code, dependencies and projects packaged. In the RSAC 2023 this year, David Melamed and Luke O'Malley recommended five open source security tools in their speech \"5 Open Source Security Tools All Developers Should Know About\".","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/an-insight-into-rsa-2023-5-open-source-security-tools-all-developers-should-know-about\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/an-insight-into-rsa-2023-5-open-source-security-tools-all-developers-should-know-about\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/an-insight-into-rsa-2023-5-open-source-security-tools-all-developers-should-know-about\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Open-Source.jpg","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/07\/Open-Source.jpg","width":400,"height":274,"caption":"Open source concept with related keywords cloud."},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/an-insight-into-rsa-2023-5-open-source-security-tools-all-developers-should-know-about\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"An Insight into RSA 2023: 5 Open Source Security Tools All Developers Should Know About"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website","url":"https:\/\/nsfocusglobal.com\/pt-br\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/pt-br\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/pt-br\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d","name":"admin","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/nsfocusglobal.com"],"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/25034","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=25034"}],"version-history":[{"count":0,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/25034\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/25063"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=25034"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=25034"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=25034"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}