Open coreyshuman opened 6 years ago
@ryekerjh | @vperezma | @mwallert Most of these topics are difficult to split into client-side and server-side (the way the current folder structure is setup). Would you guys be interested in creating a top-level security folder to add these topics into?
I like that idea. Something like this? Security | --- client-side | ---- security topics | |
---|---|---|---|
--- server-side | |||
---- security topics |
Most of the topics look to be considerations done on the server-side. Client security concerns are much simpler: am I talking to the right server and am I using SSL, rarely would we even consider locally encrypting data.
I would be interested in grouping them by theme: Sanitization vs escaping in regards to query injection, XSS and form validation; Browser security settings; Penetration testing with the tools listed; Keeping (and passing) secrets with encryption and tokens; And a large overarching theme: DON'T TRUST THE CLIENT
Is this still being worked on?
@coreyshuman and/or @jecallaway What information should we add to bring security into the S&P repo. I would love your input on the matter!
I went ahead and had a discussion with @jecallaway today. Some of the highlights:
Im thinking to kick this off, we should at least have the https://owasp.org/ pages referenced in the Serverside security page.
@jecallaway Do you know if we have any SOWs/recommended tutorials on Kali Linux and the assorted tools?
Add documentation and resources from the application security class.
Topics:
Tools: