Security - AutoSponge/dev-notes GitHub Wiki

zaproxy OWASP scanning
node CSRF
jsSHA SHA algos in js
jwt security
twistlock
socless SOCless is a serverless framework built to help security teams easily automate their incident response and operations processes
3rd-party CSS attacks
detect.location using iOS photos access to get location data
metasploit free ethical hacking course
JWT
vuln-regex-detector ReDOS check
twistlock security for docker containers
privacy rating in duckduckgo
linting configs for js
secret audit
test extensions
bXSS detect blind xss vulnerabilities
vuln-regex-detector detect vulnerable regexp

Authn/Authz

login with 3rd-party stateless login

Design

passwords advice for designing password features in systems

Resources

csp evaluator
OWASP
feminist guide to cybersecurity
eff
security headers article
retire.js javascript package vulnerabilities
cookie vs token
secure javascript apps

Container

env variables

Tools

metasec.js combination linter/scanner
nano-id replacement for uuid generator (URL-safe)
serialize-javascript serialize fn, regex and json
dompurify html sanitizer
xss html sanitizer
eslint scanjs config
lighthouse security
zaproxy penentration testing
secure-password
braces pattern matcher you can't DoS
tamper-chrome extension for manipulating requests
eslint rules
jose Web Crypto (JWT, JWE, JWS)

Dependencies

snyk security for npm packages
serialize-javascript

Topics

harvesting passwords front-end issues created by malicious npm packages
strict-transport-security header
awesome pentest
inline js
helmet (express middleware)
- csp
aws inspector
cloudsploit (aws scans)
target=_blank
obfuscation
npm vulnerability
xss article
express crsf
offline first security
regexp dos attack

CSP

CSRF

Express

csurf CRSF protection
tips