Security

Security

128 bookmarks
Custom sorting
Less is safer: how Obsidian reduces the risk of supply chain attacks
Less is safer: how Obsidian reduces the risk of supply chain attacks
Supply chain attacks are malicious updates that sneak into open source code used by many apps. Here’s how we design Obsidian to ensure that the app is a secure and private environment for your thoughts.
·obsidian.md·
Less is safer: how Obsidian reduces the risk of supply chain attacks
CycloneDX Bill of Materials Standard | CycloneDX
CycloneDX Bill of Materials Standard | CycloneDX
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. The specification supports Software Bill of Materials (SBOM), Software-as-a-Service Bill of Materials (SaaSBOM), Hardware Bill of Materials (HBOM), Operations Bill of Materials (OBOM), Vulnerability Disclosure Reports (VDR), and Vulnerability Exploitability eXchange (VEX).
·cyclonedx.org·
CycloneDX Bill of Materials Standard | CycloneDX
Lessons from npm's Security Failures
Lessons from npm's Security Failures
Recent npm security incidents reveal fundamental flaws in package manager design. Here's how every package manager should implement security measures to prevent supply chain attacks and protect developers.
·oneuptime.com·
Lessons from npm's Security Failures
The Hacker Recipes
The Hacker Recipes
Comprehensive cybersecurity guides and strategies for ethical hacking and penetration testing
·thehacker.recipes·
The Hacker Recipes
App Keys & Secrets: Security · Airship Docs
App Keys & Secrets: Security · Airship Docs
In order for your app to communicate with the Airship API it must use a key and secret combination that authenticates it to your Airship app setup.
·docs.airship.com·
App Keys & Secrets: Security · Airship Docs
Hidden Messages in Emojis and Hacking the US Treasury
Hidden Messages in Emojis and Hacking the US Treasury
On December 30th, while most of us were preparing for a New Year’s Eve celebration, the US Treasury was prepping a notice to lawmakers to notify them that their systems, which (obviously) contain highly sensitive, confidential data, had been compromised.
·slamdunksoftware.substack.com·
Hidden Messages in Emojis and Hacking the US Treasury
Google dork cheatsheet
Google dork cheatsheet
Google dork cheatsheet. GitHub Gist: instantly share code, notes, and snippets.
·gist.github.com·
Google dork cheatsheet
Does SSL/TLS (https) hide the urls being accessed
Does SSL/TLS (https) hide the urls being accessed
Suppose I type this in my browser https://www.mysite.com/getsecret?username=alice&password=mysecret and an attacker is watching all traffic from me to my ISP. What information is protected by
·security.stackexchange.com·
Does SSL/TLS (https) hide the urls being accessed
When your account gets hacked, the attack probably came from a Fortune 500 data center. A report on why cloud providers don't stop attacks they could easily detect.
When your account gets hacked, the attack probably came from a Fortune 500 data center. A report on why cloud providers don't stop attacks they could easily detect.
When your account gets hacked, the attack probably came from a Fortune 500 data center. A report on why cloud providers don't stop attacks they could easily detect. - CERBERUS-REPORT-profitable...
·gist.github.com·
When your account gets hacked, the attack probably came from a Fortune 500 data center. A report on why cloud providers don't stop attacks they could easily detect.
Fia
Fia
We found vulnerabilities in the FIA's Driver Categorisation platform, allowing us to access PII and password hashes of any racing driver with a categorisation rating.
·ian.sh·
Fia
Agent of Chaos: Hijacking NodeJS’s Jenkins Agents
Agent of Chaos: Hijacking NodeJS’s Jenkins Agents
Two CI/CD vulnerabilities in the nodejs/node GitHub repository exposed Node.js to remote code execution on Jenkins agents and the potential to merge unreviewed code to the main branch of the repository.
·praetorian.com·
Agent of Chaos: Hijacking NodeJS’s Jenkins Agents
microsoft/WhatTheHack: A collection of challenge based hack-a-thons including student guide, coach guide, lecture presentations, sample/instructional code and templates. Please visit the What The Hack website at: https://aka.ms/wth
microsoft/WhatTheHack: A collection of challenge based hack-a-thons including student guide, coach guide, lecture presentations, sample/instructional code and templates. Please visit the What The Hack website at: https://aka.ms/wth
A collection of challenge based hack-a-thons including student guide, coach guide, lecture presentations, sample/instructional code and templates. Please visit the What The Hack website at: https:...
·github.com·
microsoft/WhatTheHack: A collection of challenge based hack-a-thons including student guide, coach guide, lecture presentations, sample/instructional code and templates. Please visit the What The Hack website at: https://aka.ms/wth
TLS Certificates - For The Rest Of Us
TLS Certificates - For The Rest Of Us
How does your browser know a website is legit? This post simplifies TLS, certificate validation, and the trust chain behind secure connections
·tusharf5.com·
TLS Certificates - For The Rest Of Us
API Security: Key Protocols - APIDNA
API Security: Key Protocols - APIDNA
Here we go through some of the essential protocols required for robust API security.
·apidna.ai·
API Security: Key Protocols - APIDNA