paragonie / awesome-appsec Goto Github PK
View Code? Open in Web Editor NEWA curated list of resources for learning about application security
Home Page: https://paragonie.com/projects
License: MIT License
A curated list of resources for learning about application security
Home Page: https://paragonie.com/projects
License: MIT License
Are there any recommended Python books, articles, blogs, etc.?
Have you thought about adding an appsec conferences section?
JSON:
Examples: NOK(broken link)
JSON:
Examples: OK
Workaround: Add this snippet or similar task between lines 237/238 (suggestion).
src/Util.php
if (\array_key_exists('name', $fd)) {
if (isset($fd['name'])) {
$fd['name'] = preg_replace('/\-/', ' ', $fd['name']);
}
Is there a place for this on awesome-appsec?
This API has been unmaintained for several years, I'm the new owner and keeping it maintained now
Interested in a PR?
Idk
Note to myself for later: Chargen has moved, now it's the NCC Group blog. I should remember to update this tonight.
Just wondering if this list is still maintained, or if not could i help maintain it?
Since not everything on the list is free, I'm thinking about making the compiler mark the non-free ones.
For example:
{
"date": "2010-01-23",
"free": false,
"name": "....",
"remark": "Read this and you can avoid the rest of this list forever!",
"url": "http://omfgdogs.com"
}
And have it indicate non-free in the markdown somehow. (An image would probably be best!)
https://crackstation.net/hashing-security.htm
http://insanecoding.blogspot.co.uk/2014/05/a-good-idea-with-bad-usage-devurandom.html
http://www.cyberciti.biz/tips/php-security-best-practices-tutorial.html
http://blog.astrumfutura.com/2013/04/20-point-list-for-preventing-cross-site-scripting-in-php
https://timoh6.github.io/2014/06/16/PHP-data-encryption-cheatsheet.html
https://timoh6.github.io/WebAppSecQuiz/index.html
http://lzone.de/cheat-sheet/Security-News-Feeds
A curated list of cryptography resources and links.
https://github.com/sobolevn/awesome-cryptography
Secure passwords in several languages/frameworks, I think this might be useful to some people.
Maybe there's a place for it here somewhere!
Hello, I wrote a tool that can validate README links (valid URLs, not duplicate). It can be run when someone submits a pull request.
It is currently being used by
Examples
If you are interested, connect this repo to https://travis-ci.org/ and add a .travis.yml
file to the project.
See https://github.com/dkhamsing/awesome_bot for options, more information
Feel free to leave a comment ๐
I think https://github.com/ircmaxell/RandomLib library serves the needs than using urandom.
{
"date": "2023-01-1",
"free": true,
"name": "Angela",
"remark": "Received a 404 error on the CIS 4930 link.",
"url": "https://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/"
}
CERT C Coding Standard: https://www.securecoding.cert.org/confluence/display/c/CERT+C+Coding+Standard
CERT C++ Coding Standard: https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=637
Android, Java, Perl: https://www.securecoding.cert.org/confluence/spacedirectory/view.action
Although, historically, we've maintained an open inquiry for reading material suggestions in other languages, creating an issue for each and every language isn't feasible. For general purpose application security material suggestions, please feel free to leave a comment here or open a pull request.
Are there any great articles, books, blogs, etc. for writing secure Node.js software? If so, let us know and we'll add them to the list.
After running src/compiler.php the date is ignored:
$ grep -r date data/C/books-and-ebooks/0002-fedora-defensive-coding.json
"date": "2012",
- * [Defensive Coding: A Guide to Improving Software Security by the Fedora Security Team](#defensive-coding-a-guide-to-improving-software-security-by-the-fedora-security-team-2018) (2018)
+ * [Defensive Coding: A Guide to Improving Software Security by the Fedora Security Team](#defensive-coding-a-guide-to-improving-software-security-by-the-fedora-security-team-2019) (2019)
if (!empty($fd['date'])) {
$dt = new \DateTime($fd['date']);
$header .= ' ('.$dt->format('Y').')';
}
Instead of just using the year, it seems working when date matches the pattern "YYYY-MM"
OK: Four digit year and month (GNU) YY "-" mm "2008-6", "2008-06", "1978-12"
NOK: Year (and just the year) YY "1978", "2008"
https://www.php.net/manual/pt_BR/datetime.construct.php#123882
https://www.php.net/manual/pt_BR/datetime.construct.php#119591
https://www.php.net/manual/en/datetime.formats.date.php)
Include optional fields and examples.
ModSecurity is a pretty decent open-source WAF that can be placed in front of applications. Can this be added to this repo? https://modsecurity.org/
Also OWASP updated its cheatsheet series and placed them on Github, these are a good resource as well: https://github.com/OWASP/CheatSheetSeries/tree/master/cheatsheets
***Can I make a pull request that adds 1 or both of these to the repo?
I have been maintaining a small web application specific quiz at http://timoh6.github.io/WebAppSecQuiz/ (tests knowledge about different kind of quirks and so on regarding to web application security).
Maybe this could be used on the list? Under "General"?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.