Category: Web Security

  • SSH secure shell links videos and resources

    SSH secure shell links videos and resources

    I had a nice article but somehow it got screwed to hell and back. I have no idea what I did. I will not rewrite it. This is now purely a list of resources. I really hate tinymce for this. You can’t just past text from the internet because it auto adds H4’s for some…

  • Forced password changes are not good security policy

    Forced password changes are not good security policy

    To combat this unintelligent BS I am now starting a list of idiots that do this. For so long I have read and heard that a GREAT security feature is to force your users to change passwords every so many days/months. Linux even has a built in feature for this. This is a really stupid…

  • AWS autoscaling links and resources

    AWS autoscaling lets you set up groups of EC2 instances which are controlled by a load balancer. The load balancer in turn makes sure your app has the correct number of EC2 instances running at all times. If your traffic is high it adds the maximum that you set. If traffic goes down it adjust…

  • How to permanently set Linux environmental variablees

    This is a giant subject. I’ll continue updating this article as I find and understand more about how Linux does all of this. Most articles show how to set them in the terminal, then when you close the terminal and try to use a variable it doesn’t exist leaving you confused. Well those posts are…

  • Docker resources

    Links, resources and videos about Docker in specific. Manage sensitive data with Docker secrets – information from the documentation about using docker secrets. Secrets are for managing things like database passwords and other passwords. Introducing docker secrets management – an article explaining what Docker secretes management is and it’s value.

  • Symfony doctrine database secret configuration links and resources.

    Storing secrets for Symfony applications – some ideas how to approach the topic

  • CORS cross origin resource sharing links and resources for developers

    CORS Cross origin resource sharing allows you to decide if a script from a domain other than your website/app can access data aka make AJAX calls etc. to your server. For your frontend API you probably want to limit the origin to just your domain. For a developer API you probably want to allow all…

  • Server and cloud security resources and links

    CSP Cheat Sheet – CSP content security policy is for setting server security policies for accessing your systems content/files etc. Configuring Play Framework Content Security Policy Headers –

  • Web App security resources

    Practical HTTP Host header attacks – Must read to understand how hackers use HTTP headers to hack websites. Link to OWASP cheatsheet  – a good cheat sheet Website security by MDN – covers some very basic information about website security such as SQL injection

  • Networking resources

    Listed are some resources about Networking concepts. I have many computers and devices and a large area to cover so I have multiple routers in play. Messing with so many devices and getting more into Arduino means I need to deepen my understanding of Networking concepts. This page lists resources I have found to be…