terjanq/Tiny-XSS-Payloads: A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
Security
s0md3v/XSStrike: Most advanced XSS scanner.
Cryptography Guidelines
Guidance on implementing cryptography as a developer.
A beginner’s guide to running and managing custom CodeQL queries
Learn how to transform your code with custom CodeQL queries that empower you to surface security vulnerabilities and discover new insights.
A deep dive into Deno and its comparison with Node.js
Explore Deno and Node.js differences. Learn about Deno's enhanced module system, stable APIs, and security. Discover its use cases and drawbacks in the tech world.
amark/gun: An open source cybersecurity protocol for syncing decentralized graph data.
Cyberattacks Are Inevitable. Is Your Company Prepared?
Preparing for the unexpected is much easier said than done. In the case of cyberattacks, many companies have vulnerabilities in their defenses and reactions they haven’t prepared for that hackers will test. Many organizations can benefit from instituting fire drills and tabletop exercises, which test a company’s response plan at every level. These exercises will almost certainly reveal gaps in security, response plans, and employees’ familiarity with their own roles. While investing in external facilitators for these exercises will often allow for a more rigorous test separate from internal dynamics, there is guidance for organizations who wish to execute internal exercises to better prepare for a cyberattack.
From Akamai to F5 to NTLM... with love.
In this post, I am going to show the readers how I was able to abuse Akamai so I could abuse F5 to steal internal data including authorization and session tokens from their customers.
The 10 Types of Authorization
The 10 types of authorization and how to identify them.
State of Cloud Security | Datadog
We analyzed data from thousands of organizations to understand the latest trends in cloud security posture.
GitHub - protectai/ai-exploits: A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities
A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities - GitHub - protectai/ai-exploits: A collection of real world AI/ML exploits for responsibly disclosed vulnerabil...
Rego 101: Introduction to Rego | Snyk
Learn how to write your first policy as code rules in Rego. This Rego tutorial for beginners covers the basics of Rego syntax and using OPA.
Cybersecurity: What Every CEO and CFO Should Know | Toptal®
This article outlines cybersecurity challenges such as vendor security and the rise of IoT. Solutions include real-time intelligence and cyber-insurance.
How to Fortify Your Docker Containers: A Guide to Advanced Security Practices
Introduction DevOps has been rapidly evolving in the software development landscape, and from the cornerstone Docker has emerged. Its ability to package applications into portable, scalable containers has taken deployment strategies to the next level. However, with this power, comes the responsibility of securing the containers. In this blog, we dive deep into advanced techniques and best practices for securing Docker containers, ensuring your deployments are not just efficient but also fortified against a variety of cyber threats.
The Spelling Police: Searching for Malicious HTTP Servers by Identifying Typos in HTTP Responses
At Fox-IT (part of NCC Group) identifying servers that host nefarious activities is a critical aspect of our threat intelligence. One approach involves looking for anomalies in responses of HTTP se…
Intro to AI Security Part 1: AI Security 101
For at least two years now I have been complaining about the lack of Artificial Intelligence (AI) Security resources. I complain about many…
CSS Fingerprint
CSS fingerprinting, no JS required!