GameGamer43 + web_security   281

Project Zero: 365 Days Later: Finding and Exploiting Safari Bugs using Publicly Available Tools
Around a year ago, we published the results of research about the resilience of modern browsers against DOM fuzzing, a well-known technique for finding browser bugs. Together with the bug statistics we also published Domato, our DOM fuzzing tool that was used to find those bugs.
Google_Project_Zero  Web_Security 
8 weeks ago by GameGamer43
Certificates for localhost - Let's Encrypt - Free SSL/TLS Certificates
Sometimes people want to get a certificate for the hostname “localhost”, either for use in local development, or for distribution with a native application that needs to communicate with a web application. Let’s Encrypt can’t provide certificates for “localhost” because nobody uniquely owns it, and it’s not rooted in a top level domain like “.com” or “.net”. It’s possible to set up your own domain name that happens to resolve to, and get a certificate for it using the DNS challenge. However, this is generally a bad idea and there are better options.
LetsEncrypt  Lets_Encrypt  SSL  SSL_Certificates  Web_Security 
june 2018 by GameGamer43
Part 2: How to stop me harvesting credit card numbers and passwords from your site
I wrote a post recently describing how I distributed malicious code that gathers credit card numbers and passwords from thousands of sites in a way that’s quite difficult to detect.
HackerNoon  javascript  Web_Security 
may 2018 by GameGamer43
Infosec assists Mozillians in defining and operating security controls to ensure that data at Mozilla is protected consistently across the organization.
Mozilla_InfoSec  Mozilla  InfoSec  Security  Web_Security  Computer_Security 
march 2018 by GameGamer43
Building Secure JavaScript Applications
A few weeks back, I’ve attended SFNode, where Randall Degges gave a presentation on JWTs, mostly on why you avoid using them. The talk was amazing, and also reminded me of an article I wanted to write for a long time now - how one can build secure JavaScript applications. Here we go!
javascript  Web_Security 
march 2018 by GameGamer43
A Breakdown of the New SAML Authentication Bypass Vulnerability | Okta Developer
Several weeks ago a new critical vulnerability was discovered that affects many SAML implementations. This vulnerability was first reported by Kelby Ludwig of Duo Security and is particularly interesting to us (as a user management company) as it can be used to bypass authentication in a sinisterly simplistic way.
Okta  Web_Security 
march 2018 by GameGamer43
How a 22-Year-Old Discovered the Worst Chip Flaws in History - Bloomberg
In 2013, a teenager named Jann Horn attended a reception in Berlin hosted by Chancellor Angela Merkel. He and 64 other young Germans had done well in a government-run competition designed to encourage students to pursue scientific research.
Bloomberg  Web_Security  Security  Computer_Security  Intel 
february 2018 by GameGamer43
I’m harvesting credit card numbers and passwords from your site. Here’s how.
The following is a true story. Or maybe it’s just based on a true story. Perhaps it’s not true at all.
Web_Security  Security  Computer_Security 
february 2018 by GameGamer43
An accessible overview of Meltdown and Spectre, Part 1 | Trail of Bits Blog
In the past few weeks the details of two critical design flaws in modern processors were finally revealed to the public. Much has been written about the impact of Meltdown and Spectre, but there is scant detail about what these attacks are and how they work. We are going to try our best to fix that.
Security  Web_Security  Computer_Security  Spectre  Meltdown 
february 2018 by GameGamer43
How a researcher hacked his own computer and found 'worst' chip flaw
FRANKFURT (Reuters) - Daniel Gruss didn’t sleep much the night he hacked his own computer and exposed a flaw in most of the chips made in the past two decades by hardware giant Intel Corp (INTC.O).
Reuters  Security  Computer_Security  Web_Security  Mac_Security  Apple_iPhone_Security 
january 2018 by GameGamer43
Meltdown and Spectre
Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant me...
Security  Web_Security  Computer_Security  Mac_Security  Apple_iPhone_Security 
january 2018 by GameGamer43
Privacy Pass
Privacy Pass is a browser extension with the aim of making the internet more accessible.
Security  Web_Security  GitHub_Repos 
november 2017 by GameGamer43 - Application Security Training for Developers was started to provide quality content about current security issues facing web application developers. Content covers everything from the basics of web application security out to the most recent security threats facing web applications. It is important for developers of all skill levels to learn about web application security and integrate it from the start. provides the detail they need at a level tailored towards developers.  Chris_Cornutt  Programming  Software_Development  Software_Engineering  PHP  Web_Security  Security  Computer_Security  Online_Courses 
august 2017 by GameGamer43
fWaf – Machine learning driven Web Application Firewall | Fsecurify
Lately, I have been thinking of ways of applying machine learning to a security project that I can do and share with all of you. A few days ago, I happened to come across a website called ZENEDGE which is offering AI driven web application firewall. I liked the concept and thought of making something similar and sharing it with the community. So, lets make one.
web_application_firewall  Web_Security 
may 2017 by GameGamer43
CAA checking becomes mandatory for SSL/TLS certificates
This was news to me in a few ways; first, there's a new DNS resource record called CAA (Certificate Authority Authorization) and second, Certificate Authorities are now required to check that record before issuing a certificate, to determine if they're allowed to do so.
SSL  TLS  Web_Security 
may 2017 by GameGamer43
JOSE (Javascript Object Signing and Encryption) is a Bad Standard That Everyone Should Avoid - Paragon Initiative Enterprises Blog
Note: This was originally written about JSON Web Tokens (JWT), but JWT is a subset of Javascript Object Signing and Encryption (JOSE) so these criticisms are more fairly focused at JOSE as a whole.

If you've already decided to implement Javascript Object Signing and Encryption (JOSE), whether you want JSON Web Tokens, JSON Web Encryption (JWE), or JSON Web Signatures (JWS), you should question this decision. You're probably making a mistake.
JSON_Web_Token  Paragon_Initiative  Web_Security  web_development 
march 2017 by GameGamer43
forter/security-101-for-saas-startups: security tips for startups
So you are working at a startup, and you have been wondering at what point should you start looking into security considerations and compliance? Which technical debt should be postponed for a later stage, and which systems should be hardened this instant? What are the main considerations?
Security  GitHub_Repos  Web_Security  Computer_Security  Network_Security 
march 2017 by GameGamer43
TeamSIK – Password-Manager Apps
There are different policies for the generation of secure passwords. However, one of the biggest challenges is to memorize all these complex passwords. Password manager applications are a promising way of storing all sensitive passwords cryptographically secure. Accessing these passwords is only possible if the user enters a secret master password. At first sight, the requirements for a password manager application seem simple: Storing the passwords of a user centralized in a secure and confidential way. However, how is the reality on mobile, password manger applications, especially on Android? Applications vendors advertise their password manager applications as “bank-level” or “military-grade” secure. However, can users be sure that their secrets are actually stored securely? Despite the vendors’ claims, is it nevertheless possible to obtain access to the stored credentials?
Password_Managers  Security  Computer_Security  Web_Security 
march 2017 by GameGamer43
Setting a Baseline for Web Security Controls | Mozilla Security Blog
Securing modern web applications effectively is a complex process. However there are many straightforward security controls such as HTTP security headers which are very effective at blocking web common attacks.
Mozilla  Mozilla_Development  OWASP_Zap  Web_Security  Mozilla_Security 
january 2017 by GameGamer43
Everything you need to know about HTTP security headers - Appcanary
Some physicists 28 years ago needed a way to easily share experimental data and thus the web was born. This was generally considered to be a good move. Unfortunately, everything physicists touch — from trigonometry to the strong nuclear force — eventually becomes weaponized and so too has the Hypertext Transfer Protocol.
HTTP  Web_Security  AppCanary  web_development 
january 2017 by GameGamer43
Hostile Subdomain Takeover using Heroku/Github/Desk + more
Hackers can claim subdomains with the help of external services. This attack is practically non-traceable, and affects at least 17 large service providers and multiple domains are affected. Find out if you are one of them by using our quick tool, or go through your DNS-entries and remove all which are active and unused OR pointing to External Services which you do not use anymore.
Security  Web_Security  Computer_Security  Detectify 
january 2017 by GameGamer43
Secure online products and services with security best practices - Digital Craftsmen
Security-firm Fallible created an online tool to reverse engineer any android app to look for secrets and keys to AWS accounts. These keys and secrets can give full and uncontrolled access to extract and delete entire customer data sets and all the machines that go with them to run your application and site.
Web_Security  Security  Computer_Security 
january 2017 by GameGamer43
Exploit PHP's mail() to get remote code execution - Security - Sysadmins of the North
Exploit PHP’s mail() function to perform remote code execution, under rare circumstances.
PHP  PHP_Security  Web_Security 
december 2016 by GameGamer43
Troy Hunt: Careers in security, ethical hacking and advice on where to get started
Many people will disagree with this post, not so much because it's flat out wrong but because there are so many different approaches one can take. It's a very subjective realm but I'm going to put forward some suggestions, make some considered arguments and leave it at that.  Troy_Hunt  Security  Web_Security  Computer_Security 
december 2016 by GameGamer43
The PlugBot: Hardware Botnet Research Project – RedTeam Security
The PlugBot project is a security research project by RedTeam Security, led by Jeremiah Talamantes. It is designed to be a proof-of-concept / experimental foray into the development of software that could potentially support the concept of a hardware botnet. The project is made up of two components, PlugBot Bot and PlugBot Command & Control. The hardware component to this project is intended to be single-board computers, such as: Raspberry Pi, Beaglebone, Cubox, etc.
PlugBot  Computer_Security  Security  Network_Security  Web_Security 
december 2016 by GameGamer43
The Security Spectrum of curl | sh
A growing number of organizations are delivering software, generally for macOS, with a very Unix-y but also controversial pattern: using curl(1) to download a script and piping the output directly to sh (a.k.a. Bash(1)). There’s even a blog tracking the phenomenon, with the pointed description, “People telling people to execute arbitrary code over the network.”
AtomicObject  CURL  SH  Bash  Security  Computer_Security  Web_Security  Linux_Security 
december 2016 by GameGamer43
Minion is a security testing framework built by Mozilla to bridge the gap between developers and security testers. To do so, it enables developers to scan their projects using a friendly interface.
Mozilla_OpenSource  GitHub_Repos  Web_Security  Mozilla_Minion 
december 2016 by GameGamer43
When using an anonymity or privacy service, it is extremely important that all traffic originating from your computer is routed through the anonymity network. If any traffic leaks outside of the secure connection to the network, any adversary monitoring your traffic will be able to log your activity.
DNS  Web_Security 
november 2016 by GameGamer43
Cyber Security Base with F-Secure is a free course series by University of Helsinki in collaboration with F-Secure Cyber Security Academy that focuses on building core knowledge and abilities related to the work of a cyber security professional.
Online_Courses  Security  Computer_Security  Web_Security  University_of_Helsinki  F-Secure 
october 2016 by GameGamer43
Testing Your Linux Firewall Configuration
At, it’s all about security and penetrating. I’ve decided to write this little guide for testing your own firewall configuration.  Firewall  Security  Computer_Security  Web_Security 
october 2016 by GameGamer43
Paranoid-in-Chief: Yahoo's Alex Stamos Wants to Secure the Entire Internet
It’s an early and sunny Saturday after the week-long RSA, perhaps the largest computer security conference in the world. A small group of weary and conference-hungover hackers, information security professionals and activists is gathering at the new San Francisco office of Yahoo, in the neighborhood of South of Market, or SoMa, a quickly gentrifying and hip neighborhood filled with tech startups.
Alex_Stamos  Yahoo  Security  Computer_Security  Web_Security 
october 2016 by GameGamer43
Is Your Database Affected by CVE-2016-6662?
In this blog post, I will discuss the CVE-2016-6662 vulnerability, how to tell if it affects you, and how to prevent the vulnerability from affecting you if you have an older version of MySQL.
Percona  MySQL  MySQL_Security  Computer_Security  Web_Security  Security 
september 2016 by GameGamer43
The target="_blank" vulnerability by example
Edit: Instagram has fixed this issue, presumably because of this article. Facebook and Twitter still have not. I used Instagram as the prime example, but the main takeaway is that the target="_blank" vulnerability is extremely common. The individual web developer should guard against it and the browsers should consider modifying this behavior.
JavaScript  HTML  Web_Development  Web_Security 
september 2016 by GameGamer43
Should you encrypt or compress first?
You work for a big company. Your job is pretty boring. Frankly, your talents are wasted writing boilerplate code for an application whose only users are three people in accounting who can’t stand the sight of you.
AppCanary  Security  Web_Security  Computer_Security  Compression_Algorithms  Encryption 
september 2016 by GameGamer43
GitHub - mozilla/http-observatory: HTTP Observatory
HTTP Observatory: analyze your website and review available methods to secure it
Mozilla_OpenSource  GitHub_Repos  Web_Security  from twitter_favs
august 2016 by GameGamer43
Content Security Policy to secure your website (and more)
XSS vulnerabilities (Cross-Site Scripting), that allow attackers to inject malicious scripts in a web page, rank at the third place of the most critical web application security flaws provided by the renowned OWASP community (Open Web Application Security Project). Those script injections in a web page can lead to session hijacking or website defacing for example.
Content_Security_Policy  Web_Security  Web_Development 
august 2016 by GameGamer43
How to Prevent Replay Attacks on Your Website
Replay attacks, in which attackers intercept and resend network packets that do not belong to them, are extremely dangerous and can in some cases cause serious damage. What makes these kinds of attacks even more noisome is that they can even be staged on encrypted communication channels without gaining access to the decryption keys. Attackers only have to eavesdrop on your line and have a general knowledge of what task a specific set of packets are performing, and by resending those packets or requests, they will be able to disrupt your communications or cause more damaging effects.
Web_Security  SitePoint  Web_Development 
august 2016 by GameGamer43
Is Apple's Cloud Key Vault a crypto backdoor?
Still, as you can see there's been some talk on Twitter about the subject, and I'm afraid it could lead to a misunderstanding. That would be too bad, since Apple's new technology is kind of a neat experiment.
Apple  Apple_Computers  Defcon  Security  Web_Security  Computer_Security  Cryptography 
august 2016 by GameGamer43
Reverse Engineering Native Apps by Intercepting Network Traffic
The ability to debug web applications is baked into every major browser – just click Inspect Element and you’ll see lots of information. It’s not quite as easy to do this with native apps, especially if you don’t have their source code. I’d like to show you how to understand the behavior of an application by inspecting its network requests (with or without SSL). I’ll also discuss some security implications relevant to developers who are building their own API (private or public).
Reverse_Engineering  Charles_Proxy  ReverseEngineering  Web_Security 
july 2016 by GameGamer43
netfilter (iptables) target for high performance lockless SYN cookies for SYN flood mitigation
GitHub_OpenSource  Security  Linux_Security  IPTables  GitHub  Web_Security  Computer_Security 
july 2016 by GameGamer43
Letsencrypt for Free & Easy SSL Certificates
See how to easy it is to use letsencrypt to create and automatically renew FREE SSL certificates!  Web_Development  Web_Hosting  LetsEncrypt  Web_Security 
july 2016 by GameGamer43
Target="_blank" - the most underestimated vulnerability ever
People using target='_blank' links usually have no idea about this curious fact:
Web_Security  Web_Development 
may 2016 by GameGamer43
What are SSL ciphers & session keys?
This morning I gave a lightning talk at work (about what I learned about CDNs last week). Lightning talks at work are super fun and great. I like hearing about what my coworkers are working on & thinking about a lot, and they're pretty lightweight to prepare.
SSL  OpenSSL  Web_Security  Julia_Evans 
may 2016 by GameGamer43
Protect your web app now!
Three-command install, get back to your code  Web_Security  Security  Computer_Security 
april 2016 by GameGamer43
Securely Implementing (De)Serialization in PHP
A frequent problem that developers encounter when building web applications in PHP is, "How should I represent this data structure as a string?" Two common examples include:
PHP  Paragon_Initiative  Web_Security  Web_Development 
april 2016 by GameGamer43
GitHub's CSP journey
We shipped subresource integrity a few months back to reduce the risk of a compromised CDN serving malicious JavaScript. That is a big win, but does not address related content injection issues that may exist on itself. We have been tackling this side of the problem over the past few years and thought it would be fun, and hopefully useful, to share what we have been up to.
GitHub_Engineering  GitHub  Web_Security  Content_Security_Policy 
april 2016 by GameGamer43
Goodbye CSRF - SameSite to the rescue!
SameSite-cookies is a mechanism for defining how cookies should be sent over domains. This is a security mechanism developed by Google and is at this moment present in Chrome-dev(51.0.2704.4). The purpose of SameSite-cookies is [try] to prevent CSRF and XSSI-attacks. You can read the draft here.
Web_Development  Web_Development_Security  Web_Security 
april 2016 by GameGamer43
If You Can’t Break Crypto, Break the Client: Recovery of Plaintext iMessage Data
CVE-2016-1764, fixed by Apple in March of 2016, is an application-layer bug that leads to the remote disclosure of all message content and attachments in plaintext by exploiting the OS X Messages client. In contrast to attacking the iMessage protocol, it is a relatively simple bug. You don’t need a graduate degree in mathematics to exploit it, nor does it require advanced knowledge of memory management, shellcode, or ROP chains. All an attacker requires is a basic understanding of JavaScript.
Apple_iMessage_Hacking  Apple_iMessages  Security  Web_Security  Computer_Security 
april 2016 by GameGamer43
The Basics of Web Application Security
Modern web development has many challenges, and of those security is both very important and often under-emphasized. While such techniques as threat analysis are increasingly recognized as essential to any serious development, there are also some basic practices which every developer can and should be doing as a matter of course.
Web_Security  Computer_Security  Security 
april 2016 by GameGamer43
The misunderstood X-XSS-Protection
A few days ago, I made a poll on Twitter to see what people think is the worst setting for the XSS filter/auditor. The results are very surprising:
Web_Security  Web_Development  Computer_Security  Security 
april 2016 by GameGamer43
SQL Injection Cheat Sheet
An SQL injection cheat sheet is a resource in which you can find detailed technical information about the many different variants of the SQL Injection vulnerability. This cheat sheet is of good reference to both seasoned penetration tester and also those who are just getting started in web application security.
Web_Security  Security  Computer_Security  SQL_Injection 
march 2016 by GameGamer43
OVI - Open Vulnerability ID
OVI - Open Vulnerability ID is a free vulnerability identification number that can be obtained by anyone. Just click below to get your number and use it for your disclosure.
Security  Web_Security  Computer_Security  CVE 
march 2016 by GameGamer43
OSX Mass Pwning using BetterCap and the Sparkle Updater Vulnerability.
Yesterday Radek from VulnSec posted an interesting article named "There's a lot of vulnerable OS X applications out there.", he discovered that the Sparkle update system ( used by some very popular OSX apps such as VLC, Adium, iTerm and so forth ) uses HTTP instead of HTTPS to fetch updates informations for such applications, making all of them vulnerable to man in the middle attacks and, as he shown, remote command execution attacks.
Mac_Security  Security  Computer_Security  Web_Security 
january 2016 by GameGamer43
There's a lot of vulnerable OS X applications out there.
Lately, I was doing research connected with different updating strategies, and I tested a few applications working under Mac OS X. This short weekend research revealed that we have many insecure applications in the wild. As a result, I have found a vulnerability which allows an attacker take control of another computer on the same network (via MITM).
Mac_Security  Computer_Security  Security  Web_Security 
january 2016 by GameGamer43
Bulk surveillance violates our fundamental rights and makes free speech risky. This guide will teach you a basic surveillance self-defense skill: email encryption. Once you've finished, you'll be able to send and receive emails that are scrambed to make sure a surveillance agent or thief intercepting your email can't read them. All you need is a computer with an Internet connection, an email account, and about forty minutes.
Free_Software_Foundation  Email  GPG  GnuPG  Security  Web_Security  Computer_Security 
january 2016 by GameGamer43
Excess XSS
A comprehensive tutorial on cross-site scripting
CrossSiteScripting  Web_Security 
january 2016 by GameGamer43
Security Guide: How to Protect Your Infrastructure Against the Basic Attacker
Running your infrastructure in a secure configuration is a daunting task even for security professionals. This guide provides practical advice to help engineers build up infrastructure following security best practices so that they can confidently deploy their services to the public Internet and lower their chances of being compromised. This guide specifically targets Linux based systems; however, the best practices apply to all computer systems.
Mailgun  Mailgun_Blog  Security  Web_Security  Web_Servers  Computer_Security 
january 2016 by GameGamer43
patchwork security
Open source packages are constantly going out of date, and tracking the state of your servers is a massive headache. Patchwork offers an API-driven notification system to help you automate Open Source Security management.  Security  Security_Audit  Computer_Security  Web_Security 
january 2016 by GameGamer43
Anonymity check
We can verify the accuracy of this information, our service will quickly determine how well you are hiding behind your VPN, web proxy, HTTP proxy, etc..
Privacy  Privacy_Tools  Security  Web_Security 
january 2016 by GameGamer43
A repository to showcase some of the popular web attacks.
Web_Security  PHP  Web_Development  GitHub_Repos 
january 2016 by GameGamer43
Creating a CSP Policy from Scratch
When I added the Content-Security-Policy (CSP) security header to my website, I was more concerned about getting a good rating on, than actually creating a good policy. In this post I’ll show you how I created a new, better, CSP policy from scratch.
Content_Security_Policy  Web_Development  Web_Security  Diogo_Monica 
december 2015 by GameGamer43
« earlier      
per page:    204080120160

related tags

Acunetix  AgileBits  AgileBits_OnePassword  Alex_Stamos  Apache_httpd  Apache_Software_Foundation  AppCanary  Apple  Apple_Computers  Apple_iMessages  Apple_iMessage_Hacking  Apple_iPhone_Security  Arstechnica  ASmartBear  AtomicObject  Authentication  Authy  Barracuda_Networks  Bash  Bloomberg  Brad_Feld  Breaker101  BroIDS  BugCrowd  BURP  Business  CDN  Certificate_Authority  Charles_Proxy  Chris_Cornutt  CloudFlare  CloudFlare_Blog  CloudFlare_Opensource  Common_Vunerabilities_and_Exposures  Comodo  Comodo_Opensource  Compression_Algorithms  Computer_Forensics  computer_security  Content_Security_Policy  CoreOS  Corporate_Security  CrossSiteScripting  Crowdcurity  CrowdStrike  Cryptography  CTF365  CURL  CVE  Dan_Kaminsky  Database  Databases  Database_Performance  Database_Security  Defcon  Detectify  DevOps  Digital_Boundary_Group  Diogo_Monica  DNS  Draios  DumpMon  Edward_Snowden  EFF  Egor_Homakov  Email  Encryption  Entropy  Etsy  Etsy_Engineering_Blog  Etsy_Opensource  F-Secure  Facebook  Facebook_Engineering  Facebook_OpenSource  FedoraProject  Firewall  Firmware  Forensic_Analysis  Free_Software_Foundation  GamaSec  Git  GitHub  GitHub_Engineering  GitHub_OpenSource  GitHub_Repos  GnuPG  Google  Google_Chrome  Google_Chrome_Development_Tools  Google_Chrome_Extensions  Google_Code  Google_Project_Zero  Google_Security  Google_XSS_Game  Go_Lang  GPG  GreyCastle_Security  HackerNews_Posts  HackerNoon  Hacking  Have_I_Been_Pwned  Heartbleed  HP_Fortify  HTML  HTML5  HTML5_Security  HTTP  HTTPS  HTTP_Headers  Incapsula  InfoSec  Intel  intrusion_dectection  IPTables  javascript  JavaScript_Engine  JavaScript_Engine_Testing  Jeeves  JSON_Web_Token  Julia_Evans  JumpCloud  LetsEncrypt  Lets_Encrypt  LibreSSL  Linux  Linux_Debugging  Linux_Development  Linux_Distributions  Linux_Security  Load_Balancers  Lynis  Mac_Applications  Mac_Security  Mailgun  Mailgun_Blog  Mailpile  MariaDB  Mavituna_Security  Meltdown  Meltdown_Spectre  MIT  Mod_Security  Moonpig  Mozilla  Mozilla_Development  Mozilla_InfoSec  Mozilla_Minion  Mozilla_OpenSource  Mozilla_Operations  Mozilla_Security  MySQL  MySQL_Security  Netcat  NetSparker_CE  NETTUTS+  NetworkWorld  network_monitoring  network_security  Nginx  nmap  node.js  NodeJS  NSA  Okta  Online_Courses  OpenDNS  OpenDNS_Engineering  OpenDNS_Engineering_Blog  OpenSource  OpenSSH  OpenSSL  OpenVAS  OWASP  OWASP_Zap  OwnCloud  OWSAP  Paragon_Initiative  Paros  Password_Managers  PCI_Compliance  Peach_Fuzzing_Platform  Penetration_Testing  PentesterLab  Percona  Perl  PGP  PhantomJS  Phil_Zimmerman  PHP  PHPIDS  phpmailer  PHP_Security  PlugBot  Pocket  Pound  Privacy  Privacy_Tools  Programming  programming_books  Proxies  Python  Rapid7  Research_In_Motion  Reuters  ReverseEngineering  Reverse_Engineering  security  Security_Audit  Security_Compass_Labs  Security_Products  SH  SHA-1  Shellcode  SimplySecure  SitePoint  Slack  Software_Development  Software_Engineering  Source_Code_Analysis_Tools  Spectre  SQL  SQLmap  SQL_Injection  SSH  SSL  SSL_Certificates  StartUp_Information  StopTheHacker  Subversion  Sysdig  TechCrunch  TheVerge  Thoughtbot  Threatglass  ThreatStack  ThreatStream  Tinfoil_Security  TLS  TripWire  TripWire_SecureScan  Troy_Hunt  Trustwave  Two_Factor_Authentication  University_of_Helsinki  Vimeo  Vulscan.nse  Vunerability_Scanners  Websecurify  Websockets  web_application_firewall  Web_Browsers  web_development  Web_Development_Security  Web_Hosting  web_security  Web_Servers  Wired  WIreshark  WordPress  WordPress_Development  Yahoo  Yahoo_Opensource  Yelp  Yelp_Engineering_Blog 

Copy this bookmark: