⚙️ NGINX config generator on steroids 💉Project mention: [software] NGINX configuration generator | reddit.com/r/Compsci_nerd | 2021-11-10
OpenZeppelin Contracts is a library for secure smart contract development.Project mention: 5 Tips & Tricks in UniswapV2 Contracts for DeFi Developers | dev.to | 2022-01-22
Openzeppelin ERC-20-Permit (in draft status)
Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.
Free cross-platform password manager compatible with KeePassProject mention: Chromebox: what password manager do you use? | reddit.com/r/chromeos | 2022-01-17
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:Project mention: How to allow custom entered HTML in item description, but make sure no JS gets entered? | reddit.com/r/webdev | 2022-01-02
You can use an input sanitizer. I'd use something like DOMPurify if you don't want to write the sanitizer yourself. But yeah you should not allow or remove a certain tags like script and img.
A curated list of CTF frameworks, libraries, resources and softwaresProject mention: How to solve CTF ☠️ (Capture_the_flags) | dev.to | 2021-10-31
https://github.com/apsdehal/awesome-ctf - Comprehensive list of tools and further reading
The Browser Exploitation Framework ProjectProject mention: be warned, there's this new thing going around that nobody is talking about but it sends a link and i think your account gets taken over and you can't get it back. it seems to start with "hey can i ask you for a quick favor?" and if you respond, it seems to actually talk back | reddit.com/r/discordapp | 2022-01-03
Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system.Project mention: I'm currently studying to transition from a SIEM administrator to a network forensics analyst. What's are good workflows/resources for analyzing PCAPs? | reddit.com/r/computerforensics | 2021-12-14
Full PCAP's? Look at https://arkime.com/ or network miner. Arkime is probably more what you're looking for. But I love network miner
Deliver Cleaner and Safer Code - Right in Your IDE of Choice!. SonarLint is a free and open source IDE extension that identifies and catches bugs and vulnerabilities as you code, directly in the IDE. Install from your favorite IDE marketplace today.
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.Project mention: Is there a tool to map a AWS/vpc environment? | reddit.com/r/aws | 2021-09-03
Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardeningProject mention: An extension seems to have logged a bung of information, what should I do first? | reddit.com/r/firefox | 2022-01-22
Looks like the same situation as here. As recommended there, check your about:debugging for extension UUID that matches with what you called "(some string)".
Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.comProject mention: My MetaMask Private Keys Stolen from GitHub Private Repo in 1 Hour | news.ycombinator.com | 2022-01-06
Assuming that the person you were working with didn't drain your wallet, there are many tools which can be used to actively monitor for commits being done on GitHub with secrets of sort.
The first one that comes to my mind is shhgit (https://github.com/eth0izzle/shhgit)
Anyone can self host it and then add multiple GitHub Dev keys to it. Then this can be used to monitor GitHub commits being done, majority of which can be categorized as "secrets".
ClearURLs is an add-on based on the new WebExtensions technology and will automatically remove tracking elements from URLs to help protect your privacy.Project mention: DeGoogling google.com with my tag is the cherry on top...(left)... | reddit.com/r/degoogle | 2021-11-12
In order to prevent this issue, your organization needs to implement regular checks of your dependencies against the CVE database for known vulnerabilities, as well as establishing a process for keeping all dependencies up-to-date. Fortunately, much of this can be automated using vulnerability scanning tools, such as the OWASP Dependency Check, RetireJS, or Brakeman. Additional tools, such as WhiteSource's Renovate, provide a complete dependency management solution by automatically updating any found vulnerabilities. In addition to keeping dependencies updated, it's important to remove any dependencies that are no longer being used.
Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis. Built on htmlparser2 for speed and toleranceProject mention: How To Parse and Render Markdown In Vuejs | dev.to | 2021-08-26
Vue does not have as much support for Vue as there is for React. Examples are markdown-it, Remark.js, marked.js. But hopefully in the future, there should be more support, and after much research, I picked marked.js because it has the most stars and has zero vulnerability. Marked does not sanitize (meaning it does not secure HTML documents from attacks like cross-site scripting (XSS) ) marked output HTML as that feature is deprecated and has vulnerability but however, it supports the use of other libraries to secure output HTML such as DOMPurify (recommended), sanitize-html or insane.
Advanced vm/sandbox for Node.jsProject mention: The Perfect Configuration Format? Try TypeScript | news.ycombinator.com | 2021-11-17
This could be solved by having some kind of sandbox (https://github.com/patriksimek/vm2), but I agree it complicates it.
It would be cool if tsc had a flag —sandboxed or similar that does not allow any sideeffects (fs access, output, forking, net requests, etc)
A microservices API Gateway built on top of Express.jsProject mention: Building an Express Gateway Policy | dev.to | 2021-08-29
This post will show you how to build a policy (middleware) for your express gateway. Before creating a policy, we need to create a plugin.
Hide secrets with invisible characters in plain text securely using passwords 🧙🏻♂️⭐Project mention: r/cryptography | reddit.com/r/cryptography | 2021-05-31
user.js -- Firefox configuration hardening (by pyllyukko)Project mention: [24 Jan 2022] Privacy lovers of India, what are your best tips for online safety & privacy in 2022? | reddit.com/r/india | 2022-01-24
As for configuring firefox - https://github.com/pyllyukko/user.js/. There are many different configurations. Read the thing and configure based on your needs. I use 2 different profiles in firefox. one has strict rules other not so much. Umatrix, temporary containers, ublock,vim vixen, https everywhere are the addon i use. can use facebook container if you want to use instagram and such.
Open Cyber Threat Intelligence PlatformProject mention: Threat Intelligence platform recommendations | reddit.com/r/blueteamsec | 2021-11-02
If you haven’t yet, check out OpenCTI https://github.com/OpenCTI-Platform/opencti
Node.js rate limit requests by key with atomic increments in single process or distributed environment.Project mention: Trouble adding rate limiter to API route in Nextjs | reddit.com/r/node | 2021-07-31
I published this issue with my code: https://github.com/animir/node-rate-limiter-flexible/issues/124
Awesome Node.js Security resources
Do you think you are safe using private browsing or incognito mode?. :smile: :imp: This will prove that you're wrong.Project mention: GitHub - gautamkrishnar/nothing-private: Do you think you are safe using private browsing or incognito mode?. This will prove that you're wrong. | reddit.com/r/devopsish | 2021-10-24
Cloud Security Posture Management (CSPM)Project mention: Cloud Security Tools | reddit.com/r/cybersecurity | 2021-08-25
Mapping cloud security controls to compliance standards not possible in totality (e.g. cloud security tools on their own won't be able to see what's on an EC2 instance to see if you have PCI-DSS compliant ciphers enabled for SSH/HTTPS/etc.), but I'd recommend you take a look into github.com/aquasecurity/cloudsploit and github.com/nccgroup/ScoutSuite as starting points!
Approved Hardware Upgrade List
1 project | reddit.com/r/firewalla | 23 Jan 2022
An extension seems to have logged a bung of information, what should I do first?
1 project | reddit.com/r/firefox | 22 Jan 2022
The success of web browser Brave is a bad sign for Google – here’s why
1 project | news.ycombinator.com | 22 Jan 2022
5 Tips & Tricks in UniswapV2 Contracts for DeFi Developers
2 projects | dev.to | 22 Jan 2022
NFT Minting Process: Best Practice for dealing with metadata
1 project | reddit.com/r/ethdev | 20 Jan 2022
"Were you able to subpoena ProtonMail?"
1 project | reddit.com/r/ProtonMail | 20 Jan 2022
2022 Jan 10 Stickied 𝐇𝐄𝐋𝐏𝐃𝐄𝐒𝐊 thread - Boot problems? Power supply problems? Display problems? Networking problems? Need ideas? Get help with these and other questions! 𝑨𝑺𝑲 𝑯𝑬𝑹𝑬 𝑭𝑰𝑹𝑺𝑻
2 projects | reddit.com/r/raspberry_pi | 17 Jan 2022
Are you hiring? Post a new remote job listing for free.