Test website security with WebPageTest integration | Snyk
Sécurité
One out of every 142 passwords is '123456' | ZDNet
The '123456' password was spotted 7 million times across a data trove of one billion leaked credentials, in one of the biggest password re-use studies of its kind.
Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files
This credit card skimmer hides in plain sight, quite literally, as it resides inside the metadata of image files. We analyze the threat.
The Joy of Cryptography
Blog Stéphane Bortzmeyer: Mon fichier a-t-il été modifié pendant son voyage ?
Web Security 101: Cross-Site Scripting (XSS) Attacks - victorzhou.com
A hands-on beginner's guide to what XSS attacks are and how to prevent them.
Avoiding CSRF Attacks with API Design
Random musings from Jason Walton, software developer and sometimes photograper.
A Guide to Threat Modelling for Developers
Threat modelling is a risk based approach to cyber security requirements analysis.
A look at OWASP's top automated threats to web apps - Sqreen Blog
OWASP has documented the top means of automated attacks against web apps. Let's discuss how to stay ahead of the top OWASP automated threats.
How Not to Store Passwords
How Secure Is My Password?
How long it would take a computer to crack your password?
13 Security Tips for Front-End Apps
Lock your app down and make it less susceptible to bad actors
Crypto 101
How a badly-coded computer virus caused billions in damage
Wearing a striped shirt and Matrix-style dark glasses, Onel de Guzman stared at the floor as he made his way through a crowd of photographers into a hastily arranged press conference in Quezon City, a suburb of the Philippines capital Manila.
What is "security as code" and how can it help you? - Sqreen Blog
Security as code is another name for DevSecOps—or, focusing on security when developing your code. Read this to learn its benefits and best practices.
The Cuckoo’s Egg Decompiled Course
In the 1980’s, Cliff Stoll discovered a $0.75 accounting error on the computer systems he managed at Lawrence Berkeley Laboratory. This small discovery would eventually lead him on the year-l…
Free OWASP Top 10 Exercises
Kontra is an Application Security Training platform built for modern development teams.
10 security tips for frontend developers | Hacker Noon
Web security is a topic that is often overlooked by frontend developers. When we assess the quality of the website, we often look at metrics like performance, SEO-friendliness, and accessibility, while the website’s capacity to withstand malicious attacks often falls under the radar. And even though the sensitive user data is stored server-side and significant measures must be taken by backend developers to protect the servers, in the end, the responsibility for securing that data is shared between both backend and frontend. While sensitive data may be safely locked in a backend warehouse, the frontend holds the keys to its front door, and stealing them is often the easiest way to gain access.
Website security
This article has explained the concept of web security and some of the more common threats against which your website should attempt to protect. Most importantly, you should understand that a web application cannot trust any data from the web browser. All user data should be sanitized before it is displayed, or used in SQL queries and file system calls.
ZonesPirates.com
Sécurité/Surveillance/Hacktualité
That time the US Secret Service mistook a cyberpunk RPG for a hacker's handbook
How GURPS Cyberpunk triggered a Secret Service raid of RPG publisher Steve Jackson Games' offices.
Bienvenue [Root Me : plateforme d'apprentissage dédiée au Hacking et à la Sécurité de l'Information]
Root Me est une plateforme permettant à chacun de tester et d'améliorer ses connaissances dans le domaine de la sécurité informatique et du hacking à travers la publication de challenges, de solutions, d'articles.
Introduction · Pwning OWASP Juice Shop
sundowndev/hacker-roadmap
:pushpin: Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security. - sundownd...
The Motherboard Guide to Not Getting Hacked
Do you want to stop criminals from getting into your Gmail or Facebook account? Are you worried about the cops spying on you? We have all the answers on how to protect yourself.
Hack-with-Github/Awesome-Hacking
A collection of various awesome lists for hackers, pentesters and security researchers - Hack-with-Github/Awesome-Hacking
vaib25vicky/awesome-mobile-security
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it. - vaib25vicky/aweso...
Quitten/doser.py
DoS tool for HTTP requests (inspired by hulk but has more functionalities) - Quitten/doser.py
Company shuts down because of ransomware, leaves 300 without jobs just before holidays | ZDNet
Company tells employees to seek new employment after suspending all operations right before Christmas.
Une porte blindée sur une tente Quechua : ne nous trompons pas sur la sécurité du Web
24 jours de web : Le calendrier de l'avent des gens qui font le web d'après.