Skip to main content

Cybersecurity handbook

Cover image Image from needpix.com

🎯 Scope​

This digital handbook was crafted by the One Beyond team in order to provide a simple and easy security guide for newcomers.

This handbook was made based in our current stack (JS/Node.js/Docker..) and needs in our day to day activities...

πŸ“¦ Content​

πŸ—ΊοΈ Roadmap​

This handbook is under construction.

We have a new release in scope:

  • Release v2.0.0 (Blue Box)

There are previous releases that are not available in the web version:

The most critical sections will be covered in the v0.1.0. The rest of the sections will be finished for v1.0.0.

🚨 Important​

πŸ“š Sections​

1. OWASP Top 10​

The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications. OWASP Top 10

This section customized for our stack using/mixing/re-writing the following guides:

2. HTTP Headers​

We simply adapted and extended the Official documentation from Helmet. We also included extra headers that are not present in the Helmet middleware

3. Notable Security Incidents​

A great collection of security incidents that happened in the Node.js, JavaScript and npm related communities from lirantal/awesome-nodejs-security and other resources.

4. Attacks explained​

5. Tooling​

This section is a selection of relevant tools for cybersecurity, we extended several awesome lists in order to get the most complete list of tools.

6. Cheat Sheets​

We made a great list of useful cheatsheets to use in our day to day activities. We expect to create our own soon.

7. Resources​

Great resources to learn more about cybersecurity for our stack.

8. Acknowledgments and credits​

This guide was only possible because a lot of people have made a huge effort to share their knowledge with the community. ❀️

πŸš€ Contributing​

πŸŽ‰ This Guide is open to contributions! πŸŽ‰

Please follow the Code of Conduct and read the Contributing guide.