Security - Articles

security

https://dzone.com/articles/cross-site-scripting-in-http-headers
https://www.smashingmagazine.com/2017/07/privacy-by-design-framework
https://dzone.com/storage/assets/5948240-aqua-ebook-5-things-devops-need-to-do-about-contai.pdf
https://www.owasp.org/index.php/Category:OWASP_Testing_Project
https://www.owasp.org/index.php/Types_of_Cross-Site_Scripting
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)#Stored_XSS_Attacks
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#tab=OWASP_Top_10_for_2013
http://tutsplus.com/tutorials/search?button=&search%5Bterms%5D=security&search%5Btopic%5D=&utf8=%E2%9C%93
https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet#Best-for-now_Legacy_Browser_Frame_Breaking_Script
http://ha.ckers.org/xss.html
http://www.greymagic.com/security/advisories/gm005-mc/

https://www.youtube.com/watch?v=79uMp-S23MA

JWTs or similar token-based authentication
http://www.toptal.com/security/10-most-common-web-security-vulnerabilities
https://developer.intuit.com/blog/2014/09/16/its-a-security-issue-practical-tips-for-common-web-application-security-vulnerabilities
http://www.smashingmagazine.com/2010/10/18/common-security-mistakes-in-web-applications/
http://blog.rayalleninc.com/how-to-succeed-in-a-security-audit-in-5-easy-steps/
https://www.oreilly.com/ideas/chris-eng-on-the-challenges-of-improved-application-security
https://labs.signalsciences.com/feedback-loops-seeing-the-invisible-part-1-of-2-bf0383f28735
https://labs.signalsciences.com/feedback-loops-seeing-the-invisible-part-2-of-2-89fcf759b642
http://techblog.netflix.com/2016/08/protecting-netflix-viewing-privacy-at.html
http://www.securityinfowatch.com/article/12231550/cyber-protecting-critical-infrastructure-different-than-protecting-data
http://www.networkworld.com/article/3101727/security/attack-attribution-does-little-to-improve-enterprise-security.html
https://www.oreilly.com/learning/stop-sweating-the-password-and-learn-to-love-public-key-cryptography
https://medium.freecodecamp.com/so-you-want-to-work-in-security-bc6c10157d23
https://www.oreilly.com/ideas/chris-eng-on-the-challenges-of-improved-application-security
https://blog.finjan.com/offensive-network-security
https://shubs.io/high-frequency-security-bug-hunting-120-days-120-bugs
https://medium.com/@marknca/4-steps-to-secure-serverless-applications-1274f0f5d321
http://www.csmonitor.com/World/Passcode/Security-culture/2016/0725/Machines-v.-hackers-Cybersecurity-s-artificial-intelligence-future
https://motherboard.vice.com/read/we-need-to-change-the-psychology-of-security
https://www.facebook.com/notes/alex-stamos/addressing-security-blindspots-through-culture/10154390896047929
https://www.safaribooksonline.com/library/view/learning-path-preparation/9781491971321/
http://www.csoonline.com/article/3100652/it-careers/how-to-attract-a-board-level-cybersecurity-expert.html
https://www.sitepoint.com/announcing-the-versioning-podcast
http://blog.smartbear.com/api-testing/security-considerations-for-api-testing
https://medium.com/the-scalr-blog/security-groups-aws-vs-azure-dfacacf958f7
http://www.gerv.net/security/content-restrictions/ - Cross Site Scripting
https://blogs.akamai.com/2014/09/web-vulnerabilities-low-hanging-fruit-for-ddosers.html
http://www.sitepoint.com/watch-prevent-brute-force-attacks-on-a-login-page/
https://medium.com/@nipungupta/user-behavior-analytics-uba-next-step-in-proactive-security-operations-a477b51444c3

http://www.freedom-to-tinker.com/blog/felten/side-channel-leaks-web-applications
http://www.sitepoint.com/how-to-safeguard-your-site-with-html5-sandbox/
http://phpmaster.com/php-security-cross-site-scripting-attacks-xss/
https://www.owasp.org/index.php/Main_Page
http://www.smashingapps.com/2012/06/05/8-useful-and-free-web-application-security-testing-tools.html
http://www.incapsula.com/
http://www.sitepoint.com/how-to-safeguard-your-site-with-html5-sandbox/
http://cloudspring.com/cloud-computing-security-concerns-odca/

https://labs.signalsciences.com/the-future-is-now-for-devops-and-security-b90854ed1f60
https://www.fireeye.com/blog/threat-research/2016/05/cerber_ransomware_partners_with_Dridex.html
https://blogs.forcepoint.com/insights/forcepoint-flash-office-cso
https://www.youtube.com/embed/qPs5U5hdciM
http://www.information-age.com/technology/security/123461368/busting-7-myths-cyber-security
http://www.slate.com/articles/technology/future_tense/2016/05/the_aviation_industry_is_starting_to_grapple_with_cybersecurity.html
https://www.wired.com/2016/05/ibm-watson-cybercrime/
http://www.ifsecglobal.com/physical-security-professionals-need-get-grips-cyber-security/
http://www.afcea.org/content/?q=Article-hacking-hackers-should-private-companies-strike-back
https://securityintelligence.com/news/designer-malware-campaigns-the-rise-of-couture-cybercrime/
https://www.oreilly.com/ideas/security-as-a-vector-not-a-point

http://www.sitepoint.com/the-cutting-edge-of-browser-security
http://www.theregister.co.uk/2016/05/05/stop_resetting_your_password_says_uk_spy_network/
http://www.theverge.com/2016/5/6/11601248/nccic-tour-photos-cyber-attack-hq-dhs
https://medium.com/@phmcgillicuddy/7-actions-ceos-can-take-right-now-to-protect-their-data-and-networks-5c72bd0c4be2
https://context.newamerica.org/the-real-weakest-link-in-security-isnt-what-you-think-a3dec75c3ff6
http://blogs.cisco.com/security/5-steps-to-an-effective-data-incident-response-program
https://blogs.mcafee.com/executive-perspectives/cloud-security-exaggerated-concern/
http://www.darkreading.com/operations/8-signs-your-security-culture-lacks-consistency-/a/d-id/1325286
https://blogs.microsoft.com/cybertrust/2016/05/09/cyber-resilience-rethinking-risk-management/
http://www.forbes.com/sites/stevemorgan/2016/05/09/top-2016-cybersecurity-reports-out-from-att-cisco-dell-google-ibm-mcafee-symantec-and-verizon/
https://www.oreilly.com/ideas/navigating-statistical-data-and-common-sense

http://www.sitepoint.com/how-to-block-entire-countries-from-accessing-website/
http://www.sitepoint.com/implement-passwordless-login
http://community.sitepoint.com/t/encryption-help/107819?u=swader

http://www.sitepoint.com/working-around-origin-policy/
http://www.sitepoint.com/websites-privacy-policy-putting-risk/

http://foundershield.com/mary-meeker-cyber-security-2015-internet-report/

ZAP tool
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet

http://beefproject.com/
http://en.wikipedia.org/wiki/BeEF
http://blog.secureideas.com/2013/06/getting-started-with-beef-browser.html
http://resources.infosecinstitute.com/beef-part-1/
https://media.blackhat.com/bh-us-12/Briefings/Ocepek/BH_US_12_Ocepek_Linn_BeEF_MITM_WP.pdf
http://www.bindshell.net/tools/beef.html
http://www.gnucitizen.org/blog/having-fun-with-beef-the-browser-exploitation-framework/

https://blogs.akamai.com/2014/10/preparing-for-the-holidays-security-trends.html

http://www.sitepoint.com/good-users-bad-password-ux/
http://blog.limelight.com/2014/05/the-quick-and-easy-audit-that-every-it-manager-should-perform
http://blog.threatstack.com/labs/2014/5/8/monitorama-2014-warm-fuzzies
http://seen.co/event/monitorama-pdx-portland-or-2014-920/highlight/237148
http://www.sitepoint.com/risks-challenges-password-hashing
http://www.sitepoint.com/5-security-essentials-ecommerce-sites
https://projectshield.withgoogle.com/
http://programming.oreilly.com/2013/10/starting-small-with-great-expectations.html
http://programming.oreilly.com/2013/10/security-after-death-trust.html
http://www.sitepoint.com/paypal-credit-card-tokenization-magento/
http://www.sitepoint.com/firefox-nsa-man-middle/
http://codahale.com/how-to-safely-store-a-password/
http://codahale.com/a-lesson-in-timing-attacks/
http://www.sitepoint.com/mobile-website-security/
http://www.sitepoint.com/strengthen-user-authentication-and-preserve-user-experience/
http://new.livestream.com/internetsociety/sfbayisoc-forum
https://www.owasp.org/index.php/Main_Page
http://web.appstorm.net/how-to/protect-your-online-data-with-two-factor-authentication/
http://en.wikipedia.org/wiki/Multi-factor_authentication
http://phpmaster.com/pci-compliance-and-the-php-developer/

http://www.rtfm.com/ssldump/
http://httpd.apache.org/docs/2.2/ssl/ssl_intro.html
http://www.openssl.org/docs/apps/genrsa.html
http://www.sslshopper.com/what-is-a-csr-certificate-signing-request.html
https://www.owasp.org/index.php/SSL_Best_Practices
https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet
https://otalliance.org/resources/EV/index.html
https://otalliance.org/resources/AOSSL/index.html

http://readwrite.com/2013/08/28/dropbox-hacked-reverse-engineered-client#awesm=~ofSej16PSkNqPi
Whitehat security
Partner with other identity theft management
Third party audit and publicize.
https://meteorhacks.com/xss-and-meteor.html - done reading

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License