ZeroDayAttack — агрегатор AppSec-разведки
Мой собственный продукт по безопасности, который я создал и поддерживаю — работает на zerodayattack.net. Единый источник разведданных в реальном времени для AppSec-инженера: CVE, CISA KEV, EPSS, сигналы об эксплойтах, угрозы, IOC, бюллетени вендоров/PSIRT и исследования — унифицированы, нормализованы, дедуплицированы и обновляются вживую из ~85 источников. Плюс аутентифицированное рабочее пространство, превращающее разведку в действия: профили активов формируют персональную очередь патчей, со списками наблюдения/алертами, триажем, SLA по устранению и передачей в Jira/GitHub/SIEM.
Объём: Соло-разработка: конвейер сбора из ~85 источников, нормализация и порядок доверия, realtime-сайт на ISR, аутентифицированное рабочее пространство, федерация REST/STIX/TAXII и CLI.
A self-initiated security product I built and run - live at zerodayattack.net. The single real-time intelligence source an AppSec engineer checks: CVEs, CISA KEV, EPSS, exploit signals, threat actors, IOCs, vendor/PSIRT advisories and security research - unified, normalized, deduplicated, searchable and pushed live from ~85 feeds. Plus an authenticated workspace that turns intel into action: asset profiles drive a personalized patch queue, with watchlists/alerts, triage, remediation SLAs and Jira/GitHub/SIEM hand-off.
Задача
AppSec teams drown in fragmented intelligence: NVD in one place, CISA KEV in another, then EPSS, vendor PSIRTs, exploit PoCs, IOC feeds, MITRE ATT&CK and research RSS - each a different schema, cadence and trust level, and none prioritized for your specific stack. Turning that firehose into "what do I patch first, and is it actually being exploited" is manual, slow, and stale by the time it is finished. The opening was one normalized, real-time source of truth that reads as a public briefing and also drives a private remediation workflow - without a wall of false-urgency noise.
Решение
Built on Next.js 15 (App Router), TypeScript, Tailwind and Supabase (Postgres + Realtime + RLS) on Vercel. ~85 feeds are ingested on tiered Vercel crons (5-min / 30-min / daily / EPSS) into an append-only event log and merged into canonical records through a source trust order (NVD > vulnrichment > ZDI > GHSA > OSV > … > KEV > EPSS), with every outbound fetch behind an SSRF host allowlist. High-traffic public pages are ISR - served from the CDN yet still updating live, because Supabase realtime changes are merged into the TanStack Query cache; a per-request CSP-nonce "strict" mode for the workspace and a constant "content" CSP for cached pages keep both fast and locked down (anon RLS reads only; service-role key server-only). Public surfaces: a threat briefing, CVE feed, emerging-exploitation signals, CISA KEV zero-days, threat actors, IOCs, vendors, news, CWE/CVE detail, compare, search and source-health/status. The authenticated workspace turns intel into action: asset profiles personalize the patch queue, plus watchlists and alert channels, a triage bench, investigations, a query builder, remediation metrics (MTTR / SLA / burn-down) and integrations (Jira / Linear / ServiceNow / GitHub / SIEM). Federation-ready: a versioned REST API (`/api/v1`), OpenAPI docs, STIX 2.1 bundles, a TAXII 2.1 server and a CLI.
Клиент
Kiril Urbonas
“I built ZeroDayAttack because triaging vulnerabilities meant juggling NVD, KEV, EPSS, vendor advisories and exploit feeds by hand. It unifies ~85 sources into one real-time, normalized briefing, then turns it into a personalized patch queue with SLAs and Jira/GitHub hand-off. The realtime-on-ISR architecture and the SSRF/RLS/CSP hardening are exactly the standard I bring to client work.”
Kiril Urbonas
Creator & Engineer, ZeroDayAttack
zerodayattack.net
Ключевые результаты
CVE, KEV, EPSS, бюллетени, IOC, угрозы, исследования — вместе
Supabase realtime → живые обновления на CDN-страницах
Профили активов → персональная очередь патчей, SLA, триаж
REST /api/v1, OpenAPI, STIX 2.1, TAXII 2.1, CLI
Сроки
Ongoing - live and updated continuously · 2026
Завершено в 2026
Объём: Соло-разработка: конвейер сбора из ~85 источников, нормализация и порядок доверия, realtime-сайт на ISR, аутентифицированное рабочее пространство, федерация REST/STIX/TAXII и CLI.
Хотите таких же результатов для вашего бизнеса?
Я составлю чёткий план, сроки и реалистичные результаты для вашего проекта - без обязательств.
