Hacker News
- OWASP Juice Shop https://owasp.org/www-project-juice-shop/ 14 comments
- Open Source Foundation for Application Security https://owasp.org/ 6 comments
- Open Web Application Security Project https://www.owasp.org/index.php/Main_Page 2 comments
- OWASP Top Ten Web Vulnerabilities https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project 30 comments
- OWASP Cheat Sheet Series https://www.owasp.org/index.php/Cheat_Sheets 27 comments
- Top-10 Web Application Security Vulnerabilities (2007) http://www.owasp.org/index.php/Top_10_2007 10 comments
Lobsters
- KeyBox: Web-Based SSH Access and Key Management https://www.owasp.org/index.php/OWASP_KeyBox 3 comments devops , linux
- OWASP Top 10 CI/CD Security Risks project released https://owasp.org/blog/2022/11/10/top-10-cicd.html 6 comments netsec
- OWASP Top 10 CI/CD Security Risks project released https://owasp.org/blog/2022/11/10/top-10-cicd.html 16 comments programming
- First Job as Penetration Tester (entry-level) https://owasp.org/www-project-top-ten/ 18 comments pentesting
- Regex Denial of Service https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS 2 comments regex
- OWASP 2021: Top 10 Web Application Security Risks https://owasp.org/www-project-top-ten/ 3 comments coding
- Some thoughts on 2021 OWASP Top 10's Cryptographic Failures Section https://owasp.org/Top10/ 47 comments crypto
- Introduction to OWASP Top 10 2021 https://owasp.org/Top10/ 29 comments netsec
- What SAST tool do you use for React Native? https://owasp.org/www-community/Source_Code_Analysis_Tools 3 comments reactnative
- Attacking and Securing JWT (PDF) https://owasp.org/www-chapter-vancouver/assets/presentations/2020-01_attacking_and_securing_jwt.pdf 4 comments programming
- Static Application Security Testing (SAST) for Rust Lang https://www.owasp.org/index.php/Source_Code_Analysis_Tools 4 comments rust
- Jenkins: Parse HTML report and fail build based on criteria https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project 7 comments devops
- OWASP Vulnerable Web Applications Directory Project/Pages/VMs https://www.owasp.org/index.php/owasp_vulnerable_web_applications_directory_project/pages/vms 3 comments netsec
- Password hashing in node: bcrypt or argon2? https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet 6 comments javascript
- OWASP Top 10 - 2017 (pdf) https://www.owasp.org/images/7/72/owasp_top_10-2017_%28en%29.pdf.pdf 15 comments netsec
- Unable to access a WEBrick server from remote comptuer https://www.owasp.org/index.php/OWASP_iGoat_Project 9 comments ruby
- OWASP's Application Security Verification Standard 3.0 (pdf) https://www.owasp.org/images/6/67/owaspapplicationsecurityverificationstandard3.0.pdf 3 comments programming
- ZAP Scripting Competition https://www.owasp.org/index.php/2015-08-zap-scriptingcompetition 9 comments netsec
- [Java] I'm writing my first user authentication system. I see that "X Company had all their passwords stolen" all the time - How do I not be that guy? https://www.owasp.org/index.php/Java_Security_Frameworks 22 comments learnprogramming
- Authentication Cheat Sheet https://www.owasp.org/index.php/authentication_cheat_sheet 4 comments webdev
- SVG: The Image that called me https://www.owasp.org/images/0/03/mario_heiderich_owasp_sweden_the_image_that_called_me.pdf 53 comments programming
- What are some http headers everyone should know about and use? https://www.owasp.org/index.php/List_of_useful_HTTP_headers 16 comments webdev
- OWASP Correct Implementation? https://www.owasp.org/index.php/Hashing_Java#Hardening_against_the_attacker.27s_attack 3 comments crypto
- OWASP NINJA PingU - Not just a ping utility https://www.owasp.org/index.php/owasp_ninja_pingu_project 10 comments netsec
- The new OWASP STeBB for security testing websites https://www.owasp.org/index.php/owasp_stebb_project 5 comments netsec
- OWASP Vulnerable Web Applications Directory Project https://www.owasp.org/index.php/owasp_vulnerable_web_applications_directory_project#tab=main 6 comments netsec
- What can be done to promote security in web application development? https://www.owasp.org/ 6 comments webdev
- OWASP Top Ten for 2013 released https://www.owasp.org/index.php/top10 13 comments netsec
- Some helpful ways to prevent SQL injection. https://www.owasp.org/index.php/sql_injection_prevention_cheat_sheet 7 comments netsec
- Cheat Sheets for App Dev Security https://www.owasp.org/index.php/cheat_sheets 4 comments coding
- Very interesting webapp attack vector - HTTP Parameter Pollution [PDF] https://www.owasp.org/images/b/ba/appseceu09_carettonidipaola_v0.8.pdf 2 comments netsec
- OWASP Zed Attack Proxy (ZAP) - an open source web app pentest tool for both beginners and experts https://www.owasp.org/index.php/owasp_zed_attack_proxy_project 4 comments netsec
- XSS (Cross Site Scripting) Prevention Cheat Sheet http://www.owasp.org/index.php/xss_%28cross_site_scripting%29_prevention_cheat_sheet 5 comments netsec
- OWASP HTTP Post DoS Tool http://www.owasp.org/index.php/owasp_http_post_tool 12 comments netsec
- XSS (Cross Site Scripting) Prevention Cheat Sheet http://www.owasp.org/index.php/xss_%28cross_site_scripting%29_prevention_cheat_sheet 36 comments programming
Linking pages
- GitHub - sdmg15/Best-websites-a-programmer-should-visit: :link: Some useful websites for programmers. https://github.com/sdmg15/Best-websites-a-programmer-should-visit 331 comments
- Infrastructure overview https://mangadex.dev/mangadex-v5-infrastructure-overview/ 258 comments
- SHA-3 Buffer Overflow – Nicky Mouha https://mouha.be/sha-3-buffer-overflow/ 209 comments
- Amazon CodeWhisperer, Free for Individual Use, is Now Generally Available | AWS News Blog https://aws.amazon.com/blogs/aws/amazon-codewhisperer-free-for-individual-use-is-now-generally-available/ 172 comments
- 2.5.3 Programming and Source Code Standards | Internal Revenue Service https://www.irs.gov/irm/part2/irm_02-005-003 149 comments
- Capture the Flag 2.0 https://stripe.com/blog/capture-the-flag-20 114 comments
- Top 10 secure C++ coding practices - Incredibuild https://www.incredibuild.com/blog/top-10-secure-c-coding-practices 106 comments
- GitHub - owasp-change/owasp-change.github.io: An Open Letter to the OWASP Board https://github.com/owasp-change/owasp-change.github.io 45 comments
- Five Pentesting Tools and Techniques (That Every Sysadmin Should Know) | by Jeremy Trinka | Medium https://medium.com/@jeremy.trinka/five-pentesting-tools-and-techniques-that-sysadmins-should-know-about-4ceca1488bff 39 comments
- GitHub - mike-goodwin/owasp-threat-dragon-desktop: An installable desktop variant of OWASP Threat Dragon https://github.com/mike-goodwin/owasp-threat-dragon-desktop 30 comments
- GitHub - WebGoat/WebGoat: WebGoat is a deliberately insecure application https://github.com/WebGoat/WebGoat 29 comments
- Eliminating Visual Debt http://ocramius.github.io/blog/eliminating-visual-debt/ 27 comments
- GitHub - OWASP/Go-SCP: Go programming language secure coding practices guide https://github.com/Checkmarx/Go-SCP 26 comments
- A few thoughts about Uber's breach https://cendyne.dev/posts/2022-09-19-a-few-thoughts-about-ubers-breach.html 24 comments
- Password auth in Rust, from scratch - Attacks and best practices | Luca Palmieri https://www.lpalmieri.com/posts/password-authentication-in-rust/ 18 comments
- GitHub - OWASP/DevGuide: The OWASP Guide https://github.com/OWASP/DevGuide 13 comments
- Guide to User Data Security - FusionAuth https://fusionauth.io/resources/guide-to-user-data-security 12 comments
- How to Get Started Using Java Cryptography Securely | Veracode https://www.veracode.com/blog/research/how-get-started-using-java-cryptography-securely?amp%3Butm_campaign=buffer&%3Butm_content=buffer5e760&%3Butm_medium=social&%3Butm_source=twitter.com&sdf= 10 comments
- Top 6 Application Security Must Dos with Limited Resources https://blog.hackedu.io/top-6-application-security-must-dos-with-limited-resources/ 10 comments
- The Enchiridion of Impetus Exemplar https://shellsharks.com/threat-modeling 9 comments