Salt Labs | Traveling with OAuth - Account Takeover on Booking.com
Software Security Report Finds JavaScript Applications Have Fewer Flaws Than Java and .NET
amark/gun: An open source cybersecurity protocol for syncing decentralized graph data.
◉ Things You Should Do Now
NPM security: preventing supply chain attacks
FallibleInc/security-guide-for-developers: Security Guide for Developers (实用性开发人员安全须知)
Appcanary - Everything you need to know about HTTP security headers
security.txt
s0md3v/XSStrike: Most advanced XSS scanner.
SecurityPolicyViolationEvent - Web APIs | MDN
terjanq/Tiny-XSS-Payloads: A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
crowdsecurity/crowdsec: CrowdSec - the open-source and participative IPS able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global CTI database to protect the user network.
The SaaS CTO Security Checklist Redux - Gold Fig — Peace of mind for infrastructure teams
Want to start hacking? Here's how to quickly dive in | GitLab
We asked one of our top 10 hacker contributors, Johan Carlsson, to share his novel approach to bug bounty hunting.
Cyberattacks Are Inevitable. Is Your Company Prepared?
Preparing for the unexpected is much easier said than done. In the case of cyberattacks, many companies have vulnerabilities in their defenses and reactions they haven’t prepared for that hackers will test. Many organizations can benefit from instituting fire drills and tabletop exercises, which test a company’s response plan at every level. These exercises will almost certainly reveal gaps in security, response plans, and employees’ familiarity with their own roles. While investing in external facilitators for these exercises will often allow for a more rigorous test separate from internal dynamics, there is guidance for organizations who wish to execute internal exercises to better prepare for a cyberattack.
Content Security Policy (CSP) - HTTP | MDN
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft, to site defacement, to malware distribution.
How to start hacking? The ultimate two path guide to information security. : hacking