Note: This section of the site is under heavy construction, tread carefully.

Bookmarks tagged with “security”

177 bookmarks by garrettc


django-denied

An authorization system based exclusively on allow lists

Bookmarked on #


Vault by HashiCorp

Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing.

Bookmarked on #


Django-defender

"A simple super fast django reusable app that blocks people from brute forcing login attempts."

Bookmarked on #


Startpage

Privacy focused search engine, with no tracking or search history

Bookmarked on #


QR Date

Display this QR code on your phone or tablet for photos, live streams or print it out on paper for display. The code contains a link to verify the displayed date through a cryptographic signature.

Bookmarked on #





World of Ends

"What the Internet Is and How to Stop Mistaking It for Something Else."

Bookmarked on #


Bandit security analyser

“Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates a report.”

Bookmarked on #


secure.py — secure.py 0.3.0 documentation

secure.py 🔒 is a lightweight package that adds optional security headers for Python web frameworks.

Bookmarked on #


How to win at CORS - JakeArchibald.com

"CORS (Cross-Origin Resource Sharing) is hard. It's hard because it's part of how browsers fetch stuff, and that's a set of behaviours that started with the very first web browser over thirty years ago. Since then, it's been a constant source of development; adding features, improving defaults, and papering over past mistakes without breaking too much of the web. Anyway, I figured I'd write down pretty much everything I know about CORS, and to make things interactive, I built an exciting new app:"

Bookmarked on #


Maltego

"Maltego is a comprehensive tool for graphical link analyses that offers real-time data mining and information gathering, as well as the representation of this information on a node-based graph, making patterns and multiple order connections between said information easily identifiable."

Bookmarked on #



Securing a Containerized Django Application with Let's Encrypt

In this tutorial, we'll look at how to secure a containerized Django app running behind an HTTPS Nginx proxy with Let's Encrypt SSL certificates.

Bookmarked on #


10 tips for making the Django Admin more secure

Don't take chances with app security. Here's how to protect your users.

Bookmarked on #


Solid

"Solid is a specification that lets people store their data securely in decentralized data stores called Pods. Pods are like secure personal web servers for data. When data is stored in someone's Pod, they control which people and applications can access it. "

Bookmarked on #



security.txt

A proposed standard which allows websites to define security policies

Bookmarked on #


Serenity Notes

End to end encrypted private notes.

Bookmarked on #


Himane Tech

"Tech and social media is having a big impact on our society. While many innovative technology inventions are improving our lives, there is increasing awareness on negative impacts that come with these trends, such as large-scale privacy invasion, surveillance capitalism, and tech monopolies. They lead to social media addiction, mental health issues, and are even eroding the fabric of our society. This list aggregates open-source projects that are directly related to humane tech topics."

Bookmarked on #


RouterSecurity - Router tests

Check your external IP with multiple services.

Bookmarked on #


Authentication

Some ways of combining security and usability for two-factor authentication on the web.

Bookmarked on #



Tailscale

“Private networks made easy”

Bookmarked on #


The Beer Drinker’s Guide to SAML

"Get a quick lesson in what SAML is and how logging in with SAML works, plus learn a few of the most common SAML scenarios and a rundown of configuration specifics - all explained around a Beer as a Service analogy."

Bookmarked on #


Mozilla Observatory

The Mozilla Observatory is a project designed to help developers, system administrators, and security professionals configure their sites safely and securely.

Bookmarked on #



How to fix CORS problems

"You've probably already seen errors like the following one in the JavaScript console of your browser, when trying to execute AJAX requests: At first sight, it's difficult to understand what's happening and find out where the problem is coming from."

Bookmarked on #


Osmedeus - Security scanning

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Bookmarked on #


6 buckets of prodsec

"A product security team exists to protect people and their data. We do this by making our companies products as secure as possible. Software security is hard though. As a species we are not capable of writing vuln-free software. Hell, we cannot even determine how secure or not it is with much certainty. Given that, our goal should be to maximally reduce risk. I do this by tracking the outcomes of vulns. "

Bookmarked on #


Feature policy

<blockquote> Feature Policy allows you to control which origins can use which features, both in the top-level page and in embedded frames. Essentially, you write a policy, which is an allowed list of origins for each feature. For every feature controlled by Feature Policy, the feature is only enabled in the current document or frame if its origin matches the allowed list of origins. </blockquote>

Bookmarked on #


How to Find Hidden Cameras and Spy Bugs (The Professional Way) - Sentel Tech Security

How to Find Hidden Cameras and Spy Bugs (The Professional Way) is an in depth guide on how to find and identify hidden cameras, GPS trackers, and secret audio bugs. The guide uses techniques that anyone can use, along with some low cost detectors that will find most any covert bug

Bookmarked on #



STAMPing on event-stream

"The goal of a STAMP-based analysis is to determine why the events occurred… and to identify the changes that could prevent them and similar events in the future. 1 One of my big heroes is Nancy Leveson, who did a bunch of stuff like the Therac-25 investigation and debunking N-version programming. She studies what makes software unsafe and what we can do about that. More recently she’s advocated the “STAMP model” for understanding systems."

Bookmarked on #



A collection of awesome lists, manuals, blogs, hacks, one-liners, cli/web tools and more.

"This list is a collection of various technology materials. […] It contain a lot of useful information gathered in one piece. It is intended for everyone and anyone - especially for system and network administrators, devops, pentesters or security researchers."

Bookmarked on #



Content Security Policy - An Introduction

"Content Security Policy is delivered via a HTTP response header, much like HSTS, and defines approved sources of content that the browser may load. It can be an effective countermeasure to Cross Site Scripting (XSS) attacks and is also widely supported and usually easily deployed."

Bookmarked on #


The Cliff Nest

A sci-fi story with computer security challenges built in.

Bookmarked on #


Advanced web security topics – George's Techblog

"This post discusses web security issues that I come across – so far thankfully mostly by reading about them. It is a work in progress which I’ll keep updating."

Bookmarked on #


Homoglyph Attack Generator and Punycode Converter

Irongeek's Information Security site with tutorials, articles and other information.

Bookmarked on #







How to get HTTPS working on your local development environment in 5 minutes

"Almost any website you visit today is protected by HTTPS. If yours isn’t yet, it should be. Securing your server with HTTPS also means that you can’t send requests to this server from one that isn’t protected by HTTPS. This poses a problem for developers who use a local development environment because all of them run on http://localhost out-of-the-box."

Bookmarked on #


The British Airways Breach: How Magecart Claimed 380,000 Victims

RiskIQ data shows Magecart was behind the British Airways breach by compromising javascript on the airline's website with an extremely targeted attack.

Bookmarked on #


The Untold Story of NotPetya, the Most Devastating Cyberattack in History | WIRED

It was a perfect sunny summer afternoon in Copenhagen when the world’s largest shipping conglomerate began to lose its mind. The headquarters of A.P. Møller-Maersk sits beside the breezy, cobblestoned esplanade of Copenhagen’s harbor.

Bookmarked on #