⚙️ NGINX config generator on steroids 💉Project mention: [software] NGINX configuration generator | reddit.com/r/Compsci_nerd | 2021-11-10
OpenZeppelin Contracts is a library for secure smart contract development.Project mention: Split NFT Royalties to Multiple Addresses | reddit.com/r/ethdev | 2021-12-06
Run Linux Software Faster and Safer than Linux with Unikernels.
Free cross-platform password manager compatible with KeePassProject mention: Mercredi Tech - 2021-12-01 | reddit.com/r/france | 2021-12-01
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:Project mention: How to choose a third party package | dev.to | 2021-12-04
As mentioned in Fit your need, many packages try to solve a general problem (thus the size of the package is large). You may only need a small part of the package. Sometimes, your problem is unique and there are no existing third party packages out there that solve it. In those cases, it's a great time for you to do it yourself. I found myself in the early days in the industry spending much time finding a third party package to help me build features. But over time, I more rarely used external packages for my daily tasks. It doesn't mean that I always reinvent the wheel. It means that I know what I am doing and I can seek help from the community when I truly need to (for example I will never sanitize user input by myself, but use DOMPurify)
A curated list of CTF frameworks, libraries, resources and softwaresProject mention: How to solve CTF ☠️ (Capture_the_flags) | dev.to | 2021-10-31
https://github.com/apsdehal/awesome-ctf - Comprehensive list of tools and further reading
The Browser Exploitation Framework ProjectProject mention: how do i install BeEF? | reddit.com/r/Kalilinux | 2021-12-07
Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system.Project mention: Wireshark pcap in elastic search | reddit.com/r/elasticsearch | 2021-11-24
I used moloch which is now https://arkime.com/. It used to be free and was a great tool for pcaps. Uses elastic underneath.
Scout APM: A developer's best friend. Try free for 14-days. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.Project mention: Is there a tool to map a AWS/vpc environment? | reddit.com/r/aws | 2021-09-03
Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardeningProject mention: Firefox Privacy: 2021 update | Privacy Guides | reddit.com/r/PrivacyGuides | 2021-12-01
Tutanota is an email service with a strong focus on security and privacy that lets you encrypt emails, contacts and calendar entries on all your devices.
Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.comProject mention: Ask HN: What are the best automated tools for keeping credentials out of GitHub? | news.ycombinator.com | 2021-08-09
ClearURLs is an add-on based on the new WebExtensions technology and will automatically remove tracking elements from URLs to help protect your privacy.Project mention: DeGoogling google.com with my tag is the cherry on top...(left)... | reddit.com/r/degoogle | 2021-11-12
In order to prevent this issue, your organization needs to implement regular checks of your dependencies against the CVE database for known vulnerabilities, as well as establishing a process for keeping all dependencies up-to-date. Fortunately, much of this can be automated using vulnerability scanning tools, such as the OWASP Dependency Check, RetireJS, or Brakeman. Additional tools, such as WhiteSource's Renovate, provide a complete dependency management solution by automatically updating any found vulnerabilities. In addition to keeping dependencies updated, it's important to remove any dependencies that are no longer being used.
Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis. Built on htmlparser2 for speed and toleranceProject mention: How To Parse and Render Markdown In Vuejs | dev.to | 2021-08-26
Vue does not have as much support for Vue as there is for React. Examples are markdown-it, Remark.js, marked.js. But hopefully in the future, there should be more support, and after much research, I picked marked.js because it has the most stars and has zero vulnerability. Marked does not sanitize (meaning it does not secure HTML documents from attacks like cross-site scripting (XSS) ) marked output HTML as that feature is deprecated and has vulnerability but however, it supports the use of other libraries to secure output HTML such as DOMPurify (recommended), sanitize-html or insane.
Advanced vm/sandbox for Node.jsProject mention: The Perfect Configuration Format? Try TypeScript | news.ycombinator.com | 2021-11-17
This could be solved by having some kind of sandbox (https://github.com/patriksimek/vm2), but I agree it complicates it.
It would be cool if tsc had a flag —sandboxed or similar that does not allow any sideeffects (fs access, output, forking, net requests, etc)
A microservices API Gateway built on top of Express.jsProject mention: Building an Express Gateway Policy | dev.to | 2021-08-29
This post will show you how to build a policy (middleware) for your express gateway. Before creating a policy, we need to create a plugin.
Hide secrets with invisible characters in plain text securely using passwords 🧙🏻♂️⭐Project mention: r/cryptography | reddit.com/r/cryptography | 2021-05-31
user.js -- Firefox configuration hardening (by pyllyukko)Project mention: Don't you feel that Firefox is now father than Chromium ? | reddit.com/r/archlinux | 2021-11-25
Open Cyber Threat Intelligence PlatformProject mention: Threat Intelligence platform recommendations | reddit.com/r/blueteamsec | 2021-11-02
If you haven’t yet, check out OpenCTI https://github.com/OpenCTI-Platform/opencti
Node.js rate limit requests by key with atomic increments in single process or distributed environment.Project mention: Trouble adding rate limiter to API route in Nextjs | reddit.com/r/node | 2021-07-31
I published this issue with my code: https://github.com/animir/node-rate-limiter-flexible/issues/124
Awesome Node.js Security resourcesProject mention: What is secure code? | reddit.com/r/node | 2021-01-18
For the PERN stack you can check out the vulnerabilities and their solutions here, you may also like the Secure Code Warrior Free Node.js express training. Also check out the Awesome Node.js Security list.
Do you think you are safe using private browsing or incognito mode?. :smile: :imp: This will prove that you're wrong.Project mention: GitHub - gautamkrishnar/nothing-private: Do you think you are safe using private browsing or incognito mode?. This will prove that you're wrong. | reddit.com/r/devopsish | 2021-10-24
how do i install BeEF?
1 project | reddit.com/r/Kalilinux | 7 Dec 2021
Split NFT Royalties to Multiple Addresses
1 project | reddit.com/r/ethdev | 6 Dec 2021
Does this kind of funnel already exist?
1 project | reddit.com/r/solidity | 6 Dec 2021
Split NFT Royalies to Multiple Addresses
1 project | reddit.com/r/solidity | 6 Dec 2021
Backend Ethereum Smart Contracts
1 project | reddit.com/r/ethdev | 5 Dec 2021
UPDATE: FOUND MATCHING CODE IN THE GAMESTOP CONTRACT AND NEW LRC EXCHANGEV3 CONTRACT ON ETHERSCAN. 2 EXAMPLES SO FAR
3 projects | reddit.com/r/Superstonk | 5 Dec 2021
I can't verify my smart contract on polygonscan
1 project | reddit.com/r/polygonnetwork | 5 Dec 2021
|10||Tutanota makes encryption easy||4,293|
Are you hiring? Post a new remote job listing for free.