Security

Cybersecurity (security) includes controlling physical access to hardware as well as protection from attacks that come via network access, data injection, and code injection.

I wrote an article to cover this security problem https://dzone.com/articles/regular-expressions-denial.

It is a good practice that developers do Unit Testing when using Regular Expressions.

What would be the best way to back up an Algo deployment? Just thinking about all the users and configs I have and if something were to happen, would not want to redeploy configs.

Any thoughts on this?

It looks like most of the advice from the OWASP REST Cheat Sheet is discussed in this API-Security-Checklist, but OWASP talks about the importance of CORS, which is not mentioned at all in this API-Security-Checklist. Probably good to make mention. Also, the OWASP REST Cheat Sheet provides a bit more guidance regarding validation that might be good to incorporate.

https://github.com/OWASP/Che

When you're viewing a cheatsheet on the https://cheatsheetseries.owasp.org website it isn't immediately obvious that the content is pulled from GitHub, or how you could contribute to the project on the cheatsheets themselves (although there is a note at the bottom of the homepage).

Making this more obvious in the sheets themselves will encourage people to contribute (or at least raise issues).

On step 2 of Secure /etc/ssh/sshd_config, a quick and dirty way to find any duplicate parameter is with:

awk '{print $1}' /etc/ssh/sshd_config | sort | uniq -c | grep -v ' 1 '

Would it make sense to add this project to the list of password managers on Wikipedia?

Which lab is it that you're having issues with?
Lab: Docker for Java Developers

Description

When deploying Java applications in production one usually specifies the amount of memory available to the JVM (-Xmx) and other assorted configuration settings. Unfortunately, this is (usually) static configuration and therefore fixed in the container image. When specifying memory constraints

They are currently declared as contract. I don't think this is a breaking change.

Just a documentation bug I noticed.

https://www.ory.sh/docs/next/hydra/sdk/api#introspect-oauth2-tokens contains the following text:

"To perform this operation, you must be authenticated by means of one of the following methods: basic, oauth2"

This endpoint is available on the admin port and doesn't require any authentication.

Nov	DEC	Jan
	10
2018	2019	2020

Security

Here are 8,446 public repositories matching this topic...

x64dbg / x64dbg

Hack-with-Github / Awesome-Hacking

caddyserver / caddy

trimstray / the-book-of-secret-knowledge

FallibleInc / security-guide-for-developers

mitmproxy / mitmproxy

osquery / osquery

trailofbits / algo

drduh / macOS-Security-and-Privacy-Guide

StevenBlack / hosts

shieldfy / API-Security-Checklist

Developer-Y / cs-video-courses

hwdsl2 / setup-ipsec-vpn

radareorg / radare2

swisskyrepo / PayloadsAllTheThings

OWASP / CheatSheetSeries

Hacker0x01 / hacker101

trimstray / nginx-admins-handbook

digitalocean / nginxconfig.io

imthenachoman / How-To-Secure-A-Linux-Server

google / tink

wifiphisher / wifiphisher

keeweb / keeweb

docker / labs

trimstray / the-practical-linux-hardening-guide

mailpile / Mailpile

OpenZeppelin / openzeppelin-contracts

gravitational / teleport

ory / hydra

threat9 / routersploit

Security apps