Note: This section of the site is under heavy construction, tread carefully.
177 bookmarks by garrettc
Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing.
Bookmarked on • #
"A simple super fast django reusable app that blocks people from brute forcing login attempts."
Bookmarked on • #
Bookmarked on • #
Bookmarked on • #
Bookmarked on • #
"What the Internet Is and How to Stop Mistaking It for Something Else."
Bookmarked on • #
“Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates a report.”
Bookmarked on • #
secure.py 🔒 is a lightweight package that adds optional security headers for Python web frameworks.
Bookmarked on • #
"CORS (Cross-Origin Resource Sharing) is hard. It's hard because it's part of how browsers fetch stuff, and that's a set of behaviours that started with the very first web browser over thirty years ago. Since then, it's been a constant source of development; adding features, improving defaults, and papering over past mistakes without breaking too much of the web. Anyway, I figured I'd write down pretty much everything I know about CORS, and to make things interactive, I built an exciting new app:"
Bookmarked on • #
"Maltego is a comprehensive tool for graphical link analyses that offers real-time data mining and information gathering, as well as the representation of this information on a node-based graph, making patterns and multiple order connections between said information easily identifiable."
Bookmarked on • #
In this tutorial, we'll deploy a Django app to AWS EC2 with Docker and Let's Encrypt.
Bookmarked on • #
In this tutorial, we'll look at how to secure a containerized Django app running behind an HTTPS Nginx proxy with Let's Encrypt SSL certificates.
Bookmarked on • #
Don't take chances with app security. Here's how to protect your users.
Bookmarked on • #
Bookmarked on • #
A proposed standard which allows websites to define security policies
Bookmarked on • #
"Tech and social media is having a big impact on our society. While many innovative technology inventions are improving our lives, there is increasing awareness on negative impacts that come with these trends, such as large-scale privacy invasion, surveillance capitalism, and tech monopolies. They lead to social media addiction, mental health issues, and are even eroding the fabric of our society. This list aggregates open-source projects that are directly related to humane tech topics."
Bookmarked on • #
Some ways of combining security and usability for two-factor authentication on the web.
Bookmarked on • #
"Get a quick lesson in what SAML is and how logging in with SAML works, plus learn a few of the most common SAML scenarios and a rundown of configuration specifics - all explained around a Beer as a Service analogy."
Bookmarked on • #
The Mozilla Observatory is a project designed to help developers, system administrators, and security professionals configure their sites safely and securely.
Bookmarked on • #
A parable of security.
Bookmarked on • #
"You've probably already seen errors like the following one in the JavaScript console of your browser, when trying to execute AJAX requests: At first sight, it's difficult to understand what's happening and find out where the problem is coming from."
Bookmarked on • #
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Bookmarked on • #
"A product security team exists to protect people and their data. We do this by making our companies products as secure as possible. Software security is hard though. As a species we are not capable of writing vuln-free software. Hell, we cannot even determine how secure or not it is with much certainty. Given that, our goal should be to maximally reduce risk. I do this by tracking the outcomes of vulns. "
Bookmarked on • #
<blockquote> Feature Policy allows you to control which origins can use which features, both in the top-level page and in embedded frames. Essentially, you write a policy, which is an allowed list of origins for each feature. For every feature controlled by Feature Policy, the feature is only enabled in the current document or frame if its origin matches the allowed list of origins. </blockquote>
Bookmarked on • #
How to Find Hidden Cameras and Spy Bugs (The Professional Way) is an in depth guide on how to find and identify hidden cameras, GPS trackers, and secret audio bugs. The guide uses techniques that anyone can use, along with some low cost detectors that will find most any covert bug
Bookmarked on • #
Bookmarked on • #
"The goal of a STAMP-based analysis is to determine why the events occurred… and to identify the changes that could prevent them and similar events in the future. 1 One of my big heroes is Nancy Leveson, who did a bunch of stuff like the Therac-25 investigation and debunking N-version programming. She studies what makes software unsafe and what we can do about that. More recently she’s advocated the “STAMP model” for understanding systems."
Bookmarked on • #
Bookmarked on • #
"This list is a collection of various technology materials. […] It contain a lot of useful information gathered in one piece. It is intended for everyone and anyone - especially for system and network administrators, devops, pentesters or security researchers."
Bookmarked on • #
Bookmarked on • #
"Content Security Policy is delivered via a HTTP response header, much like HSTS, and defines approved sources of content that the browser may load. It can be an effective countermeasure to Cross Site Scripting (XSS) attacks and is also widely supported and usually easily deployed."
Bookmarked on • #
"This post discusses web security issues that I come across – so far thankfully mostly by reading about them. It is a work in progress which I’ll keep updating."
Bookmarked on • #
Irongeek's Information Security site with tutorials, articles and other information.
Bookmarked on • #
Bookmarked on • #
Bookmarked on • #
Covers programming, business, theory, gaming, security, and more.
Bookmarked on • #
Bookmarked on • #
Bookmarked on • #
"Almost any website you visit today is protected by HTTPS. If yours isn’t yet, it should be. Securing your server with HTTPS also means that you can’t send requests to this server from one that isn’t protected by HTTPS. This poses a problem for developers who use a local development environment because all of them run on http://localhost out-of-the-box."
Bookmarked on • #
RiskIQ data shows Magecart was behind the British Airways breach by compromising javascript on the airline's website with an extremely targeted attack.
Bookmarked on • #
It was a perfect sunny summer afternoon in Copenhagen when the world’s largest shipping conglomerate began to lose its mind. The headquarters of A.P. Møller-Maersk sits beside the breezy, cobblestoned esplanade of Copenhagen’s harbor.
Bookmarked on • #