rhetenor/awesome-awesomeness
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updating conversion, creating readmes

Browse Source
This commit is contained in:
Jonas Zeunert
2024-04-19 23:37:46 +02:00
parent 3619ac710a
commit 08e75b0f0a
635 changed files with 30878 additions and 37344 deletions
Download Patch File Download Diff File Expand all files Collapse all files

108
terminal/appsec
View File

@@ -1,4 +1,4 @@
 Awesome AppSec !Awesome (https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg) (https://github.com/sindresorhus/awesome)
 Awesome AppSec !Awesome (https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg) (https://github.com/sindresorhus/awesome)
A curated list of resources for learning about application security. Contains books,
websites, blog posts, and self-assessment quizzes.
@@ -11,11 +11,11 @@
If you are an absolute beginner to the topic of software security, you may benefit
from reading A Gentle Introduction to Application Security (https://paragonie.com/blog/2015/08/gentle-introduction-application-security).
 Contributing
 Contributing
Please refer to the contributing guide for details (CONTRIBUTING.md).
 Application Security Learning Resources
 Application Security Learning Resources
  ⟡ General (#general)
@@ -30,23 +30,20 @@
 * **Cryptography Engineering** (#-cryptography-engineering-2010) (2010) !**nonfree** (img/nonfree.png) 
 * **Securing DevOps** (#-securing-devops-2018) (2018) !**nonfree** (img/nonfree.png) 
 * **Gray Hat Python: Programming for Hackers and Reverse Engineers** (#-gray-hat-python-programming-for-hackers-and-reverse-engineers-2009) (2009) !**nonfree** (img/nonfree.png) 
 * **The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities** (#-the-art-of-software-security-assessment-identifying-and-preventing-software-vulnerabilities-2006) (2006) !* 
*nonfree** (img/nonfree.png) 
 * **The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities** (#-the-art-of-software-security-assessment-identifying-and-preventing-software-vulnerabilities-2006) (2006) !**nonfree** (img/nonfree.p 
ng) 
 * **C Interfaces and Implementations: Techniques for Creating Reusable Software** (#-c-interfaces-and-implementations-techniques-for-creating-reusable-software-1996) (1996) !**nonfree** (img/nonfree.png) 
 * **Reversing: Secrets of Reverse Engineering** (#-reversing-secrets-of-reverse-engineering-2005) (2005) !**nonfree** (img/nonfree.png) 
 * **JavaScript: The Good parts** (#-javascript-the-good-parts-2008) (2008) !**nonfree** (img/nonfree.png) 
 * **Windows Internals: Including Windows Server 2008 and Windows Vista, Fifth Edition ** (#-windows-internals-including-windows-server-2008-and-windows-vista-fifth-edition-2007) (2007) !**nonfree** (img/nonfre 
e.png) 
 * **Windows Internals: Including Windows Server 2008 and Windows Vista, Fifth Edition ** (#-windows-internals-including-windows-server-2008-and-windows-vista-fifth-edition-2007) (2007) !**nonfree** (img/nonfree.png) 
 * **The Mac Hacker's Handbook** (#-the-mac-hackers-handbook-2009) (2009) !**nonfree** (img/nonfree.png) 
 * **The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler** (#-the-ida-pro-book-the-unofficial-guide-to-the-worlds-most-popular-disassembler-2008) (2008) !**nonfree** (img/nonfree.png 
) 
 * **Internetworking with TCP/IP Vol. II: ANSI C Version: Design, Implementation, and Internals (3rd Edition)** (#-internetworking-with-tcpip-vol-ii-ansi-c-version-design-implementation-and-internals-3rd-editio 
n-1998) (1998) !**nonfree** (img/nonfree.png) 
 * **Network Algorithmics,: An Interdisciplinary Approach to Designing Fast Networked Devices** (#-network-algorithmics-an-interdisciplinary-approach-to-designing-fast-networked-devices-2004) (2004) !**nonfree* 
* (img/nonfree.png) 
 * **The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler** (#-the-ida-pro-book-the-unofficial-guide-to-the-worlds-most-popular-disassembler-2008) (2008) !**nonfree** (img/nonfree.png) 
 * **Internetworking with TCP/IP Vol. II: ANSI C Version: Design, Implementation, and Internals (3rd Edition)** (#-internetworking-with-tcpip-vol-ii-ansi-c-version-design-implementation-and-internals-3rd-edition-1998) (1998) !**nonfree 
** (img/nonfree.png) 
 * **Network Algorithmics,: An Interdisciplinary Approach to Designing Fast Networked Devices** (#-network-algorithmics-an-interdisciplinary-approach-to-designing-fast-networked-devices-2004) (2004) !**nonfree** (img/nonfree.png) 
 * **Computation Structures (MIT Electrical Engineering and Computer Science)** (#-computation-structures-mit-electrical-engineering-and-computer-science-1989) (1989) !**nonfree** (img/nonfree.png) 
 * **Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection** (#-surreptitious-software-obfuscation-watermarking-and-tamperproofing-for-software-protection-2009) (2009) !* 
*nonfree** (img/nonfree.png) 
 * **Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection** (#-surreptitious-software-obfuscation-watermarking-and-tamperproofing-for-software-protection-2009) (2009) !**nonfree** (img/nonfree.p 
ng) 
 * **Secure Programming HOWTO** (#secure-programming-howto-2015) (2015) 
 * **Security Engineering - Second Edition** (#security-engineering-second-edition-2008) (2008) 
 * **Bulletproof SSL and TLS** (#-bulletproof-ssl-and-tls-2014) (2014) !**nonfree** (img/nonfree.png) 
@@ -162,7 +159,7 @@
 * **Secure Ruby Development Guide** (#secure-ruby-development-guide-2014) (2014)
 General
 General
Articles
@@ -188,8 +185,8 @@
Released: June 21, 2015
Running a business requires being cost-conscious and minimizing unnecessary spending. The benefits of ensuring in the security of your application are invisible to most companies, so often times they neglect to 
invest in secure software development as a cost-saving measure. What these companies don't realize is the potential cost (both financial and to brand reputation) a preventable data compromise can incur.
Running a business requires being cost-conscious and minimizing unnecessary spending. The benefits of ensuring in the security of your application are invisible to most companies, so often times they neglect to invest in secure software
development as a cost-saving measure. What these companies don't realize is the potential cost (both financial and to brand reputation) a preventable data compromise can incur.
The average data breach costs millions of dollars in damage.
@@ -219,8 +216,8 @@
Released: March 1, 2018
Securing DevOps explores how the techniques of DevOps and Security should be applied together to make cloud services safer. This introductory book reviews state of the art practices used in securing web 
applications and their infrastructure, and teaches you techniques to integrate security directly into your product.
Securing DevOps explores how the techniques of DevOps and Security should be applied together to make cloud services safer. This introductory book reviews state of the art practices used in securing web applications and their 
infrastructure, and teaches you techniques to integrate security directly into your product.
!nonfree (img/nonfree.png) Gray Hat Python: Programming for Hackers and Reverse Engineers (http://www.amazon.com/Gray-Hat-Python-Programming-Engineers/dp/1593271921) (2009)
@@ -228,8 +225,7 @@
!nonfree (img/nonfree.png) The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities (http://www.amazon.com/The-Software-Security-Assessment-Vulnerabilities/dp/0321444426/) 
(2006)
!nonfree (img/nonfree.png) The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities (http://www.amazon.com/The-Software-Security-Assessment-Vulnerabilities/dp/0321444426/) (2006)
Released: November 30, 2006
@@ -271,15 +267,13 @@
!nonfree (img/nonfree.png) Internetworking with TCP/IP Vol. II: ANSI C Version: Design, Implementation, and Internals (3rd Edition) 
(http://www.amazon.com/Internetworking-TCP-Vol-Implementation-Internals/dp/0139738436) (1998)
!nonfree (img/nonfree.png) Internetworking with TCP/IP Vol. II: ANSI C Version: Design, Implementation, and Internals (3rd Edition) (http://www.amazon.com/Internetworking-TCP-Vol-Implementation-Internals/dp/0139738436) (1998)
Released: June 25, 1998
!nonfree (img/nonfree.png) Network Algorithmics,: An Interdisciplinary Approach to Designing Fast Networked Devices 
(http://www.amazon.com/Network-Algorithmics-Interdisciplinary-Designing-Networking/dp/0120884771) (2004)
!nonfree (img/nonfree.png) Network Algorithmics,: An Interdisciplinary Approach to Designing Fast Networked Devices (http://www.amazon.com/Network-Algorithmics-Interdisciplinary-Designing-Networking/dp/0120884771) (2004)
Released: December 29, 2004
@@ -291,8 +285,7 @@
!nonfree (img/nonfree.png) Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection 
(http://www.amazon.com/Surreptitious-Software-Obfuscation-Watermarking-Tamperproofing/dp/0321549252) (2009)
!nonfree (img/nonfree.png) Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection (http://www.amazon.com/Surreptitious-Software-Obfuscation-Watermarking-Tamperproofing/dp/0321549252) (2009)
Released: August 3, 2009
@@ -320,13 +313,13 @@
Released: September 17, 2016
The first part of a three part book series providing broad and in-depth coverage on what web developers and architects need to know in order to create robust, reliable, maintainable and secure software, networks
and other, that are delivered continuously, on time, with no nasty surprises.
The first part of a three part book series providing broad and in-depth coverage on what web developers and architects need to know in order to create robust, reliable, maintainable and secure software, networks and other, that are 
delivered continuously, on time, with no nasty surprises.
Holistic Info-Sec for Web Developers (Fascicle 1) (https://leanpub.com/holistic-infosec-for-web-developers-fascicle1-vps-network-cloud-webapplications)
The second part of a three part book series providing broad and in-depth coverage on what web developers and architects need to know in order to create robust, reliable, maintainable and secure software, VPS, 
networks, cloud and web applications, that are delivered continuously, on time, with no nasty surprises.
The second part of a three part book series providing broad and in-depth coverage on what web developers and architects need to know in order to create robust, reliable, maintainable and secure software, VPS, networks, cloud and web 
applications, that are delivered continuously, on time, with no nasty surprises.
Classes
@@ -338,8 +331,8 @@
Hack Night (https://github.com/isislab/Hack-Night)
Developed from the materials of NYU Poly's old Penetration Testing and Vulnerability Analysis course, Hack Night is a sobering introduction to offensive security. A lot of complex technical content is covered 
very quickly as students are introduced to a wide variety of complex and immersive topics over thirteen weeks.
Developed from the materials of NYU Poly's old Penetration Testing and Vulnerability Analysis course, Hack Night is a sobering introduction to offensive security. A lot of complex technical content is covered very quickly as students 
are introduced to a wide variety of complex and immersive topics over thirteen weeks.
Websites
@@ -373,8 +366,7 @@
The Matasano Crypto Challenges (http://cryptopals.com)
A series of programming exercises for teaching oneself cryptography by Matasano Security (http://matasano.com). The introduction (https://blog.pinboard.in/2013/04/the_matasano_crypto_challenges) by Maciej 
Ceglowski explains it well.
A series of programming exercises for teaching oneself cryptography by Matasano Security (http://matasano.com). The introduction (https://blog.pinboard.in/2013/04/the_matasano_crypto_challenges) by Maciej Ceglowski explains it well.
PentesterLab (https://pentesterlab.com)
@@ -391,8 +383,7 @@
OWASP NodeGoat (https://github.com/owasp/nodegoat)
Purposly vulnerable to the OWASP Top 10 Node.JS web application, with tutorials (https://nodegoat.herokuapp.com/tutorial), security regression testing with the OWASP Zap API 
(https://github.com/OWASP/NodeGoat/wiki/NodeGoat-Security-Regression-tests-with-ZAP-API), docker image (https://github.com/owasp/nodegoat#option-3---run-nodegoat-on-docker). With several options to get up and 
running fast.
(https://github.com/OWASP/NodeGoat/wiki/NodeGoat-Security-Regression-tests-with-ZAP-API), docker image (https://github.com/owasp/nodegoat#option-3---run-nodegoat-on-docker). With several options to get up and running fast.
Securing The Stack (https://securingthestack.com)
@@ -400,8 +391,8 @@
OWASP ServerlessGoat (https://www.owasp.org/index.php/OWASP_Serverless_Goat)
OWASP ServerlessGoat is a deliberately insecure realistic AWS Lambda serverless application, maintained by OWASP and created by PureSec (https://www.puresec.io/). You can install WebGoat, learn about the 
vulnerabilities, how to exploit them, and how to remediate each issue. The project also includes documentation explaining the issues and how they should be remediated with best-practices.
OWASP ServerlessGoat is a deliberately insecure realistic AWS Lambda serverless application, maintained by OWASP and created by PureSec (https://www.puresec.io/). You can install WebGoat, learn about the vulnerabilities, how to exploit 
them, and how to remediate each issue. The project also includes documentation explaining the issues and how they should be remediated with best-practices.
Blogs
@@ -447,7 +438,7 @@
Test and learn Clickjacking. Make clickjacking PoC, take screenshot and share link. You can test HTTPS, HTTP, intranet & internal sites.
 AWS Lambda
 AWS Lambda
Tools
@@ -455,7 +446,7 @@
FunctionShield is a 100% free AWS Lambda security and Google Cloud Functions security library that equips developers with the ability to easily enforce strict security controls on serverless runtimes.
 Android
 Android
Books and ebooks
@@ -465,7 +456,7 @@
A community-maintained Wiki detailing secure coding standards for Android development.
 C
 C
Books and ebooks
@@ -481,7 +472,7 @@
Provides guidelines for improving software security through secure coding. Covers common programming languages and libraries, and focuses on concrete recommendations.
 C++
 C++
Books and ebooks
@@ -491,7 +482,7 @@
A community-maintained Wiki detailing secure coding standards for C++ programming.
 C Sharp
 C Sharp
Books and ebooks
@@ -501,7 +492,7 @@
An introduction to developing secure applications targeting version 4.5 of the .NET Framework, specifically covering cryptography and security engineering topics.
 Clojure
 Clojure
Repositories
@@ -511,7 +502,7 @@
Repository with Clojure examples of OWASP top 10 vulnerabilities.
 Go
 Go
Articles
@@ -521,7 +512,7 @@
A guide to managing sensitive data in memory.
 Java
 Java
Books and ebooks
@@ -537,7 +528,7 @@
Secure Java programming guidelines straight from Oracle.
 Node.js
 Node.js
Articles
@@ -569,10 +560,10 @@
!nonfree (img/nonfree.png) Security Training from BinaryMist (https://blog.binarymist.net/presentations-publications/)
We run many types of info-sec security training, covering Physical, People, VPS, Networs, Cloud, Web Applications. Most of the content is sourced from the book series 
(https://leanpub.com/b/holisticinfosecforwebdevelopers) Kim has been working on for several years. More info can be found here (https://binarymist.io/#services)
We run many types of info-sec security training, covering Physical, People, VPS, Networs, Cloud, Web Applications. Most of the content is sourced from the book series (https://leanpub.com/b/holisticinfosecforwebdevelopers) Kim has been 
working on for several years. More info can be found here (https://binarymist.io/#services)
 PHP
 PHP
Articles
@@ -624,8 +615,8 @@
Released: August 2, 2015
Discusses the importance of end-to-end network-layer encryption (HTTPS) as well as secure encryption for data at rest, then introduces the specific cryptography tools that developers should use for specific use 
cases, whether they use libsodium (https://pecl.php.net/package/libsodium), Defuse Security's secure PHP encryption library (https://github.com/defuse/php-encryption), or OpenSSL.
Discusses the importance of end-to-end network-layer encryption (HTTPS) as well as secure encryption for data at rest, then introduces the specific cryptography tools that developers should use for specific use cases, whether they use 
libsodium (https://pecl.php.net/package/libsodium), Defuse Security's secure PHP encryption library (https://github.com/defuse/php-encryption), or OpenSSL.
The 2018 Guide to Building Secure PHP Software (https://paragonie.com/blog/2017/12/2018-guide-building-secure-php-software) (2017)
@@ -641,8 +632,7 @@
Using Libsodium in PHP Projects (https://paragonie.com/book/pecl-libsodium)
You shouldn't need a Ph.D in Applied Cryptography to build a secure web application. Enter libsodium, which allows developers to develop fast, secure, and reliable applications without needing to know what a 
stream cipher even is.
You shouldn't need a Ph.D in Applied Cryptography to build a secure web application. Enter libsodium, which allows developers to develop fast, secure, and reliable applications without needing to know what a stream cipher even is.
Useful libraries
@@ -701,7 +691,7 @@
A weekly newsletter about PHP, security, and the community.
 Perl
 Perl
Books and ebooks
@@ -711,7 +701,7 @@
A community-maintained Wiki detailing secure coding standards for Perl programming.
 Python
 Python
Books and ebooks
@@ -735,7 +725,7 @@
A wiki maintained by the OWASP Python Security project.
 Ruby
 Ruby
Books and ebooks