Cybersecurity handbook
Image from needpix.com
π― Scopeβ
This digital handbook was crafted by the One Beyond team in order to provide a simple and easy security guide for newcomers.
This handbook was made based in our current stack (JS/Node.js/Docker..) and needs in our day to day activities...
π¦ Contentβ
πΊοΈ Roadmapβ
This handbook is under construction.
We have a new release in scope:
- Release v2.0.0 (Blue Box)
There are previous releases that are not available in the web version:
- Release v1.0.0 (Cap'n Crunch whistle)
The most critical sections will be covered in the v0.1.0. The rest of the sections will be finished for v1.0.0.
π¨ Importantβ
π Sectionsβ
1. OWASP Top 10β
The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications. OWASP Top 10
This section customized for our stack using/mixing/re-writing the following guides:
2. HTTP Headersβ
We simply adapted and extended the Official documentation from Helmet. We also included extra headers that are not present in the Helmet middleware
3. Notable Security Incidentsβ
A great collection of security incidents that happened in the Node.js, JavaScript and npm related communities from lirantal/awesome-nodejs-security and other resources.
4. Attacks explainedβ
5. Toolingβ
This section is a selection of relevant tools for cybersecurity, we extended several awesome lists in order to get the most complete list of tools.
6. Cheat Sheetsβ
We made a great list of useful cheatsheets to use in our day to day activities. We expect to create our own soon.
7. Resourcesβ
Great resources to learn more about cybersecurity for our stack.
8. Acknowledgments and creditsβ
This guide was only possible because a lot of people have made a huge effort to share their knowledge with the community. β€οΈ
π Contributingβ
π This Guide is open to contributions! π
Please follow the Code of Conduct and read the Contributing guide.