Bookmarks

API

2019-05-13 API Security Checklist
Checklist of the most important security countermeasures when designing, testing, and releasing your API

2018-11-23 Differences between GitHub Apps and OAuth Apps
Differences between GitHub Apps and OAuth Apps

AppSec

2019-05-13 API Security Checklist
Checklist of the most important security countermeasures when designing, testing, and releasing your API

2019-05-20 beanstack.io
Java Fingerprinting using Stack Traces

2019-01-31 CSP (Content Security Policy) - An Introduction
Introduction to CSP

2019-05-09 My bookmark

2019-03-28 swisskyrepo/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Cryptography

2019-05-20 dvcw
Damn Vulnerable Crypto Wallet : An extremely insecure Ethereum cryptowallet

2018-12-05 How to deploy modern TLS in 2018
Overview of TLS history

2019-05-13 The book of secret knowledge
A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.

2019-04-08 wireguard
Fast VPN solution

CTF

2019-03-28 swisskyrepo/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Pentest

2019-07-03 Arsenal of AWS Security Tools
Offensive, Governance, Defensive

2019-05-20 beanstack.io
Java Fingerprinting using Stack Traces

2019-08-27 github.com/RhinoSecurityLabs/pacu
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

2019-08-21 matthias-endler.de/awesome-static-analysis/
This is a collection of static analysis tools and code quality checkers. Pull requests are very welcome!

2019-01-21 parsiya/Hacking-with-Go
These documents are based on the Gray/Black Hat Python/C# series of books

2019-03-28 swisskyrepo/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF

SDLC

2018-11-12 Agile Development and Source Code Analysis
Agile Development and Source Code Analysis

2019-06-03 Agile manifesto

2019-06-03 GitHub Token Scanning
GitHub scans public repositories for known token formats to prevent fraudulent use of credentials that were committed accidentally.

2019-05-13 How bad can it git? Characterizing secret leakage in public GitHub repositories
Has some useful regexps, concept of false positives candidates

2018-11-12 Secure Agile SDLC
Secure Agile SDLC (BSides Presentation)

Security News

2018-09-27 Hackernews
Mirrors, search engines, aggregators

2018-11-28 Simpsonpt/AppSecEzine
AppSec E-Zine (weekly updated!)

2019-01-07 Underground Nachrichten
Nachrichten aus dem Untergrund

Security Tool

2019-07-03 Arsenal of AWS Security Tools
Offensive, Governance, Defensive

2019-05-20 beanstack.io
Java Fingerprinting using Stack Traces

2019-08-27 github.com/RhinoSecurityLabs/pacu
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

2019-05-14 github.com/topics/security
Security topic on GitHub

2019-05-13 gitleaks
Audit git repos for secrets 🔑

2019-06-05 merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

2019-08-21 nmap-vulners
NSE script based on Vulners.com API

2019-06-11 securego/gosec
Golang Security Checker - Inspects source code for security problems by scanning the Go AST.

2019-07-02 Slackor
A Golang implant that uses Slack as a command and control server

2019-05-13 The book of secret knowledge
A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.

2019-05-13 vuls
Agent-less vulnerability scanner for Linux/FreeBSD/WordPress/Programming language libraries/Network devices