Found 128 bookmarks
Newest
CyberChef
CyberChef
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
·gchq.github.io·
CyberChef
Less is safer: how Obsidian reduces the risk of supply chain attacks
Less is safer: how Obsidian reduces the risk of supply chain attacks
Supply chain attacks are malicious updates that sneak into open source code used by many apps. Here’s how we design Obsidian to ensure that the app is a secure and private environment for your thoughts.
·obsidian.md·
Less is safer: how Obsidian reduces the risk of supply chain attacks
CycloneDX Bill of Materials Standard | CycloneDX
CycloneDX Bill of Materials Standard | CycloneDX
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. The specification supports Software Bill of Materials (SBOM), Software-as-a-Service Bill of Materials (SaaSBOM), Hardware Bill of Materials (HBOM), Operations Bill of Materials (OBOM), Vulnerability Disclosure Reports (VDR), and Vulnerability Exploitability eXchange (VEX).
·cyclonedx.org·
CycloneDX Bill of Materials Standard | CycloneDX
Lessons from npm's Security Failures
Lessons from npm's Security Failures
Recent npm security incidents reveal fundamental flaws in package manager design. Here's how every package manager should implement security measures to prevent supply chain attacks and protect developers.
·oneuptime.com·
Lessons from npm's Security Failures
The Hacker Recipes
The Hacker Recipes
Comprehensive cybersecurity guides and strategies for ethical hacking and penetration testing
·thehacker.recipes·
The Hacker Recipes
XBOW – The road to Top 1: How XBOW did it
XBOW – The road to Top 1: How XBOW did it
For the first time in bug bounty history, an autonomous penetration tester has reached the top spot on the US leaderboard.
·xbow.com·
XBOW – The road to Top 1: How XBOW did it
Agent of Chaos: Hijacking NodeJS’s Jenkins Agents
Agent of Chaos: Hijacking NodeJS’s Jenkins Agents
Two CI/CD vulnerabilities in the nodejs/node GitHub repository exposed Node.js to remote code execution on Jenkins agents and the potential to merge unreviewed code to the main branch of the repository.
·praetorian.com·
Agent of Chaos: Hijacking NodeJS’s Jenkins Agents
App Keys & Secrets: Security · Airship Docs
App Keys & Secrets: Security · Airship Docs
In order for your app to communicate with the Airship API it must use a key and secret combination that authenticates it to your Airship app setup.
·docs.airship.com·
App Keys & Secrets: Security · Airship Docs
microsoft/WhatTheHack: A collection of challenge based hack-a-thons including student guide, coach guide, lecture presentations, sample/instructional code and templates. Please visit the What The Hack website at: https://aka.ms/wth
microsoft/WhatTheHack: A collection of challenge based hack-a-thons including student guide, coach guide, lecture presentations, sample/instructional code and templates. Please visit the What The Hack website at: https://aka.ms/wth
A collection of challenge based hack-a-thons including student guide, coach guide, lecture presentations, sample/instructional code and templates. Please visit the What The Hack website at: https:...
·github.com·
microsoft/WhatTheHack: A collection of challenge based hack-a-thons including student guide, coach guide, lecture presentations, sample/instructional code and templates. Please visit the What The Hack website at: https://aka.ms/wth
Hidden Messages in Emojis and Hacking the US Treasury
Hidden Messages in Emojis and Hacking the US Treasury
On December 30th, while most of us were preparing for a New Year’s Eve celebration, the US Treasury was prepping a notice to lawmakers to notify them that their systems, which (obviously) contain highly sensitive, confidential data, had been compromised.
·slamdunksoftware.substack.com·
Hidden Messages in Emojis and Hacking the US Treasury
TLS Certificates - For The Rest Of Us
TLS Certificates - For The Rest Of Us
How does your browser know a website is legit? This post simplifies TLS, certificate validation, and the trust chain behind secure connections
·tusharf5.com·
TLS Certificates - For The Rest Of Us
API Security: Key Protocols - APIDNA
API Security: Key Protocols - APIDNA
Here we go through some of the essential protocols required for robust API security.
·apidna.ai·
API Security: Key Protocols - APIDNA