├── .github
    ├── CODEOWNERS
    ├── ISSUE_TEMPLATE
    │   ├── new_cheatsheet_proposal.md
    │   └── update_cheatsheet_proposal.md
    ├── pull_request_template.md
    └── workflows
    │   ├── build-and-deploy-website.yml
    │   ├── identify-old-issues-and-pr.yml
    │   ├── md-link-check.yml
    │   ├── md_lint_check.yml
    │   └── publishing-check.yml
├── .gitignore
├── .markdownlint.json
├── .textlintrc
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── CONTRIBUTOR-V1.md
├── Dockerfile
├── HelpGuide.md
├── Index.md
├── IndexASVS.md
├── IndexMASVS.md
├── IndexProactiveControls.md
├── IndexTopTen.md
├── LICENSE.md
├── Makefile
├── Preface.md
├── Project.code-workspace
├── README.md
├── assets
    ├── Abuse_Case_Cheat_Sheet_Overview.png
    ├── Abuse_Case_Cheat_Sheet_SchemaBundle.zip
    ├── Authorization_Testing_Automation_AutomationRendering.png
    ├── Bean_Validation_Cheat_Sheet_JSR.png
    ├── Bean_Validation_Cheat_Sheet_Typical.png
    ├── C-Based_Toolchain_Hardening_AdditionalPlatformLibraryMacrosTable.png
    ├── C-Based_Toolchain_Hardening_GCCCPPWarningOptionsTable.png
    ├── C-Based_Toolchain_Hardening_GCCCWarningOptionsTable.png
    ├── C-Based_Toolchain_Hardening_GCCObjectiveCWarningOptionsTable.png
    ├── C-Based_Toolchain_Hardening_VStudioWarningOptionsTable.png
    ├── C-Based_Toolchain_Hardening_Windows1.png
    ├── C-Based_Toolchain_Hardening_Windows2.png
    ├── C-Based_Toolchain_Hardening_XCode1.png
    ├── C-Based_Toolchain_Hardening_XCode2.png
    ├── Clickjacking_Defense_Cheat_Sheet_NestedFrames.png
    ├── Dec_pattern_HLD.png
    ├── Denial_of_Service_Cheat_Sheet_FlowDDOS.png
    ├── Deserialization_Cheat_Sheet_GOD16Deserialization.pdf
    ├── Embed_PDP_HLD.png
    ├── Error_Handling_Cheat_Sheet_Overview.png
    ├── Help_Nav.png
    ├── ID_propogation.png
    ├── Index_Bash.svg
    ├── Index_C.svg
    ├── Index_Coldfusion.svg
    ├── Index_Cpp.svg
    ├── Index_Csharp.svg
    ├── Index_Html.svg
    ├── Index_Java.svg
    ├── Index_Javascript.svg
    ├── Index_Json.svg
    ├── Index_Perl.svg
    ├── Index_Php.svg
    ├── Index_Python.svg
    ├── Index_Ruby.svg
    ├── Index_Shell.svg
    ├── Index_Sql.svg
    ├── Index_Vbnet.svg
    ├── Index_Xml.svg
    ├── Kubernetes_Architecture.png
    ├── Logging_Cheat_Sheet.drawio
    ├── Logging_Cheat_Sheet.drawio.png
    ├── NIST_ABAC.png
    ├── Netflix_AC.png
    ├── Netflix_ID_prop.png
    ├── Network_Segmentation_Cheat_Sheet_BACKEND.drawio
    ├── Network_Segmentation_Cheat_Sheet_BACKEND.drawio.png
    ├── Network_Segmentation_Cheat_Sheet_FRONTEND.drawio
    ├── Network_Segmentation_Cheat_Sheet_FRONTEND.drawio.png
    ├── Network_Segmentation_Cheat_Sheet_MIDDLEWARE.drawio
    ├── Network_Segmentation_Cheat_Sheet_MIDDLEWARE.drawio.png
    ├── Network_Segmentation_Cheat_Sheet_Monitoring.drawio
    ├── Network_Segmentation_Cheat_Sheet_Monitoring.drawio.png
    ├── Network_Segmentation_Cheat_Sheet_Schematic_symbols.drawio
    ├── Network_Segmentation_Cheat_Sheet_Schematic_symbols.drawio.png
    ├── Network_Segmentation_Cheat_Sheet_TIER_Example.drawio
    ├── Network_Segmentation_Cheat_Sheet_TIER_Example.drawio.png
    ├── Network_Segmentation_Cheat_Sheet_firewall_1.drawio
    ├── Network_Segmentation_Cheat_Sheet_firewall_1.drawio.png
    ├── Network_Segmentation_Cheat_Sheet_firewall_2.drawio
    ├── Network_Segmentation_Cheat_Sheet_firewall_2.drawio.png
    ├── Network_Segmentation_Cheat_Sheet_interservice.drawio
    ├── Network_Segmentation_Cheat_Sheet_interservice.drawio.png
    ├── Network_Segmentation_Cheat_Sheet_interservice_balancer.drawio
    ├── Network_Segmentation_Cheat_Sheet_interservice_balancer.drawio.png
    ├── Network_Segmentation_Cheat_Sheet_interservice_deny.drawio
    ├── Network_Segmentation_Cheat_Sheet_interservice_deny.drawio.png
    ├── Network_Segmentation_Cheat_Sheet_logs.drawio
    ├── Network_Segmentation_Cheat_Sheet_logs.drawio.png
    ├── Network_Segmentation_Cheat_Sheet_repo.drawio
    ├── Network_Segmentation_Cheat_Sheet_repo.drawio.png
    ├── OS_Command_Injection_Defense_Cheat_Sheet_CmdInjection.png
    ├── OWASP_Logo.svg
    ├── OWASP_Logo_Transp.png
    ├── Password_Storage_Cheat_Sheet_Test_PBKDF2_Iterations.java
    ├── Pinning_Cheat_Sheet_Certificate.png
    ├── Pinning_Cheat_Sheet_Certificate_DotNetSample.zip
    ├── Pinning_Cheat_Sheet_Certificate_OpenSSLSample.zip
    ├── Pinning_Cheat_Sheet_PublicKey.png
    ├── Pinning_Cheat_Sheet_RandomOrgDERDump.png
    ├── Preface_Cheatsheet_Header.png
    ├── Preface_Cheatsheet_Logo.png
    ├── README_FlagshipCombinedReviews.pdf
    ├── README_PluginWarningUI.png
    ├── REST_Security_Cheat_Sheet_Bypassing_VBAAC_with_HTTP_Verb_Tampering.pdf
    ├── Secure_Cloud_Architecture_Shared_Responsibility_Model.png
    ├── Secure_Cloud_Architecture_Trust_Boundaries_1.png
    ├── Secure_Cloud_Architecture_Trust_Boundaries_2.png
    ├── Secure_Cloud_Architecture_Trust_Boundaries_3.png
    ├── Secure_Cloud_Architecture_Trust_Boundaries_4.png
    ├── Secure_Cloud_Architecture_VPC.png
    ├── Server_Side_Request_Forgery_Prevention_Cheat_Sheet_Case1_NetworkLayer_PreventFlow.png
    ├── Server_Side_Request_Forgery_Prevention_Cheat_Sheet_Case1_NetworkLayer_PreventFlow.xml
    ├── Server_Side_Request_Forgery_Prevention_Cheat_Sheet_Orange_Tsai_Talk.pdf
    ├── Server_Side_Request_Forgery_Prevention_Cheat_Sheet_SSRF_Bible.pdf
    ├── Server_Side_Request_Forgery_Prevention_Cheat_Sheet_SSRF_Common_Flow.png
    ├── Session_Management_Cheat_Sheet_Diagram.png
    ├── Signed_ID_propogation.png
    ├── Single_PDP_HLD.png
    ├── TLS_Cipher_String_Cheat_Sheet_CipherTable01.png
    ├── TLS_Cipher_String_Cheat_Sheet_CipherTable02.png
    ├── Threat_Modeling_Cheat_Sheet_dfd.png
    ├── Token_validation.png
    ├── WebSite_Favicon.ico
    ├── WebSite_Favicon.png
    ├── XS_Attack_Vector.png
    ├── XS_Leaks_Cache_Attack.png
    ├── XS_Leaks_Frame_Counting.png
    ├── XS_Leaks_ID.png
    ├── XS_Leaks_Sec_Fetch_Dest.png
    ├── XS_Leaks_eTLD.png
    ├── cost-of-breach-2024.png
    └── ms_logging_pattern.png
├── book.json
├── cheatsheets
    ├── AJAX_Security_Cheat_Sheet.md
    ├── Abuse_Case_Cheat_Sheet.md
    ├── Access_Control_Cheat_Sheet.md
    ├── Attack_Surface_Analysis_Cheat_Sheet.md
    ├── Authentication_Cheat_Sheet.md
    ├── Authorization_Cheat_Sheet.md
    ├── Authorization_Testing_Automation_Cheat_Sheet.md
    ├── Automotive_Security.md
    ├── Bean_Validation_Cheat_Sheet.md
    ├── Browser_Extension_Vulnerabilities_Cheat_Sheet.md
    ├── C-Based_Toolchain_Hardening_Cheat_Sheet.md
    ├── CI_CD_Security_Cheat_Sheet.md
    ├── Choosing_and_Using_Security_Questions_Cheat_Sheet.md
    ├── Clickjacking_Defense_Cheat_Sheet.md
    ├── Content_Security_Policy_Cheat_Sheet.md
    ├── Cookie_Theft_Mitigation_Cheat_Sheet.md
    ├── Credential_Stuffing_Prevention_Cheat_Sheet.md
    ├── Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
    ├── Cross_Site_Scripting_Prevention_Cheat_Sheet.md
    ├── Cryptographic_Storage_Cheat_Sheet.md
    ├── DOM_Clobbering_Prevention_Cheat_Sheet.md
    ├── DOM_based_XSS_Prevention_Cheat_Sheet.md
    ├── Database_Security_Cheat_Sheet.md
    ├── Denial_of_Service_Cheat_Sheet.md
    ├── Deserialization_Cheat_Sheet.md
    ├── Django_REST_Framework_Cheat_Sheet.md
    ├── Django_Security_Cheat_Sheet.md
    ├── Docker_Security_Cheat_Sheet.md
    ├── DotNet_Security_Cheat_Sheet.md
    ├── Drone_Security_Cheat_Sheet.md
    ├── Error_Handling_Cheat_Sheet.md
    ├── File_Upload_Cheat_Sheet.md
    ├── Forgot_Password_Cheat_Sheet.md
    ├── GraphQL_Cheat_Sheet.md
    ├── HTML5_Security_Cheat_Sheet.md
    ├── HTTP_Headers_Cheat_Sheet.md
    ├── HTTP_Strict_Transport_Security_Cheat_Sheet.md
    ├── Infrastructure_as_Code_Security_Cheat_Sheet.md
    ├── Injection_Prevention_Cheat_Sheet.md
    ├── Injection_Prevention_in_Java_Cheat_Sheet.md
    ├── Input_Validation_Cheat_Sheet.md
    ├── Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet.md
    ├── JAAS_Cheat_Sheet.md
    ├── JSON_Web_Token_for_Java_Cheat_Sheet.md
    ├── Java_Security_Cheat_Sheet.md
    ├── Key_Management_Cheat_Sheet.md
    ├── Kubernetes_Security_Cheat_Sheet.md
    ├── LDAP_Injection_Prevention_Cheat_Sheet.md
    ├── LLM_Prompt_Injection_Prevention_Cheat_Sheet.md
    ├── Laravel_Cheat_Sheet.md
    ├── Legacy_Application_Management_Cheat_Sheet.md
    ├── Logging_Cheat_Sheet.md
    ├── Logging_Vocabulary_Cheat_Sheet.md
    ├── Mass_Assignment_Cheat_Sheet.md
    ├── Microservices_Security_Cheat_Sheet.md
    ├── Microservices_based_Security_Arch_Doc_Cheat_Sheet.md
    ├── Mobile_Application_Security_Cheat_Sheet.md
    ├── Multifactor_Authentication_Cheat_Sheet.md
    ├── NPM_Security_Cheat_Sheet.md
    ├── Network_Segmentation_Cheat_Sheet.md
    ├── NodeJS_Docker_Cheat_Sheet.md
    ├── Nodejs_Security_Cheat_Sheet.md
    ├── OAuth2_Cheat_Sheet.md
    ├── OS_Command_Injection_Defense_Cheat_Sheet.md
    ├── PHP_Configuration_Cheat_Sheet.md
    ├── Password_Storage_Cheat_Sheet.md
    ├── Pinning_Cheat_Sheet.md
    ├── Prototype_Pollution_Prevention_Cheat_Sheet.md
    ├── Query_Parameterization_Cheat_Sheet.md
    ├── REST_Assessment_Cheat_Sheet.md
    ├── REST_Security_Cheat_Sheet.md
    ├── Ruby_on_Rails_Cheat_Sheet.md
    ├── SAML_Security_Cheat_Sheet.md
    ├── SQL_Injection_Prevention_Cheat_Sheet.md
    ├── Secrets_Management_Cheat_Sheet.md
    ├── Secure_Cloud_Architecture_Cheat_Sheet.md
    ├── Secure_Product_Design_Cheat_Sheet.md
    ├── Securing_Cascading_Style_Sheets_Cheat_Sheet.md
    ├── Server_Side_Request_Forgery_Prevention_Cheat_Sheet.md
    ├── Session_Management_Cheat_Sheet.md
    ├── Software_Supply_Chain_Security_Cheat_Sheet.md
    ├── Symfony_Cheat_Sheet.md
    ├── TLS_Cipher_String_Cheat_Sheet.md
    ├── Third_Party_Javascript_Management_Cheat_Sheet.md
    ├── Threat_Modeling_Cheat_Sheet.md
    ├── Transaction_Authorization_Cheat_Sheet.md
    ├── Transport_Layer_Protection_Cheat_Sheet.md
    ├── Transport_Layer_Security_Cheat_Sheet.md
    ├── Unvalidated_Redirects_and_Forwards_Cheat_Sheet.md
    ├── User_Privacy_Protection_Cheat_Sheet.md
    ├── Virtual_Patching_Cheat_Sheet.md
    ├── Vulnerability_Disclosure_Cheat_Sheet.md
    ├── Vulnerable_Dependency_Management_Cheat_Sheet.md
    ├── Web_Service_Security_Cheat_Sheet.md
    ├── XML_External_Entity_Prevention_Cheat_Sheet.md
    ├── XML_Security_Cheat_Sheet.md
    ├── XSS_Filter_Evasion_Cheat_Sheet.md
    └── XS_Leaks_Cheat_Sheet.md
├── cheatsheets_draft
    ├── OAuth_Cheat_Sheet.md
    └── Webhook_Security_Guidelines_Cheat_Sheet.md
├── cheatsheets_excluded
    ├── .gitkeep
    ├── PL_SQL_Security_Cheat_Sheet.md
    ├── Secure_SDLC_Cheat_Sheet.md
    ├── Security_Testing_Cheat_Sheet.md
    ├── Web_Application_Security_Testing_Cheat_Sheet.md
    └── Web_Service_Security_Testing_Cheat_Sheet.md
├── exploit-protection-guard.png
├── markdown-link-check-config.json
├── mkdocs.yml
├── package.json
├── requirements.txt
├── scripts
    ├── 404.html
    ├── Apply_Link_Check.sh
    ├── Generate_CheatSheets_TOC.py
    ├── Generate_RSS_Feed.py
    ├── Generate_Site.sh
    ├── Generate_Site_mkDocs.sh
    ├── Generate_Technologies_JSON.py
    ├── Identify_Old_Issue_And_PR.py
    └── Update_CheatSheets_Index.py
└── templates
    └── New_CheatSheet.md


/.github/CODEOWNERS:
--------------------------------------------------------------------------------
 1 | # See [https://help.github.com/en/articles/about-code-owners](https://help.github.com/en/articles/about-code-owners)
 2 | 
 3 | ## These owners will be the default owners for everything in the repo
 4 | 
 5 | - @mackowski @jmanico @szh
 6 | 
 7 | ## Kevin W. Wall (kwwall)
 8 | 
 9 | /cheatsheets/Authentication_Cheat_Sheet.md @kwwall @mackowski @jmanico @szh
10 | /cheatsheets/Authorization_Cheat_Sheet.md @kwwall @mackowski @jmanico @szh
11 | /cheatsheets/C-Based_Toolchain_Hardening_Cheat_Sheet.md @kwwall @mackowski @jmanico @szh
12 | /cheatsheets/Choosing_and_Using_Security_Questions_Cheat_Sheet.md @kwwall @mackowski @jmanico @szh
13 | /cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md @kwwall @mackowski @jmanico @szh
14 | /cheatsheets/Clickjacking_Defense_Cheat_Sheet.md @kwwall @mackowski @jmanico @szh
15 | /cheatsheets/Cryptographic_Storage_Cheat_Sheet.md @kwwall @mackowski @jmanico @szh
16 | /cheatsheets/Deserialization_Cheat_Sheet.md @kwwall @mackowski @jmanico @szh
17 | /cheatsheets/Forgot_Password_Cheat_Sheet.md @kwwall @mackowski @jmanico @szh
18 | /cheatsheets/JAAS_Cheat_Sheet.md @kwwall @mackowski @jmanico @szh
19 | /cheatsheets/Key_Management_Cheat_Sheet.md @kwwall @mackowski @jmanico @szh
20 | /cheatsheets/Logging_Cheat_Sheet.md @kwwall @mackowski @jmanico @szh
21 | /cheatsheets/Mass_Assignment_Cheat_Sheet.md @kwwall @mackowski @jmanico @szh
22 | /cheatsheets/OS_Command_Injection_Defense_Cheat_Sheet.md @kwwall @mackowski @jmanico @szh
23 | /cheatsheets/Password_Storage_Cheat_Sheet.md @kwwall @mackowski @jmanico @szh
24 | /cheatsheets/Pinning_Cheat_Sheet.md @kwwall @mackowski @jmanico @szh
25 | /cheatsheets/Session_Management_Cheat_Sheet.md @kwwall @mackowski @jmanico @szh
26 | /cheatsheets/SAML_Security_Cheat_Sheet.md @kwwall @mackowski @jmanico @szh
27 | /cheatsheets/Secrets_Management_Cheat_Sheet.md @kwwall @mackowski @jmanico @szh
28 | /cheatsheets/TLS_Cipher_String_Cheat_Sheet.md @kwwall @mackowski @jmanico @szh
29 | 


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/new_cheatsheet_proposal.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: New Cheat Sheet Proposal
 3 | about: Used to create a proposal to add a new cheat sheet to the project.
 4 | title: 'New CS proposal: [PUT_TARGET_CS_NAME_HERE]'
 5 | labels: ACK_WAITING, HELP_WANTED, NEW_CS
 6 | assignees: ''
 7 | 
 8 | ---
 9 | 
10 | <!--- Please complete the sections below -->
11 | 
12 | ## What is the proposed Cheat Sheet about?
13 | <!--- A short summary of what the Cheat Sheet will be about -->
14 | 
15 | ## What security issues are commonly encountered related to this area?
16 | <!--- Common issues or vulnerabilities that would be addressed -->
17 | 
18 | ## What is the objective of the Cheat Sheet?
19 | <!--- What the Cheat Sheet will provide to the reader and wider community -->
20 | 
21 | ## What other resources exist in this area?
22 | <!--- Are there any other OWASP projects that cover this area? -->
23 | <!--- Would this content be better suited to the testing guide projects? -->
24 | <!--- What other third party guidelines or resources currently exist? -->
25 | 
26 | <!-- Thank you again for your contribution -->
27 | 


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/update_cheatsheet_proposal.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: Cheat Sheet Update
 3 | about: Used to create a proposal to update or refactor a existing cheat sheet.
 4 | title: 'Update: [PUT_TARGET_CS_NAME_HERE]'
 5 | labels: ACK_WAITING, UPDATE_CS, HELP_WANTED
 6 | assignees: ''
 7 | 
 8 | ---
 9 | 
10 | <!--- Please complete the sections below -->
11 | 
12 | ## What is missing or needs to be updated?
13 | <!--- Provide a description of the problem with the current Cheat Sheet -->
14 | 
15 | 
16 | 
17 | ## How should this be resolved?
18 | <!--- What changes should be made to the Cheat Sheet to address this? -->
19 | 
20 | 
21 | 
22 | <!-- Thank you again for your contribution -->
23 | 


--------------------------------------------------------------------------------
/.github/pull_request_template.md:
--------------------------------------------------------------------------------
 1 | # You're A Rockstar
 2 | 
 3 | Thank you for submitting a Pull Request (PR) to the Cheat Sheet Series.
 4 | 
 5 | > :triangular_flag_on_post: If your PR is related to grammar/typo mistakes, please double-check the file for other mistakes in order to fix all the issues in the current cheat sheet.
 6 | 
 7 | Please make sure that for your contribution:
 8 | 
 9 | - [ ] In case of a new Cheat Sheet, you have used the [Cheat Sheet template](https://github.com/OWASP/CheatSheetSeries/blob/master/templates/New_CheatSheet.md).
10 | - [ ] All the markdown files do not raise any validation policy violation, see the [policy](https://github.com/OWASP/CheatSheetSeries/actions?query=workflow%3A%22Markdown+Link+Check%22).
11 | - [ ] All the markdown files follow these [format rules](https://github.com/OWASP/CheatSheetSeries/blob/master/CONTRIBUTING.md#markdown).
12 | - [ ] All your assets are stored in the **assets** folder.
13 | - [ ] All the images used are in the **PNG** format.
14 | - [ ] Any references to websites have been formatted as `[TEXT](URL)`
15 | - [ ] You verified/tested the effectiveness of your contribution (e.g., the defensive code proposed is really an effective remediation? Please verify it works!).
16 | - [ ] The CI build of your PR pass, see the build status [here](https://github.com/OWASP/CheatSheetSeries/actions).
17 | 
18 | If your PR is related to an issue, please finish your PR text with the following line:
19 | 
20 | This PR fixes issue #`<REPLACE WITH ISSUE NUMBER>`.
21 | 
22 | Thank you again for your contribution :smiley:
23 | 


--------------------------------------------------------------------------------
/.github/workflows/build-and-deploy-website.yml:
--------------------------------------------------------------------------------
 1 | name: Build and deploy offline website
 2 | 
 3 | on:
 4 |   push:
 5 |     branches:
 6 |     - master
 7 | 
 8 | jobs:
 9 |   build:
10 |     name: Build offline website
11 |     runs-on: ubuntu-24.04
12 |     env:
13 |       CI: true
14 |       WORKFLOW_GOOGLE_ANALYTICS_KEY: ${{ secrets.GOOGLE_ANALYTICS_KEY }}
15 |     steps:
16 |     - name: Setup Action
17 |       uses: actions/checkout@v4
18 |     - name: Setup Node
19 |       uses: actions/setup-node@v4
20 |       with:
21 |         node-version: 20.x
22 |     - name: Setup Python
23 |       uses: actions/setup-python@v5
24 |       with:
25 |         python-version: '3.x'
26 |     - name: Install Python dependencies
27 |       run: make install-python-requirements
28 |     - name: Run build script
29 |       run: cd scripts && bash Generate_Site_mkDocs.sh
30 |     - name: List generated files
31 |       run: ls -al generated/site/
32 |     - name: Create bundle
33 |       run: cd generated && zip -r ../bundle.zip site
34 |     - name: Test bundle
35 |       run: zip -T bundle.zip
36 |     - name: Upload bundle as artifact
37 |       uses: actions/upload-artifact@v4
38 |       with:
39 |         name: Bundle
40 |         path: bundle.zip
41 |   deploy:
42 |     name: Deploy offline website
43 |     needs: build
44 |     runs-on: ubuntu-latest
45 |     env:
46 |       CI: true
47 |     steps:
48 |     - name: Setup Action
49 |       uses: actions/checkout@v4
50 |       with:
51 |         fetch-depth: 0 # fetch all branches
52 |     - name: Install dependencies
53 |       run: sudo apt-get install -y unzip zip
54 |     - name: Switch to offline website (gh-pages) branch
55 |       run: git checkout gh-pages
56 |     - name: Remove previous version website files
57 |       run: |
58 |         shopt -s extglob
59 |         rm -rdfv !("CNAME"|"robots.txt"|"_config.yml")
60 |     - name: Download new build from artifact
61 |       uses: actions/download-artifact@v4
62 |       with:
63 |         name: Bundle
64 |     - name: Display structure of downloaded files
65 |       run: ls -R
66 | #    - name: Replace bundle with new build
67 | #      run: |
68 | #        mv Bundle.zip bundle.zip
69 | #        rm -rf Bundle 1>/dev/null 2>&1
70 |     - name: Test new bundle
71 |       run: zip -T bundle.zip
72 |     - name: Extract new bundle
73 |       run: |
74 |         unzip bundle.zip
75 |         mv site/* .
76 |         upd=`date +"%Y-%m-%d at %T"`; echo "Website last update: $upd." > README.md
77 |         rm -rf site
78 |     - name: Commit changes to gh-pages
79 |       run: |
80 |         git config --global user.email "action@github.com"
81 |         git config --global user.name "GitHub Action"
82 |         git add --all .
83 |         git commit -a -m "Deploy the generated website via GitHub Actions"
84 |     - name: Publish the build to gh-pages
85 |       uses: ad-m/github-push-action@master
86 |       with:
87 |         github_token: ${{ secrets.GITHUB_TOKEN }}
88 |         branch: gh-pages
89 |     - name: Send update to Slack
90 |       uses: innocarpe/actions-slack@v1
91 |       with:
92 |         status: ${{ job.status }}
93 |         success_text: 'Offline website deployment: **success**'
94 |         failure_text: 'Offline website deployment: **fail**'
95 |         cancelled_text: 'Offline website deployment **cancelled**'
96 |       env:
97 |         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
98 |         SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
99 | 


--------------------------------------------------------------------------------
/.github/workflows/identify-old-issues-and-pr.yml:
--------------------------------------------------------------------------------
 1 | name: Identify old issues and PR
 2 | 
 3 | on:
 4 |   schedule:
 5 |     - cron: "0 0 * * 0"
 6 | 
 7 | jobs:
 8 |   build:
 9 |     name: Identify old issues and PR
10 |     runs-on: ubuntu-24.04
11 |     env:
12 |       CI: true
13 |     steps:
14 |     - name: Setup Action
15 |       uses: actions/checkout@v4
16 |     - name: SetUp python
17 |       uses: actions/setup-python@v5
18 |       with:
19 |         python-version: '3.x'
20 |     - name: Install python dependencies
21 |       run: pip install requests
22 |     - name: Set Permission
23 |       run: chmod +x scripts/Identify_Old_Issue_And_PR.py
24 |     - name: Run Script
25 |       run: python scripts/Identify_Old_Issue_And_PR.py ${{ secrets.SLACK_WEBHOOK }}
26 | 


--------------------------------------------------------------------------------
/.github/workflows/md-link-check.yml:
--------------------------------------------------------------------------------
 1 | name: Markdown Link Check
 2 | 
 3 | on:
 4 |   push:
 5 |   pull_request:
 6 |     branches:
 7 |     - master
 8 | 
 9 | jobs:
10 |   link-check:
11 |     runs-on: ubuntu-24.04
12 |     env:
13 |       CI: true
14 |     steps:
15 |     - name: Setup Action
16 |       uses: actions/checkout@v4
17 |     - name: Setup Node
18 |       uses: actions/setup-node@v4
19 |       with:
20 |         node-version: 20.x
21 |     - name: Install dependencies
22 |       run: npm install
23 |     - name: Run link check
24 |       run: npm run link-check
25 |     - name: Show broken links
26 |       if: failure()
27 |       run: |
28 |         cat log | awk -v RS="FILE:" 'match($0, /(\S*\.md).*\[✖\].*(\d*\slinks\schecked\.)(.*)/, arr ) { print "FILE:"arr[1] arr[3] > "brokenlinks"}'
29 |         rm -f err log
30 |         cat brokenlinks
31 |         links=`cat brokenlinks`
32 |         links="${links//'%'/'%25'}"
33 |         links="${links//$'\n'/'%0A'}"
34 |         links="${links//$'\r'/'%0D'}"
35 |         echo ::set-output name=links::**Following links are broken:** %0A$links
36 |     - name: Send comment to PR with broken links
37 |       if: failure() && github.event_name == 'pull_request'
38 |       uses: thollander/actions-comment-pull-request@main
39 |       with:
40 |         message: ${{ steps.brokenlinks.outputs.links }}
41 |         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
42 | 


--------------------------------------------------------------------------------
/.github/workflows/md_lint_check.yml:
--------------------------------------------------------------------------------
 1 | name: Markdown Lint Check
 2 | 
 3 | on:
 4 |   push:
 5 |   pull_request:
 6 |     branches:
 7 |     - master
 8 | 
 9 | jobs:
10 |   lint:
11 |     runs-on: ubuntu-24.04
12 |     env:
13 |       CI: true
14 |     steps:
15 |     - name: Setup Action
16 |       uses: actions/checkout@v4
17 |     - name: Setup Node
18 |       uses: actions/setup-node@v4
19 |       with:
20 |         node-version: 20.x
21 |     - name: Install dependencies
22 |       run: npm install
23 |     - name: Run linter
24 |       run: npm test
25 | 


--------------------------------------------------------------------------------
/.github/workflows/publishing-check.yml:
--------------------------------------------------------------------------------
 1 | name: Build website
 2 | 
 3 | on: [push, pull_request]
 4 | 
 5 | jobs:
 6 |   build:
 7 |     name: Build website
 8 |     runs-on: ubuntu-24.04
 9 |     env:
10 |       CI: true
11 |     steps:
12 |       - name: Clone repository
13 |         uses: actions/checkout@v4
14 |       - name: Set up Python 3
15 |         uses: actions/setup-python@v5
16 |         with:
17 |           python-version: '3.12'
18 |       - name: Install Python dependencies
19 |         run: make install-python-requirements
20 |       - name: Build website
21 |         run: (cd scripts && bash Generate_Site_mkDocs.sh)
22 |       - name: List generated files
23 |         run: ls -lah generated/site/
24 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | # VS Code Configuration File
 2 | .vscode
 3 | # Audit result files
 4 | *.out
 5 | # Website generation stuff
 6 | TOC.md
 7 | node_modules/
 8 | site/
 9 | generated/
10 | .DS_Store
11 | news.xml
12 | package-lock.json
13 | yarn.lock
14 | venv
15 | 


--------------------------------------------------------------------------------
/.markdownlint.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "default": true,
 3 |     "MD004": { "style": "dash"},
 4 |     "MD007": {"indent": 4},
 5 |     "MD013": false,
 6 |     "MD024": { "siblings_only": true},
 7 |     "MD029": false,
 8 |     "MD033": { "allowed_elements": [ "details" , "summary" ]},
 9 |     "MD040": false
10 | }
11 | 


--------------------------------------------------------------------------------
/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
 1 | # Contributor Covenant Code of Conduct
 2 | 
 3 | ## Our Pledge
 4 | 
 5 | In the interest of fostering an open and welcoming environment, we as
 6 | contributors and maintainers pledge to making participation in our project and
 7 | our community a harassment-free experience for everyone, regardless of age, body
 8 | size, disability, ethnicity, sex characteristics, gender identity and expression,
 9 | level of experience, education, socio-economic status, nationality, personal
10 | appearance, race, religion, or sexual identity and orientation.
11 | 
12 | ## Our Standards
13 | 
14 | Examples of behavior that contributes to creating a positive environment
15 | include:
16 | 
17 | - Using welcoming and inclusive language
18 | - Being respectful of differing viewpoints and experiences
19 | - Gracefully accepting constructive criticism
20 | - Focusing on what is best for the community
21 | - Showing empathy towards other community members
22 | 
23 | Examples of unacceptable behavior by participants include:
24 | 
25 | - The use of sexualized language or imagery and unwelcome sexual attention or
26 |  advances
27 | - Trolling, insulting/derogatory comments, and personal or political attacks
28 | - Public or private harassment
29 | - Publishing others' private information, such as a physical or electronic
30 |  address, without explicit permission
31 | - Other conduct which could reasonably be considered inappropriate in a
32 |  professional setting
33 | 
34 | ## Our Responsibilities
35 | 
36 | Project maintainers are responsible for clarifying the standards of acceptable
37 | behavior and are expected to take appropriate and fair corrective action in
38 | response to any instances of unacceptable behavior.
39 | 
40 | Project maintainers have the right and responsibility to remove, edit, or
41 | reject comments, commits, code, wiki edits, issues, and other contributions
42 | that are not aligned to this Code of Conduct, or to ban temporarily or
43 | permanently any contributor for other behaviors that they deem inappropriate,
44 | threatening, offensive, or harmful.
45 | 
46 | ## Scope
47 | 
48 | This Code of Conduct applies both within project spaces and in public spaces
49 | when an individual is representing the project or its community. Examples of
50 | representing a project or community include using an official project e-mail
51 | address, posting via an official social media account, or acting as an appointed
52 | representative at an online or offline event. Representation of a project may be
53 | further defined and clarified by project maintainers.
54 | 
55 | ## Enforcement
56 | 
57 | Instances of abusive, harassing, or otherwise unacceptable behavior may be
58 | reported by contacting the project team at [dominique.righetto@owasp.org](mailto:dominique.righetto@owasp.org) or [jim@owasp.org](mailto:jim@owasp.org).
59 | 
60 | All complaints will be reviewed and investigated and will result in a response that
61 | is deemed necessary and appropriate to the circumstances. The project team is
62 | obligated to maintain confidentiality with regard to the reporter of an incident.
63 | Further details of specific enforcement policies may be posted separately.
64 | 
65 | Project maintainers who do not follow or enforce the Code of Conduct in good
66 | faith may face temporary or permanent repercussions as determined by other
67 | members of the project's leadership.
68 | 
69 | ## Attribution
70 | 
71 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
72 | available at [https://www.contributor-covenant.org/version/1/4/code-of-conduct.html](https://www.contributor-covenant.org/version/1/4/code-of-conduct.html)
73 | 
74 | [homepage]: https://www.contributor-covenant.org
75 | 
76 | For answers to common questions about this code of conduct, see
77 | [https://www.contributor-covenant.org/faq](https://www.contributor-covenant.org/faq)
78 | 


--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM python:latest
 2 | WORKDIR /usr/src/app
 3 | 
 4 | COPY requirements.txt Makefile ./
 5 | RUN make install-python-requirements
 6 | 
 7 | COPY . .
 8 | RUN make generate-site
 9 | 
10 | EXPOSE 8000
11 | ENTRYPOINT ["make", "serve"]
12 | 


--------------------------------------------------------------------------------
/HelpGuide.md:
--------------------------------------------------------------------------------
 1 | # Cheat Sheet Help Guide
 2 | 
 3 | ## Introduction
 4 | 
 5 | Welcome to the Cheat Sheet Help Guide. This guide is designed to help you navigate the website and make the most of the features and resources offered. The cheat sheets are packed with valuable information, and we want to ensure you have all the tools you need to use them effectively.
 6 | 
 7 | ### What's Inside This Guide
 8 | 
 9 | 1. [Basic Navigation](#Basic-Navigation)
10 | 2. [Features](#Features)
11 | 3. [FAQ](#FAQ)
12 | 4. [Troubleshooting Guide](#Troubleshooting-Guide)
13 | 5. [Feedback and Support](#Feedback-and-Support)
14 | 
15 | ## Guides
16 | 
17 | ### Basic Navigation
18 | 
19 | Navigation is easy. Just click on any cheat sheet or cheat sheet series you wish to see on the left side of the site. These links won't go away as you navigate so click away without getting lost.
20 | ![Help_Nav](https://github.com/tylersnel/CheatSheetSeries/assets/67352917/020de84c-e18f-477a-acd4-889617666308)
21 | 
22 | ### Features
23 | 
24 | #### Search
25 | 
26 | Use the search bar located at the top of the page to search for certain cheat sheets and keywords in cheat sheets.
27 | ![Capture2](https://github.com/tylersnel/CheatSheetSeries/assets/67352917/5af0a995-ef96-42e3-90f6-e7cc8a18cfd1)
28 | 
29 | #### Dark Mode
30 | 
31 | If you prefer a darker theme, there is a dark mode option for the cheat sheets. Click the light/dark mode button, located next to the search bar, to switch between modes.
32 | 
33 | ![Dark_Mode](https://github.com/tylersnel/CheatSheetSeries/assets/67352917/ce753a58-c34e-4384-a726-e947d851e21f)
34 | 
35 | #### GitHub Repository
36 | 
37 | If you wish to visit the project's GitHub repository, click on the repository link next to the search bar.
38 | ![Repository_Link](https://github.com/tylersnel/CheatSheetSeries/assets/67352917/8582725d-941f-4d2d-b38d-7986e2659cc6)
39 | 
40 | ### FAQ
41 | 
42 | Here are some frequently asked questions (FAQs) for the OWASP Cheat Sheet Series:
43 | 
44 | #### General Information
45 | 
46 | **Q: What is the OWASP Cheat Sheet Series?**  
47 | A: The OWASP Cheat Sheet Series is a collection of concise, high-value informational articles on specific application security topics, created by various experts in the field.
48 | 
49 | **Q: Who creates the cheat sheets?**  
50 | A: The cheat sheets are created by application security professionals who have expertise in the specific topics covered. They are open source and anyone is welcome to contribute by submitting a pull request on the [GitHub repository](https://github.com/OWASP/CheatSheetSeries/).
51 | 
52 | **Q: What topics do the cheat sheets cover?**  
53 | A: The cheat sheets cover a wide range of application security topics, including but not limited to authentication, data validation, secure coding practices, and more.
54 | 
55 | #### Access and Usage
56 | 
57 | **Q: How can I access the cheat sheets?**  
58 | A: You can access the cheat sheets directly on the OWASP Cheat Sheet Series website. They are available for free to view and download.
59 | 
60 | **Q: Can I use the cheat sheets in my projects?**  
61 | A: Yes, the cheat sheets are designed to be practical resources that you can use in your projects to enhance security practices.
62 | 
63 | **Q: Are the cheat sheets regularly updated?**  
64 | A: Yes, the cheat sheets are periodically reviewed and updated to reflect the latest security practices and emerging threats.
65 | 
66 | #### Contributions and Community
67 | 
68 | **Q: Can I contribute to the cheat sheet series?**  
69 | A: Yes, contributions from the community are welcome. You can contribute by suggesting new topics, providing feedback, or updating existing cheat sheets. Create an issue or pull request on our [GitHub repository](https://github.com/OWASP/CheatSheetSeries/).
70 | 
71 | #### Licensing and Usage Rights
72 | 
73 | **Q: Under what license are the cheat sheets available?**  
74 | A: Creative Commons Attribution-Share Alike 4.0 International
75 | 
76 | **Q: Can I use the cheat sheets in my commercial projects?**  
77 | A: Yes, you can use the cheat sheets in commercial projects, provided you adhere to the terms of the open-source license under which they are released.
78 | 
79 | These FAQs should help users understand the purpose, usage, and contributions related to the OWASP Cheat Sheet Series website.
80 | 
81 | ### Troubleshooting Guide
82 | 
83 | - Refreshing the web page will fix most issues encountered. If the problem persists, close the browser, reopen the browser, and return to the cheat sheet website.
84 | - Clear your cache and cookies or try a different browser.
85 | - If the website is not loading, please check your internet connection.
86 | 
87 | ### Feedback and Support
88 | 
89 | - [admin@owasp.com](mailto:admin@owasp.com)
90 | - [https://owasp.org/slack/invite](https://owasp.org/slack/invite)
91 | 


--------------------------------------------------------------------------------
/IndexMASVS.md:
--------------------------------------------------------------------------------
  1 | # MASVS Index
  2 | 
  3 | ## Table of Contents
  4 | 
  5 | - [Objective](#objective)
  6 | - [MASVS-STORAGE](#masvs-storage)
  7 | - [MASVS-CRYPTO](#masvs-crypto)
  8 | - [MASVS-AUTH](#masvs-auth)
  9 | - [MASVS-NETWORK](#masvs-network)
 10 | - [MASVS-PLATFORM](#masvs-platform)
 11 | - [MASVS-CODE](#masvs-code)
 12 | - [MASVS-RESILIENCE](#masvs-resilience)
 13 | - [MASVS-PRIVACY](#masvs-privacy)
 14 | 
 15 | ## Objective
 16 | 
 17 | The objective of this index is to help OWASP [Mobile Application Security Verification Standard](https://github.com/OWASP/owasp-masvs) (MASVS) users clearly identify which cheat sheets are useful for each section during their usage of the MASVS.
 18 | 
 19 | This index is based on version [2.1.0](https://github.com/OWASP/owasp-masvs/releases/tag/v2.1.0) of the MASVS.
 20 | 
 21 | ## MASVS-STORAGE
 22 | 
 23 | [Password Storage Cheat Sheet](cheatsheets/Password_Storage_Cheat_Sheet.md)
 24 | 
 25 | [Logging Cheat Sheet](cheatsheets/Logging_Cheat_Sheet.md)
 26 | 
 27 | [Cryptographic Storage Cheat Sheet](cheatsheets/Cryptographic_Storage_Cheat_Sheet.md)
 28 | 
 29 | [Secrets Management Cheat Sheet](cheatsheets/Secrets_Management_Cheat_Sheet.md)
 30 | 
 31 | ## MASVS-CRYPTO
 32 | 
 33 | [Cryptographic Storage Cheat Sheet](cheatsheets/Cryptographic_Storage_Cheat_Sheet.md)
 34 | 
 35 | [Key Management Cheat Sheet](cheatsheets/Key_Management_Cheat_Sheet.md)
 36 | 
 37 | ## MASVS-AUTH
 38 | 
 39 | [Authentication Cheat Sheet](cheatsheets/Authentication_Cheat_Sheet.md)
 40 | 
 41 | [Authorization Cheat Sheet](cheatsheets/Authorization_Cheat_Sheet.md)
 42 | 
 43 | [Session Management Cheat Sheet](cheatsheets/Session_Management_Cheat_Sheet.md)
 44 | 
 45 | [Transaction Authorization Cheat Sheet](cheatsheets/Transaction_Authorization_Cheat_Sheet.md)
 46 | 
 47 | [Access Control Cheat Sheet](cheatsheets/Access_Control_Cheat_Sheet.md)
 48 | 
 49 | [JSON Web Token Cheat Sheet for Java](cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.md)
 50 | 
 51 | [Credential Stuffing Prevention Cheat Sheet](cheatsheets/Credential_Stuffing_Prevention_Cheat_Sheet.md)
 52 | 
 53 | ## MASVS-NETWORK
 54 | 
 55 | [Transport Layer Security Cheat Sheet](cheatsheets/Transport_Layer_Security_Cheat_Sheet.md)
 56 | 
 57 | [HTTP Strict Transport Security Cheat Sheet](cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.md)
 58 | 
 59 | [REST Security Cheat Sheet](cheatsheets/REST_Security_Cheat_Sheet.md)
 60 | 
 61 | [Web Service Security Cheat Sheet](cheatsheets/Web_Service_Security_Cheat_Sheet.md)
 62 | 
 63 | [Pinning Cheat Sheet](cheatsheets/Pinning_Cheat_Sheet.md)
 64 | 
 65 | ## MASVS-PLATFORM
 66 | 
 67 | [Attack Surface Analysis Cheat Sheet](cheatsheets/Attack_Surface_Analysis_Cheat_Sheet.md)
 68 | 
 69 | ## MASVS-CODE
 70 | 
 71 | [Vulnerable Dependency Management Cheat Sheet](cheatsheets/Vulnerable_Dependency_Management_Cheat_Sheet.md)
 72 | 
 73 | [Error Handling Cheat Sheet](cheatsheets/Error_Handling_Cheat_Sheet.md)
 74 | 
 75 | [Deserialization Cheat Sheet](cheatsheets/Deserialization_Cheat_Sheet.md)
 76 | 
 77 | [Logging Cheat Sheet](cheatsheets/Logging_Cheat_Sheet.md)
 78 | 
 79 | [Insecure Direct Object Reference Prevention Cheat Sheet](cheatsheets/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet.md)
 80 | 
 81 | [Input Validation Cheat Sheet](cheatsheets/Input_Validation_Cheat_Sheet.md)
 82 | 
 83 | [Injection Prevention Cheat Sheet](cheatsheets/Injection_Prevention_Cheat_Sheet.md)
 84 | 
 85 | [Injection Prevention Cheat Sheet in Java](cheatsheets/Injection_Prevention_in_Java_Cheat_Sheet.md)
 86 | 
 87 | [OS Command Injection Defense Cheat Sheet](cheatsheets/OS_Command_Injection_Defense_Cheat_Sheet.md)
 88 | 
 89 | [Query Parameterization Cheat Sheet](cheatsheets/Query_Parameterization_Cheat_Sheet.md)
 90 | 
 91 | [SQL Injection Prevention Cheat Sheet](cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.md)
 92 | 
 93 | [XXE Prevention Cheat Sheet](cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.md)
 94 | 
 95 | [XML Security Cheat Sheet](cheatsheets/XML_Security_Cheat_Sheet.md)
 96 | 
 97 | ## MASVS-RESILIENCE
 98 | 
 99 | [Threat Modeling Cheat Sheet](cheatsheets/Threat_Modeling_Cheat_Sheet.md)
100 | 
101 | [Abuse Case Cheat Sheet](cheatsheets/Abuse_Case_Cheat_Sheet.md)
102 | 
103 | [Attack Surface Analysis Cheat Sheet](cheatsheets/Attack_Surface_Analysis_Cheat_Sheet.md)
104 | 
105 | [Mobile Application Security Cheat Sheet](cheatsheets/Mobile_Application_Security_Cheat_Sheet.md)
106 | 
107 | ## MASVS-PRIVACY
108 | 
109 | [User Privacy Protection Cheat Sheet](cheatsheets/User_Privacy_Protection_Cheat_Sheet.md)
110 | 


--------------------------------------------------------------------------------
/IndexTopTen.md:
--------------------------------------------------------------------------------
 1 | # OWASP Top Ten 2021 : Related Cheat Sheets
 2 | 
 3 | The [OWASP Top Ten](https://owasp.org/www-project-top-ten/) is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.
 4 | 
 5 | This cheat sheet will help users of the [OWASP Top Ten](https://owasp.org/Top10/) identify which cheat sheets map to each security category. This mapping is based the [OWASP Top Ten 2021 version](https://owasp.org/Top10/#welcome-to-the-owasp-top-10-2021).
 6 | 
 7 | ## [A01:2021 – Broken Access Control](https://owasp.org/Top10/A01_2021-Broken_Access_Control/)
 8 | 
 9 | - [Authorization Cheat Sheet](cheatsheets/Authorization_Cheat_Sheet.md)
10 | - [Insecure Direct Object Reference Prevention Cheat Sheet](cheatsheets/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet.md)
11 | - [Transaction Authorization Cheat Sheet](cheatsheets/Transaction_Authorization_Cheat_Sheet.md)
12 | - [Cross-Site Request Forgery Prevention Cheat Sheet](cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md)
13 | 
14 | ## [A02:2021 – Cryptographic Failures](https://owasp.org/Top10/A02_2021-Cryptographic_Failures/)
15 | 
16 | - [Cryptographic Storage Cheat Sheet](cheatsheets/Cryptographic_Storage_Cheat_Sheet.md)
17 | - [Transport Layer Security Cheat Sheet](cheatsheets/Transport_Layer_Security_Cheat_Sheet.md)
18 | - [HTTP Strict Transport Security Cheat Sheet](cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.md)
19 | - [Secrets Management Cheat Sheet](cheatsheets/Secrets_Management_Cheat_Sheet.md)
20 | - [Key Management Cheat Sheet](cheatsheets/Key_Management_Cheat_Sheet.md)
21 | - [Pinning Cheat Sheet](cheatsheets/Pinning_Cheat_Sheet.md)
22 | 
23 | ## [A03:2021 – Injection](https://owasp.org/Top10/A03_2021-Injection/)
24 | 
25 | - [Injection Prevention Cheat Sheet](cheatsheets/Injection_Prevention_Cheat_Sheet.md)
26 | - [LDAP Injection Prevention Cheat Sheet](cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.md)
27 | - [OS Command Injection Defense Cheat Sheet](cheatsheets/OS_Command_Injection_Defense_Cheat_Sheet.md)
28 | - [Injection Prevention in Java Cheat Sheet](cheatsheets/Injection_Prevention_in_Java_Cheat_Sheet.md)
29 | - [SQL Injection Prevention Cheat Sheet](cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.md)
30 | - [Query Parameterization Cheat Sheet](cheatsheets/Query_Parameterization_Cheat_Sheet.md)
31 | - [Cross Site Scripting Prevention Cheat_Sheet](cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md)
32 | - [DOM based XSS Prevention Cheat Sheet](cheatsheets/DOM_based_XSS_Prevention_Cheat_Sheet.md)
33 | - [XSS Filter Evasion Cheat Sheet](cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.md)
34 | - [Content Security Policy Cheat Sheet](cheatsheets/Content_Security_Policy_Cheat_Sheet.md)
35 | 
36 | ## [A04:2021 – Insecure Design](https://owasp.org/Top10/A04_2021-Insecure_Design/)
37 | 
38 | - [Threat Modeling Cheat Sheet](cheatsheets/Threat_Modeling_Cheat_Sheet.md)
39 | - [Abuse Case Cheat Sheet](cheatsheets/Abuse_Case_Cheat_Sheet.md)
40 | - [Attack Surface Analysis Cheat Sheet](cheatsheets/Attack_Surface_Analysis_Cheat_Sheet.md)
41 | 
42 | ## [A05:2021 – Security Misconfiguration](https://owasp.org/Top10/A05_2021-Security_Misconfiguration/)
43 | 
44 | - [Infrastructure as Code Security Cheat Sheet](cheatsheets/Infrastructure_as_Code_Security_Cheat_Sheet.md)
45 | - [XML External Entity Prevention Cheat Sheet](cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.md)
46 | - [PHP Configuration Cheat Sheet](cheatsheets/PHP_Configuration_Cheat_Sheet.md)
47 | - [Docker Security Cheat Sheet](cheatsheets/Docker_Security_Cheat_Sheet.md)
48 | 
49 | ## [A06:2021 – Vulnerable and Outdated Components](https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/)
50 | 
51 | - [Vulnerable Dependency Management Cheat Sheet](cheatsheets/Vulnerable_Dependency_Management_Cheat_Sheet.md)
52 | - [Third Party JavaScript Management Cheat Sheet](cheatsheets/Third_Party_Javascript_Management_Cheat_Sheet.md)
53 | - [npm Security best practices](cheatsheets/NPM_Security_Cheat_Sheet.md)
54 | 
55 | ## [A07:2021 – Identification and Authentication Failures](https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/)
56 | 
57 | - [Authentication Cheat Sheet](cheatsheets/Authentication_Cheat_Sheet.md)
58 | - [Session Management Cheat Sheet](cheatsheets/Session_Management_Cheat_Sheet.md)
59 | - [Forgot Password Cheat Sheet](cheatsheets/Forgot_Password_Cheat_Sheet.md)
60 | - [Choosing and Using Security Questions Cheat Sheet](cheatsheets/Choosing_and_Using_Security_Questions_Cheat_Sheet.md)
61 | - [Credential Stuffing Prevention Cheat Sheet](cheatsheets/Credential_Stuffing_Prevention_Cheat_Sheet.md)
62 | - [Denial of Service Cheat Sheet](cheatsheets/Denial_of_Service_Cheat_Sheet.md)
63 | - [JSON Web Token for Java Cheat Sheet](cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.md)
64 | - [Multifactor Authentication Cheat Sheet](cheatsheets/Multifactor_Authentication_Cheat_Sheet.md)
65 | - [Password Storage Cheat Sheet](cheatsheets/Password_Storage_Cheat_Sheet.md)
66 | - [SAML Security Cheat Sheet](cheatsheets/SAML_Security_Cheat_Sheet.md)
67 | 
68 | ## [A08:2021 – Software and Data Integrity Failures](https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/)
69 | 
70 | - [Deserialization Cheat Sheet](cheatsheets/Deserialization_Cheat_Sheet.md)
71 | 
72 | ## [A09:2021 – Security Logging and Monitoring Failures](https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/)
73 | 
74 | - [Logging Cheat Sheet](cheatsheets/Logging_Cheat_Sheet.md)
75 | - [Application Logging Vocabulary Cheat Sheet](cheatsheets/Logging_Vocabulary_Cheat_Sheet.md)
76 | 
77 | ## [A10:2021 – Server-Side Request Forgery (SSRF)](https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/)
78 | 
79 | - [Server Side Request Forgery Prevention Cheat Sheet](cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.md)
80 | 
81 | ## [A11:2021 – Next Steps](https://owasp.org/Top10/A11_2021-Next_Steps/)
82 | 
83 | - [Denial of Service Cheat Sheet](cheatsheets/Denial_of_Service_Cheat_Sheet.md)
84 | 


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
 1 | .PHONY: help
 2 | .SILENT:
 3 | 
 4 | help:
 5 | 	@grep -E '^[a-zA-Z_-]+:.*?# .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?# "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
 6 | 
 7 | install-python-requirements:  # Install Python 3 required libraries
 8 | 	python -m pip install --user virtualenv; \
 9 | 	virtualenv venv; \
10 | 	source venv/bin/activate; \
11 | 	python -m pip install -r requirements.txt
12 | 
13 | generate-site: install-python-requirements # Use custom-script to generate the website
14 | 	source venv/bin/activate; \
15 | 	(cd scripts && bash Generate_Site_mkDocs.sh)
16 | 
17 | serve: # Start's a Python http.server on port 8000 serving the content of ./generated/site
18 | 	# venv not required here as it's simply html
19 | 	python -m http.server -d generated/site
20 | 
21 | clean: # Clean up ephemeral build directories from the repo
22 | 	rm -rf generated venv
23 | 


--------------------------------------------------------------------------------
/Preface.md:
--------------------------------------------------------------------------------
 1 | # ![OWASPHeader](assets/Preface_Cheatsheet_Header.png)
 2 | 
 3 | ![ProjectLogoOfficial](assets/Preface_Cheatsheet_Logo.png)
 4 | 
 5 | The **OWASP Cheat Sheet Series** was created to provide a concise collection of high value information on specific application security topics. These cheat sheets were created by various application security professionals who have expertise in specific topics.
 6 | 
 7 | We hope that this project provides you with excellent security guidance in an easy to read format. :smile:
 8 | 
 9 | You can download this site [here](bundle.zip).
10 | 
11 | An ATOM feed is available [here](News.xml) with the latest updates.
12 | 
13 | Project leaders:
14 | 
15 | - [Jim Manico](https://github.com/jmanico)
16 | - [Jakub Maćkowski](https://github.com/mackowski)
17 | - [Shlomo Zalman Heigh](https://github.com/szh)
18 | 
19 | Core team:
20 | 
21 | - [Kevin W. Wall](https://github.com/kwwall)
22 | 
23 | Project links:
24 | 
25 | - [Homepage](https://owasp.org/www-project-cheat-sheets/)
26 | - [GitHub repository](https://github.com/OWASP/CheatSheetSeries)
27 | - [How to contribute?](https://github.com/OWASP/CheatSheetSeries/blob/master/CONTRIBUTING.md)
28 | - [Logo](https://github.com/OWASP/owasp-swag/tree/master/projects/cheat-sheet-series)
29 | 


--------------------------------------------------------------------------------
/Project.code-workspace:
--------------------------------------------------------------------------------
1 | {
2 | 	"folders": [
3 | 		{
4 | 			"path": "."
5 | 		}
6 | 	],
7 | 	"settings": {}
8 | }


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Welcome to the OWASP Cheat Sheet Series
 2 | 
 3 | [![OWASP Flagship](https://img.shields.io/badge/owasp-flagship%20project-48A646.svg)](https://www.owasp.org/index.php/OWASP_Project_Inventory#tab=Flagship_Projects)
 4 | [![Creative Commons License](https://img.shields.io/github/license/OWASP/CheatSheetSeries)](https://creativecommons.org/licenses/by-sa/4.0/ "CC BY-SA 4.0")
 5 | 
 6 | Welcome to the official repository for the Open Worldwide Application Security Project® (OWASP) Cheat Sheet Series project. The project focuses on providing good security practices for builders in order to secure their applications.
 7 | 
 8 | In order to read the cheat sheets and **reference** them, use the project [official website](https://cheatsheetseries.owasp.org). The project details can be viewed on the [OWASP main website](https://owasp.org/www-project-cheat-sheets/) without the cheat sheets.
 9 | 
10 | :triangular_flag_on_post: Markdown files are the working sources and aren't intended to be referenced in any external documentation, books or websites.
11 | 
12 | ## Cheat Sheet Series Team
13 | 
14 | ### Project Leaders
15 | 
16 | - [Jim Manico](https://github.com/jmanico)
17 | - [Jakub Maćkowski](https://github.com/mackowski)
18 | - [Shlomo Zalman Heigh](https://github.com/szh)
19 | 
20 | ### Core team
21 | 
22 | - [Kevin W. Wall](https://github.com/kwwall)
23 | 
24 | ## Chat With Us
25 | 
26 | We're easy to find on Slack:
27 | 
28 | 1. Join the OWASP Group Slack with this [invitation link](https://owasp.org/slack/invite).
29 | 2. Join the [#cheatsheets channel](https://owasp.slack.com/messages/C073YNUQG).
30 | 
31 | Feel free to ask questions, suggest ideas, or share your best recipes.
32 | 
33 | ## Contributions, Feature Requests, and Feedback
34 | 
35 | We are actively inviting new contributors! To start, please read the [contribution guide](CONTRIBUTING.md).
36 | 
37 | This project is only possible thanks to the work of many dedicated volunteers. Everyone is encouraged to help in ways large and small. Here are a few ways you can help:
38 | 
39 | - Read the current content and help us fix any spelling mistakes or grammatical errors.
40 | - Choose an existing [issue](https://github.com/OWASP/CheatSheetSeries/issues) on GitHub and submit a pull request to fix it.
41 | - Open a new issue to report an opportunity for improvement.
42 | 
43 | ### Automated Build
44 | 
45 | This [link](https://cheatsheetseries.owasp.org/bundle.zip) allows you to download a build (ZIP archive) of the offline website.
46 | 
47 | ### Local Build [![pyVersion3x](https://img.shields.io/badge/python-3.x-blue.svg)](https://www.python.org/downloads/)
48 | 
49 | The OWASP Cheat Sheet Series website can be built and tested locally by issuing the following commands:
50 | 
51 | ```sh
52 | make install-python-requirements
53 | make generate-site
54 | make serve  # Binds port 8000
55 | ```
56 | 
57 | ### Container Build
58 | 
59 | The OWASP Cheat Sheet Series website can be built and tested locally inside a container by issuing the following commands:
60 | 
61 | #### Docker
62 | 
63 | ```sh
64 | docker build -t cheatsheetseries .
65 | docker run --name cheatsheetseries -p 8000:8000 cheatsheetseries
66 | ```
67 | 
68 | #### Podman
69 | 
70 | ```sh
71 | podman build -t cheatsheetseries .
72 | podman run --name cheatsheetseries -p 8000:8000 localhost/cheatsheetseries
73 | ```
74 | 
75 | ## Contributors
76 | 
77 | - **From 2014 to 2018:** [V1](CONTRIBUTOR-V1.md) - Initial version of the project hosted on the [OWASP WIKI](https://wiki.owasp.org).
78 | - **From 2019:** [V2](https://github.com/OWASP/CheatSheetSeries/graphs/contributors) - Hosted on [GitHub](https://github.com/OWASP/CheatSheetSeries).
79 | 
80 | ## Special thanks
81 | 
82 | A special thank you to the following people for their help provided during the migration:
83 | 
84 | - [Dominique Righetto](https://github.com/righettod): For his special leadership and guidance.
85 | - [Elie Saad](https://github.com/ThunderSon): For valuable help in updating the OWASP Wiki links for all the migrated cheat sheets and for years of leadership and other project support.
86 | - [Jakub Maćkowski](https://github.com/mackowski): For valuable help in updating the OWASP Wiki links for all the migrated cheat sheets.
87 | 
88 | Open Worldwide Application Security Project and OWASP are registered trademarks of the OWASP Foundation, Inc.
89 | 


--------------------------------------------------------------------------------
/assets/Abuse_Case_Cheat_Sheet_Overview.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Abuse_Case_Cheat_Sheet_Overview.png


--------------------------------------------------------------------------------
/assets/Abuse_Case_Cheat_Sheet_SchemaBundle.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Abuse_Case_Cheat_Sheet_SchemaBundle.zip


--------------------------------------------------------------------------------
/assets/Authorization_Testing_Automation_AutomationRendering.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Authorization_Testing_Automation_AutomationRendering.png


--------------------------------------------------------------------------------
/assets/Bean_Validation_Cheat_Sheet_JSR.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Bean_Validation_Cheat_Sheet_JSR.png


--------------------------------------------------------------------------------
/assets/Bean_Validation_Cheat_Sheet_Typical.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Bean_Validation_Cheat_Sheet_Typical.png


--------------------------------------------------------------------------------
/assets/C-Based_Toolchain_Hardening_AdditionalPlatformLibraryMacrosTable.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/C-Based_Toolchain_Hardening_AdditionalPlatformLibraryMacrosTable.png


--------------------------------------------------------------------------------
/assets/C-Based_Toolchain_Hardening_GCCCPPWarningOptionsTable.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/C-Based_Toolchain_Hardening_GCCCPPWarningOptionsTable.png


--------------------------------------------------------------------------------
/assets/C-Based_Toolchain_Hardening_GCCCWarningOptionsTable.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/C-Based_Toolchain_Hardening_GCCCWarningOptionsTable.png


--------------------------------------------------------------------------------
/assets/C-Based_Toolchain_Hardening_GCCObjectiveCWarningOptionsTable.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/C-Based_Toolchain_Hardening_GCCObjectiveCWarningOptionsTable.png


--------------------------------------------------------------------------------
/assets/C-Based_Toolchain_Hardening_VStudioWarningOptionsTable.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/C-Based_Toolchain_Hardening_VStudioWarningOptionsTable.png


--------------------------------------------------------------------------------
/assets/C-Based_Toolchain_Hardening_Windows1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/C-Based_Toolchain_Hardening_Windows1.png


--------------------------------------------------------------------------------
/assets/C-Based_Toolchain_Hardening_Windows2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/C-Based_Toolchain_Hardening_Windows2.png


--------------------------------------------------------------------------------
/assets/C-Based_Toolchain_Hardening_XCode1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/C-Based_Toolchain_Hardening_XCode1.png


--------------------------------------------------------------------------------
/assets/C-Based_Toolchain_Hardening_XCode2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/C-Based_Toolchain_Hardening_XCode2.png


--------------------------------------------------------------------------------
/assets/Clickjacking_Defense_Cheat_Sheet_NestedFrames.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Clickjacking_Defense_Cheat_Sheet_NestedFrames.png


--------------------------------------------------------------------------------
/assets/Dec_pattern_HLD.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Dec_pattern_HLD.png


--------------------------------------------------------------------------------
/assets/Denial_of_Service_Cheat_Sheet_FlowDDOS.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Denial_of_Service_Cheat_Sheet_FlowDDOS.png


--------------------------------------------------------------------------------
/assets/Deserialization_Cheat_Sheet_GOD16Deserialization.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Deserialization_Cheat_Sheet_GOD16Deserialization.pdf


--------------------------------------------------------------------------------
/assets/Embed_PDP_HLD.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Embed_PDP_HLD.png


--------------------------------------------------------------------------------
/assets/Error_Handling_Cheat_Sheet_Overview.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Error_Handling_Cheat_Sheet_Overview.png


--------------------------------------------------------------------------------
/assets/Help_Nav.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Help_Nav.png


--------------------------------------------------------------------------------
/assets/ID_propogation.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/ID_propogation.png


--------------------------------------------------------------------------------
/assets/Index_Bash.svg:
--------------------------------------------------------------------------------
1 | <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="32pt" height="32pt" version="1.1" viewBox="0 0 32 32"><g id="surface1"><path style="stroke:none;fill-rule:nonzero;fill:#fff;fill-opacity:1" d="M 28.070312 6.617188 L 17.96875 0.617188 C 16.761719 -0.101562 15.273438 -0.101562 14.070312 0.617188 L 3.96875 6.617188 C 2.761719 7.332031 2.019531 8.65625 2.019531 10.085938 L 2.019531 22.082031 C 2.019531 23.511719 2.761719 24.835938 3.96875 25.550781 L 14.070312 31.542969 C 14.667969 31.898438 15.34375 32.082031 16.019531 32.082031 C 16.695312 32.082031 17.363281 31.898438 17.96875 31.542969 L 28.070312 25.550781 C 29.273438 24.832031 30.019531 23.511719 30.019531 22.082031 L 30.019531 10.085938 C 30.019531 8.65625 29.273438 7.332031 28.070312 6.617188 Z M 28.070312 6.617188"/><path style="stroke:none;fill-rule:nonzero;fill:#283037;fill-opacity:1" d="M 28.070312 6.617188 L 17.96875 0.617188 C 17.367188 0.261719 16.695312 0.0820312 16.019531 0.0820312 C 15.34375 0.0820312 14.675781 0.261719 14.070312 0.617188 L 3.96875 6.617188 C 2.761719 7.332031 2.019531 8.65625 2.019531 10.085938 L 2.019531 22.082031 C 2.019531 23.511719 2.761719 24.835938 3.96875 25.550781 L 14.070312 31.542969 C 14.667969 31.898438 15.34375 32.082031 16.019531 32.082031 C 16.695312 32.082031 17.363281 31.898438 17.96875 31.542969 L 28.070312 25.550781 C 29.273438 24.832031 30.019531 23.511719 30.019531 22.082031 L 30.019531 10.085938 C 30.019531 8.65625 29.273438 7.332031 28.070312 6.617188 Z M 14.425781 30.929688 L 4.324219 24.9375 C 3.335938 24.351562 2.726562 23.257812 2.726562 22.082031 L 2.726562 10.085938 C 2.726562 8.914062 3.335938 7.820312 4.324219 7.230469 L 14.425781 1.238281 C 14.914062 0.949219 15.460938 0.800781 16.019531 0.800781 C 16.574219 0.800781 17.132812 0.949219 17.613281 1.238281 L 27.710938 7.230469 C 28.542969 7.726562 29.105469 8.582031 29.261719 9.542969 C 28.925781 8.832031 28.175781 8.632812 27.292969 9.148438 L 17.738281 15.054688 C 16.542969 15.75 15.667969 16.539062 15.667969 17.96875 L 15.667969 29.742188 C 15.667969 30.605469 16.011719 31.164062 16.550781 31.324219 C 16.375 31.355469 16.199219 31.375 16.019531 31.375 C 15.460938 31.367188 14.90625 31.21875 14.425781 30.929688 Z M 14.425781 30.929688"/><path style="stroke:none;fill-rule:nonzero;fill:#4da825;fill-opacity:1" d="M 25.425781 23.238281 L 22.90625 24.742188 C 22.835938 24.78125 22.789062 24.824219 22.789062 24.90625 L 22.789062 25.5625 C 22.789062 25.644531 22.84375 25.675781 22.90625 25.636719 L 25.460938 24.085938 C 25.53125 24.050781 25.539062 23.976562 25.539062 23.894531 L 25.539062 23.3125 C 25.542969 23.230469 25.488281 23.199219 25.425781 23.238281 Z M 25.425781 23.238281"/><path style="stroke:none;fill-rule:nonzero;fill:#fff;fill-opacity:1" d="M 20.070312 17.699219 C 20.148438 17.65625 20.21875 17.710938 20.21875 17.820312 L 20.226562 18.6875 C 20.585938 18.542969 20.90625 18.507812 21.195312 18.570312 C 21.257812 18.585938 21.28125 18.667969 21.257812 18.769531 L 21.0625 19.539062 C 21.050781 19.59375 21.011719 19.65625 20.976562 19.695312 C 20.957031 19.710938 20.945312 19.726562 20.925781 19.730469 C 20.898438 19.742188 20.875 19.75 20.851562 19.742188 C 20.71875 19.710938 20.40625 19.644531 19.917969 19.894531 C 19.40625 20.15625 19.226562 20.601562 19.230469 20.929688 C 19.238281 21.324219 19.4375 21.449219 20.136719 21.457031 C 21.070312 21.46875 21.476562 21.882812 21.480469 22.820312 C 21.492188 23.742188 21 24.730469 20.242188 25.34375 L 20.261719 26.207031 C 20.261719 26.3125 20.195312 26.429688 20.113281 26.46875 L 19.601562 26.761719 C 19.519531 26.804688 19.449219 26.757812 19.449219 26.648438 L 19.445312 25.800781 C 19.007812 25.980469 18.5625 26.023438 18.28125 25.914062 C 18.226562 25.894531 18.207031 25.8125 18.226562 25.726562 L 18.414062 24.945312 C 18.425781 24.882812 18.460938 24.820312 18.507812 24.78125 C 18.523438 24.769531 18.539062 24.757812 18.554688 24.742188 C 18.585938 24.730469 18.613281 24.726562 18.636719 24.738281 C 18.945312 24.835938 19.332031 24.792969 19.707031 24.601562 C 20.179688 24.355469 20.5 23.875 20.492188 23.386719 C 20.488281 22.949219 20.25 22.769531 19.675781 22.761719 C 18.945312 22.761719 18.257812 22.617188 18.242188 21.539062 C 18.238281 20.648438 18.699219 19.726562 19.429688 19.136719 L 19.425781 18.269531 C 19.425781 18.164062 19.488281 18.042969 19.574219 18 Z M 20.070312 17.699219"/></g></svg>


--------------------------------------------------------------------------------
/assets/Index_C.svg:
--------------------------------------------------------------------------------
1 | <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="32pt" height="32pt" version="1.1" viewBox="0 0 32 32"><g id="surface1"><path style="stroke:none;fill-rule:nonzero;fill:#a9b9cb;fill-opacity:1" d="M 26.378906 11.1875 C 26.378906 10.796875 26.296875 10.445312 26.125 10.152344 C 25.957031 9.855469 25.707031 9.613281 25.375 9.421875 C 22.609375 7.828125 19.847656 6.234375 17.082031 4.640625 C 16.339844 4.210938 15.617188 4.222656 14.875 4.660156 C 13.773438 5.304688 8.261719 8.46875 6.625 9.421875 C 5.945312 9.8125 5.621094 10.414062 5.621094 11.195312 C 5.621094 14.398438 5.621094 17.613281 5.621094 20.820312 C 5.621094 21.203125 5.703125 21.542969 5.863281 21.835938 C 6.027344 22.136719 6.285156 22.394531 6.625 22.59375 C 8.269531 23.546875 13.773438 26.699219 14.875 27.355469 C 15.617188 27.789062 16.332031 27.808594 17.082031 27.371094 C 19.847656 25.773438 22.609375 24.1875 25.375 22.59375 C 25.722656 22.394531 25.972656 22.144531 26.136719 21.835938 C 26.296875 21.542969 26.378906 21.203125 26.378906 20.820312 C 26.378906 20.8125 26.378906 14.394531 26.378906 11.1875"/><path style="stroke:none;fill-rule:nonzero;fill:#7f8b99;fill-opacity:1" d="M 17.0625 4.652344 C 16.320312 4.222656 15.597656 4.238281 14.859375 4.671875 C 13.761719 5.320312 8.261719 8.472656 6.625 9.421875 C 5.953125 9.8125 5.621094 10.40625 5.621094 11.1875 C 5.621094 14.386719 5.621094 17.585938 5.621094 20.789062 C 5.621094 21.171875 5.703125 21.511719 5.863281 21.804688 C 6.027344 22.105469 6.285156 22.355469 6.625 22.554688 C 7 22.769531 7.578125 23.105469 8.257812 23.496094 L 23.429688 8.320312 C 21.304688 7.105469 19.1875 5.882812 17.0625 4.652344"/><path style="stroke:none;fill-rule:nonzero;fill:#fff;fill-opacity:1" d="M 18.144531 14.535156 L 21.375 14.558594 C 21.375 13.214844 20.011719 9.914062 16.109375 9.914062 C 13.621094 9.914062 10.273438 11.496094 10.273438 16.042969 C 10.273438 20.59375 13.554688 22.078125 16.109375 22.078125 C 20.25 22.078125 21.234375 19.21875 21.234375 17.601562 L 18.152344 17.421875 C 18.152344 17.421875 18.234375 19.289062 16.089844 19.289062 C 14.113281 19.289062 13.777344 16.863281 13.777344 16.042969 C 13.777344 14.789062 14.226562 12.78125 16.089844 12.78125 C 17.953125 12.789062 18.144531 14.535156 18.144531 14.535156"/></g></svg>


--------------------------------------------------------------------------------
/assets/Index_Coldfusion.svg:
--------------------------------------------------------------------------------
1 | <svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" version="1.1" viewBox="0 0 56 54"><defs><style>.cls-1{fill:#002258}.cls-2{fill:#7badff}</style></defs><g><g data-name="Outline no shadow copy 3" transform="translate(-3.9998,-2)"><rect width="56" height="54" x="4" y="2" class="cls-1" rx="9.914" ry="9.914"/></g></g><g data-name="Outlined Mnemonics &amp; Logos"><path d="m34.701 35.377v3.811a0.48846 0.48846 0 0 1-0.29639 0.51807 9.9532 9.9532 0 0 1-2.2383 0.49951 23.829 23.829 0 0 1-2.9048 0.1665 16.359 16.359 0 0 1-4.0884-0.49951 12.094 12.094 0 0 1-3.5337-1.5171 10.783 10.783 0 0 1-2.7378-2.4976 11.063 11.063 0 0 1-1.7759-3.4409 14.493 14.493 0 0 1-0.62891-4.44 12.933 12.933 0 0 1 1.6279-6.5676 11.223 11.223 0 0 1 4.625-4.4031 15.181 15.181 0 0 1 7.1406-1.5725 23.368 23.368 0 0 1 2.8677 0.1482 8.6057 8.6057 0 0 1 1.9429 0.44384 0.47678 0.47678 0 0 1 0.18457 0.44409v4.0701c0 0.22193-0.08692 0.2959-0.25879 0.22193a8.0023 8.0023 0 0 0-2.1831-0.64746 16.975 16.975 0 0 0-2.7007-0.20362 8.5477 8.5477 0 0 0-4.2554 0.999 6.9255 6.9255 0 0 0-2.7378 2.7566 8.5398 8.5398 0 0 0-0.96191 4.1624 8.9989 8.9989 0 0 0 0.4624 3.0342 7.2031 7.2031 0 0 0 1.2764 2.2568 6.327 6.327 0 0 0 1.8501 1.5171 9.1202 9.1202 0 0 0 2.2012 0.83252 9.8108 9.8108 0 0 0 2.2759 0.27758 24.964 24.964 0 0 0 2.4976-0.11108 9.0565 9.0565 0 0 0 2.0532-0.44409q0.14721-0.111 0.22217-0.05542a0.29553 0.29553 0 0 1 0.07422 0.24054z" class="cls-2" transform="translate(-3.9998,-2)"/><path d="m38.808 25.905h-2.2202c-0.17286-0.02441-0.25928-0.11108-0.25928-0.259v-3.774a0.22919 0.22919 0 0 1 0.25928-0.259h2.2202v-0.592a13.001 13.001 0 0 1 0.18457-2.3125 7.3354 7.3354 0 0 1 0.59229-1.8686 6.421 6.421 0 0 1 2.1089-2.479 6.185 6.185 0 0 1 3.626-0.96191 9.4668 9.4668 0 0 1 1.0732 0.05542 3.3282 3.3282 0 0 1 0.85059 0.20361 0.38055 0.38055 0 0 1 0.25928 0.36988v3.6631q0 0.25927-0.29639 0.18506a3.9656 3.9656 0 0 0-0.55469-0.03711h-0.55469a2.5061 2.5061 0 0 0-1.166 0.259 1.5838 1.5838 0 0 0-0.73975 0.86963 4.5923 4.5923 0 0 0-0.24072 1.6465v0.999h3.1084c0.14746 0 0.24023 0.02466 0.27734 0.074a0.36848 0.36848 0 0 1 0.05567 0.22192v3.7371q0 0.25928-0.333 0.259h-3.1084v13.764a0.49676 0.49676 0 0 1-0.05518 0.22192c-0.03711 0.074-0.12939 0.11109-0.27783 0.11109h-4.5137c-0.19775 0-0.2959-0.11109-0.2959-0.333z" class="cls-2" transform="translate(-3.9998,-2)"/></g></svg>


--------------------------------------------------------------------------------
/assets/Index_Cpp.svg:
--------------------------------------------------------------------------------
1 | <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="32pt" height="32pt" version="1.1" viewBox="0 0 32 32"><g id="surface1"><path style="stroke:none;fill-rule:nonzero;fill:#5c8dbc;fill-opacity:1" d="M 26.394531 11.1875 C 26.394531 10.796875 26.308594 10.445312 26.136719 10.152344 C 25.972656 9.855469 25.722656 9.613281 25.390625 9.421875 C 22.625 7.828125 19.851562 6.234375 17.089844 4.640625 C 16.339844 4.210938 15.621094 4.222656 14.878906 4.660156 C 13.777344 5.304688 8.261719 8.46875 6.625 9.421875 C 5.945312 9.8125 5.621094 10.414062 5.621094 11.195312 C 5.621094 14.398438 5.621094 17.613281 5.621094 20.820312 C 5.621094 21.203125 5.703125 21.542969 5.863281 21.835938 C 6.027344 22.136719 6.285156 22.394531 6.625 22.59375 C 8.269531 23.546875 13.777344 26.699219 14.878906 27.355469 C 15.621094 27.789062 16.34375 27.808594 17.089844 27.371094 C 19.851562 25.773438 22.625 24.1875 25.390625 22.59375 C 25.734375 22.394531 25.984375 22.144531 26.152344 21.835938 C 26.308594 21.542969 26.394531 21.203125 26.394531 20.820312 C 26.394531 20.8125 26.394531 14.394531 26.394531 11.1875"/><path style="stroke:none;fill-rule:nonzero;fill:#1a4674;fill-opacity:1" d="M 16.03125 15.96875 L 5.847656 21.832031 C 6.015625 22.132812 6.273438 22.386719 6.609375 22.585938 C 8.257812 23.539062 13.765625 26.695312 14.867188 27.347656 C 15.609375 27.78125 16.332031 27.800781 17.074219 27.367188 C 19.839844 25.765625 22.609375 24.179688 25.375 22.585938 C 25.722656 22.386719 25.972656 22.136719 26.136719 21.832031 L 16.03125 15.96875"/><path style="stroke:none;fill-rule:nonzero;fill:#1a4674;fill-opacity:1" d="M 13.019531 17.703125 C 13.613281 18.738281 14.726562 19.4375 16 19.4375 C 17.285156 19.4375 18.40625 18.734375 18.996094 17.683594 L 16.03125 15.96875 L 13.019531 17.703125"/><path style="stroke:none;fill-rule:nonzero;fill:#1b598e;fill-opacity:1" d="M 26.394531 11.1875 C 26.394531 10.796875 26.308594 10.445312 26.136719 10.152344 L 16.03125 15.96875 L 26.152344 21.832031 C 26.308594 21.535156 26.394531 21.195312 26.394531 20.8125 C 26.394531 20.8125 26.394531 14.394531 26.394531 11.1875"/><path style="stroke:none;fill-rule:nonzero;fill:#fff;fill-opacity:1" d="M 25.835938 16.390625 L 25.042969 16.390625 L 25.042969 17.175781 L 24.257812 17.175781 L 24.257812 16.390625 L 23.460938 16.390625 L 23.460938 15.597656 L 24.257812 15.597656 L 24.257812 14.808594 L 25.042969 14.808594 L 25.042969 15.597656 L 25.835938 15.597656 L 25.835938 16.390625"/><path style="stroke:none;fill-rule:nonzero;fill:#fff;fill-opacity:1" d="M 22.949219 16.390625 L 22.15625 16.390625 L 22.15625 17.175781 L 21.371094 17.175781 L 21.371094 16.390625 L 20.574219 16.390625 L 20.574219 15.597656 L 21.371094 15.597656 L 21.371094 14.808594 L 22.15625 14.808594 L 22.15625 15.597656 L 22.949219 15.597656 L 22.949219 16.390625"/><path style="stroke:none;fill-rule:nonzero;fill:#fff;fill-opacity:1" d="M 18.996094 17.683594 C 18.40625 18.726562 17.285156 19.4375 16 19.4375 C 14.71875 19.4375 13.605469 18.738281 13.019531 17.703125 C 12.730469 17.195312 12.5625 16.621094 12.5625 16 C 12.5625 14.097656 14.097656 12.5625 16 12.5625 C 17.265625 12.5625 18.375 13.253906 18.96875 14.277344 L 21.972656 12.550781 C 20.773438 10.488281 18.546875 9.101562 15.992188 9.101562 C 12.179688 9.101562 9.09375 12.191406 9.09375 16 C 9.09375 17.246094 9.425781 18.425781 10.007812 19.4375 C 11.199219 21.503906 13.441406 22.898438 16 22.898438 C 18.566406 22.898438 20.804688 21.496094 21.996094 19.417969 L 18.996094 17.683594"/></g></svg>


--------------------------------------------------------------------------------
/assets/Index_Csharp.svg:
--------------------------------------------------------------------------------
1 | <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="32pt" height="32pt" version="1.1" viewBox="0 0 32 32"><g id="surface1"><path style="stroke:none;fill-rule:nonzero;fill:#9a4993;fill-opacity:1" d="M 26.394531 11.1875 C 26.394531 10.796875 26.308594 10.445312 26.136719 10.152344 C 25.972656 9.855469 25.722656 9.613281 25.390625 9.421875 C 22.625 7.828125 19.851562 6.234375 17.089844 4.640625 C 16.339844 4.210938 15.621094 4.222656 14.878906 4.660156 C 13.777344 5.304688 8.261719 8.46875 6.625 9.421875 C 5.945312 9.8125 5.621094 10.414062 5.621094 11.195312 C 5.621094 14.398438 5.621094 17.613281 5.621094 20.820312 C 5.621094 21.203125 5.703125 21.542969 5.863281 21.835938 C 6.027344 22.136719 6.285156 22.394531 6.625 22.59375 C 8.269531 23.546875 13.777344 26.699219 14.878906 27.355469 C 15.621094 27.789062 16.34375 27.808594 17.089844 27.371094 C 19.851562 25.773438 22.625 24.1875 25.390625 22.59375 C 25.734375 22.394531 25.984375 22.144531 26.152344 21.835938 C 26.308594 21.542969 26.394531 21.203125 26.394531 20.820312 C 26.394531 20.8125 26.394531 14.394531 26.394531 11.1875"/><path style="stroke:none;fill-rule:nonzero;fill:#6a1577;fill-opacity:1" d="M 16.03125 15.96875 L 5.847656 21.832031 C 6.015625 22.132812 6.273438 22.386719 6.609375 22.585938 C 8.257812 23.539062 13.765625 26.695312 14.867188 27.347656 C 15.609375 27.78125 16.332031 27.800781 17.074219 27.367188 C 19.839844 25.765625 22.609375 24.179688 25.375 22.585938 C 25.722656 22.386719 25.972656 22.136719 26.136719 21.832031 L 16.03125 15.96875"/><path style="stroke:none;fill-rule:nonzero;fill:#6a1577;fill-opacity:1" d="M 13.019531 17.703125 C 13.613281 18.738281 14.726562 19.4375 16 19.4375 C 17.285156 19.4375 18.40625 18.734375 18.996094 17.683594 L 16.03125 15.96875 L 13.019531 17.703125"/><path style="stroke:none;fill-rule:nonzero;fill:#813084;fill-opacity:1" d="M 26.394531 11.1875 C 26.394531 10.796875 26.308594 10.445312 26.136719 10.152344 L 16.03125 15.96875 L 26.152344 21.832031 C 26.308594 21.535156 26.394531 21.195312 26.394531 20.8125 C 26.394531 20.8125 26.394531 14.394531 26.394531 11.1875"/><path style="stroke:none;fill-rule:nonzero;fill:#fff;fill-opacity:1" d="M 18.996094 17.683594 C 18.40625 18.726562 17.285156 19.4375 16 19.4375 C 14.71875 19.4375 13.605469 18.738281 13.019531 17.703125 C 12.730469 17.195312 12.5625 16.621094 12.5625 16 C 12.5625 14.097656 14.097656 12.5625 16 12.5625 C 17.265625 12.5625 18.375 13.253906 18.96875 14.277344 L 21.972656 12.550781 C 20.773438 10.488281 18.546875 9.101562 15.992188 9.101562 C 12.179688 9.101562 9.09375 12.191406 9.09375 16 C 9.09375 17.246094 9.425781 18.425781 10.007812 19.4375 C 11.199219 21.503906 13.441406 22.898438 16 22.898438 C 18.566406 22.898438 20.804688 21.496094 21.996094 19.417969 L 18.996094 17.683594"/><path style="stroke:none;fill-rule:nonzero;fill:#fff;fill-opacity:1" d="M 22.105469 14.367188 L 22.789062 14.367188 L 22.789062 17.675781 L 22.105469 17.675781 Z M 22.105469 14.367188"/><path style="stroke:none;fill-rule:nonzero;fill:#fff;fill-opacity:1" d="M 23.621094 14.367188 L 24.308594 14.367188 L 24.308594 17.675781 L 23.621094 17.675781 Z M 23.621094 14.367188"/><path style="stroke:none;fill-rule:nonzero;fill:#fff;fill-opacity:1" d="M 21.554688 14.925781 L 24.863281 14.925781 L 24.863281 15.609375 L 21.554688 15.609375 Z M 21.554688 14.925781"/><path style="stroke:none;fill-rule:nonzero;fill:#fff;fill-opacity:1" d="M 21.554688 16.433594 L 24.863281 16.433594 L 24.863281 17.121094 L 21.554688 17.121094 Z M 21.554688 16.433594"/></g></svg>


--------------------------------------------------------------------------------
/assets/Index_Html.svg:
--------------------------------------------------------------------------------
1 | <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="32pt" height="32pt" version="1.1" viewBox="0 0 32 32"><g id="surface1"><path style="stroke:none;fill-rule:nonzero;fill:#e44d26;fill-opacity:1" d="M 9.324219 25.671875 L 7.839844 9.003906 L 24.160156 9.003906 L 22.675781 25.664062 L 15.988281 27.519531 Z M 9.324219 25.671875"/><path style="stroke:none;fill-rule:nonzero;fill:#f16529;fill-opacity:1" d="M 16 26.105469 L 21.402344 24.609375 L 22.675781 10.367188 L 16 10.367188 Z M 16 26.105469"/><path style="stroke:none;fill-rule:nonzero;fill:#ebebeb;fill-opacity:1" d="M 16 16.550781 L 13.292969 16.550781 L 13.105469 14.457031 L 16 14.457031 L 16 12.414062 L 10.875 12.414062 L 10.925781 12.960938 L 11.425781 18.59375 L 16 18.59375 Z M 16 16.550781"/><path style="stroke:none;fill-rule:nonzero;fill:#ebebeb;fill-opacity:1" d="M 16 21.855469 L 15.992188 21.863281 L 13.714844 21.242188 L 13.566406 19.617188 L 11.519531 19.617188 L 11.800781 22.824219 L 15.992188 23.988281 L 16 23.980469 Z M 16 21.855469"/><path style="stroke:none;fill-rule:nonzero;fill:#000;fill-opacity:1" d="M 9.355469 4.480469 L 10.394531 4.480469 L 10.394531 5.503906 L 11.339844 5.503906 L 11.339844 4.480469 L 12.378906 4.480469 L 12.378906 7.585938 L 11.339844 7.585938 L 11.339844 6.539062 L 10.394531 6.539062 L 10.394531 7.585938 L 9.355469 7.585938 Z M 9.355469 4.480469"/><path style="stroke:none;fill-rule:nonzero;fill:#000;fill-opacity:1" d="M 13.746094 5.511719 L 12.832031 5.511719 L 12.832031 4.480469 L 15.699219 4.480469 L 15.699219 5.511719 L 14.785156 5.511719 L 14.785156 7.585938 L 13.746094 7.585938 Z M 13.746094 5.511719"/><path style="stroke:none;fill-rule:nonzero;fill:#000;fill-opacity:1" d="M 16.160156 4.480469 L 17.242188 4.480469 L 17.90625 5.574219 L 18.574219 4.480469 L 19.65625 4.480469 L 19.65625 7.585938 L 18.625 7.585938 L 18.625 6.046875 L 17.90625 7.15625 L 17.886719 7.15625 L 17.171875 6.046875 L 17.171875 7.589844 L 16.152344 7.589844 L 16.152344 4.480469 Z M 16.160156 4.480469"/><path style="stroke:none;fill-rule:nonzero;fill:#000;fill-opacity:1" d="M 20.171875 4.480469 L 21.210938 4.480469 L 21.210938 6.558594 L 22.667969 6.558594 L 22.667969 7.585938 L 20.171875 7.585938 Z M 20.171875 4.480469"/><path style="stroke:none;fill-rule:nonzero;fill:#fff;fill-opacity:1" d="M 15.992188 16.550781 L 15.992188 18.59375 L 18.507812 18.59375 L 18.273438 21.242188 L 15.992188 21.855469 L 15.992188 23.988281 L 20.179688 22.824219 L 20.210938 22.476562 L 20.691406 17.101562 L 20.742188 16.550781 Z M 15.992188 16.550781"/><path style="stroke:none;fill-rule:nonzero;fill:#fff;fill-opacity:1" d="M 15.992188 12.414062 L 15.992188 14.457031 L 20.929688 14.457031 L 20.972656 13.996094 L 21.0625 12.960938 L 21.113281 12.414062 Z M 15.992188 12.414062"/></g></svg>


--------------------------------------------------------------------------------
/assets/Index_Java.svg:
--------------------------------------------------------------------------------
1 | <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="32pt" height="32pt" version="1.1" viewBox="0 0 32 32"><g id="surface1"><path style="stroke:none;fill-rule:nonzero;fill:#4e7896;fill-opacity:1" d="M 11.621094 24.738281 C 11.621094 24.738281 10.390625 25.488281 12.476562 25.703125 C 14.988281 26.023438 16.324219 25.96875 19.101562 25.433594 C 19.660156 25.777344 20.25 26.0625 20.863281 26.289062 C 14.613281 28.960938 6.703125 26.128906 11.621094 24.738281 Z M 10.820312 21.265625 C 10.820312 21.265625 9.484375 22.28125 11.570312 22.496094 C 14.296875 22.765625 16.433594 22.816406 20.121094 22.070312 C 20.480469 22.433594 20.917969 22.707031 21.402344 22.871094 C 13.867188 25.113281 5.425781 23.085938 10.820312 21.269531 Z M 25.570312 27.355469 C 25.570312 27.355469 26.476562 28.105469 24.554688 28.691406 C 20.972656 29.761719 9.539062 30.082031 6.335938 28.691406 C 5.210938 28.214844 7.347656 27.519531 8.035156 27.410156 C 8.730469 27.25 9.105469 27.25 9.105469 27.25 C 7.875 26.394531 0.929688 29.015625 5.578125 29.761719 C 18.347656 31.84375 28.875 28.851562 25.5625 27.355469 Z M 12.199219 17.632812 C 12.199219 17.632812 6.375 19.023438 10.117188 19.503906 C 11.71875 19.71875 14.871094 19.664062 17.808594 19.449219 C 20.214844 19.234375 22.621094 18.808594 22.621094 18.808594 C 22.621094 18.808594 21.765625 19.183594 21.175781 19.558594 C 15.246094 21.109375 3.863281 20.414062 7.125 18.808594 C 9.902344 17.472656 12.199219 17.636719 12.199219 17.636719 Z M 22.621094 23.457031 C 28.605469 20.355469 25.824219 17.367188 23.902344 17.738281 C 23.421875 17.847656 23.207031 17.953125 23.207031 17.953125 C 23.207031 17.953125 23.367188 17.632812 23.742188 17.527344 C 27.535156 16.191406 30.527344 21.535156 22.511719 23.617188 C 22.511719 23.617188 22.5625 23.5625 22.617188 23.457031 Z M 12.789062 31.898438 C 18.558594 32.273438 27.378906 31.683594 27.589844 28.960938 C 27.589844 28.960938 27.164062 30.027344 22.835938 30.828125 C 17.917969 31.738281 11.828125 31.628906 8.246094 31.042969 C 8.246094 31.042969 8.996094 31.683594 12.789062 31.898438 Z M 12.789062 31.898438"/><path style="stroke:none;fill-rule:nonzero;fill:#f58219;fill-opacity:1" d="M 18.996094 0 C 18.996094 0 22.308594 3.367188 15.84375 8.441406 C 10.660156 12.558594 14.667969 14.90625 15.84375 17.578125 C 12.796875 14.855469 10.609375 12.449219 12.105469 10.207031 C 14.292969 6.894531 20.332031 5.300781 18.996094 0 Z M 17.296875 15.335938 C 18.847656 17.097656 16.867188 18.703125 16.867188 18.703125 C 16.867188 18.703125 20.824219 16.671875 19.007812 14.160156 C 17.351562 11.757812 16.066406 10.578125 23.011719 6.574219 C 23.011719 6.574219 12.058594 9.296875 17.296875 15.335938 Z M 17.296875 15.335938"/></g></svg>


--------------------------------------------------------------------------------
/assets/Index_Javascript.svg:
--------------------------------------------------------------------------------
1 | <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="32pt" height="32pt" version="1.1" viewBox="0 0 32 32"><g id="surface1"><path style="stroke:none;fill-rule:nonzero;fill:#f7df1e;fill-opacity:1" d="M 4.320312 4.320312 L 27.679688 4.320312 L 27.679688 27.679688 L 4.320312 27.679688 Z M 4.320312 4.320312"/><path style="stroke:none;fill-rule:nonzero;fill:#000;fill-opacity:1" d="M 10.464844 23.839844 L 12.25 22.757812 C 12.59375 23.371094 12.910156 23.886719 13.65625 23.886719 C 14.378906 23.886719 14.835938 23.601562 14.835938 22.503906 L 14.835938 15.046875 L 17.03125 15.046875 L 17.03125 22.539062 C 17.03125 24.8125 15.699219 25.847656 13.753906 25.847656 C 12 25.847656 10.980469 24.941406 10.464844 23.839844"/><path style="stroke:none;fill-rule:nonzero;fill:#000;fill-opacity:1" d="M 18.226562 23.601562 L 20.011719 22.566406 C 20.488281 23.335938 21.09375 23.898438 22.175781 23.898438 C 23.085938 23.898438 23.667969 23.441406 23.667969 22.816406 C 23.667969 22.0625 23.070312 21.796875 22.066406 21.355469 L 21.515625 21.121094 C 19.9375 20.449219 18.878906 19.597656 18.878906 17.8125 C 18.878906 16.167969 20.132812 14.910156 22.09375 14.910156 C 23.488281 14.910156 24.492188 15.398438 25.214844 16.664062 L 23.507812 17.761719 C 23.128906 17.089844 22.726562 16.820312 22.097656 16.820312 C 21.460938 16.820312 21.050781 17.230469 21.050781 17.761719 C 21.050781 18.417969 21.460938 18.6875 22.398438 19.089844 L 22.949219 19.328125 C 24.820312 20.128906 25.867188 20.941406 25.867188 22.777344 C 25.867188 24.753906 24.3125 25.835938 22.234375 25.835938 C 20.1875 25.847656 18.867188 24.875 18.226562 23.601562"/></g></svg>


--------------------------------------------------------------------------------
/assets/Index_Json.svg:
--------------------------------------------------------------------------------
1 | <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="32pt" height="32pt" version="1.1" viewBox="0 0 32 32"><defs><linearGradient id="linear0" x1="-565.751" x2="-318.895" y1="-17.45" y2="-264.341" gradientTransform="matrix(0.0639232,0,0,-0.0639168,44.076256,7.199782)" gradientUnits="userSpaceOnUse"><stop offset="0" style="stop-color:#000;stop-opacity:1"/><stop offset="1" style="stop-color:#fff;stop-opacity:1"/></linearGradient><linearGradient id="linear1" x1="-307.717" x2="-554.573" y1="-253.164" y2="-6.274" gradientTransform="matrix(0.0639232,0,0,-0.0639168,44.076256,7.199782)" gradientUnits="userSpaceOnUse"><stop offset="0" style="stop-color:#000;stop-opacity:1"/><stop offset="1" style="stop-color:#fff;stop-opacity:1"/></linearGradient></defs><g id="surface1"><path style="stroke:none;fill-rule:nonzero;fill:url(#linear0)" d="M 15.980469 21.472656 C 20.933594 28.230469 25.785156 19.585938 25.777344 14.386719 C 25.773438 8.242188 19.546875 4.804688 15.972656 4.804688 C 10.253906 4.8125 4.800781 9.542969 4.800781 16.019531 C 4.800781 23.210938 11.054688 27.199219 15.972656 27.199219 C 14.859375 27.039062 11.140625 26.246094 11.089844 17.683594 C 11.058594 11.898438 12.980469 9.582031 15.960938 10.597656 C 16.027344 10.625 19.25 11.898438 19.25 16.050781 C 19.265625 20.191406 15.980469 21.472656 15.980469 21.472656 Z M 15.980469 21.472656"/><path style="stroke:none;fill-rule:nonzero;fill:url(#linear1)" d="M 15.972656 10.597656 C 12.699219 9.472656 8.691406 12.167969 8.691406 17.574219 C 8.691406 26.398438 15.230469 27.199219 16.027344 27.199219 C 21.753906 27.199219 27.199219 22.46875 27.199219 15.992188 C 27.199219 8.800781 20.945312 4.8125 16.027344 4.8125 C 17.390625 4.621094 23.378906 6.292969 23.378906 14.476562 C 23.378906 19.8125 18.90625 22.726562 15.992188 21.476562 C 15.929688 21.453125 12.703125 20.179688 12.703125 16.027344 C 12.703125 11.890625 15.972656 10.597656 15.972656 10.597656 Z M 15.972656 10.597656"/></g></svg>


--------------------------------------------------------------------------------
/assets/Index_Python.svg:
--------------------------------------------------------------------------------
1 | <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="32pt" height="32pt" version="1.1" viewBox="0 0 32 32"><g id="surface1"><path style="stroke:none;fill-rule:nonzero;fill:#0277bd;fill-opacity:1" d="M 16.03125 3.332031 C 14.996094 3.335938 14.277344 3.429688 13.40625 3.578125 C 10.84375 4.023438 10.375 4.960938 10.375 6.691406 L 10.375 9.332031 L 16.375 9.332031 L 16.375 10.667969 L 7.246094 10.667969 C 5.488281 10.667969 3.953125 11.496094 3.464844 13.480469 C 2.914062 15.757812 2.886719 17.183594 3.464844 19.5625 C 3.902344 21.335938 4.863281 22.667969 6.621094 22.667969 L 9.042969 22.667969 L 9.042969 19.265625 C 9.042969 17.285156 10.832031 15.332031 12.882812 15.332031 L 17.707031 15.332031 C 19.390625 15.332031 21.042969 14.09375 21.042969 12.414062 L 21.042969 6.691406 C 21.042969 5.066406 19.871094 3.847656 18.230469 3.578125 C 18.269531 3.574219 17.058594 3.328125 16.03125 3.332031 Z M 12.707031 6 C 13.257812 6 13.707031 6.453125 13.707031 7 C 13.707031 7.558594 13.257812 8 12.707031 8 C 12.152344 8 11.707031 7.558594 11.707031 7 C 11.707031 6.453125 12.152344 6 12.707031 6 Z M 12.707031 6"/><path style="stroke:none;fill-rule:nonzero;fill:#ffc107;fill-opacity:1" d="M 15.386719 28.667969 C 16.421875 28.664062 17.140625 28.570312 18.007812 28.421875 C 20.574219 27.976562 21.042969 27.039062 21.042969 25.308594 L 21.042969 22.667969 L 15.042969 22.667969 L 15.042969 21.332031 L 24.171875 21.332031 C 25.929688 21.332031 27.464844 20.503906 27.953125 18.519531 C 28.503906 16.242188 28.527344 14.816406 27.953125 12.4375 C 27.515625 10.664062 26.554688 9.332031 24.796875 9.332031 L 22.375 9.332031 L 22.375 12.734375 C 22.375 14.714844 20.585938 16.667969 18.53125 16.667969 L 13.707031 16.667969 C 12.027344 16.667969 10.375 17.90625 10.375 19.585938 L 10.375 25.308594 C 10.375 26.933594 11.546875 28.152344 13.1875 28.421875 C 13.144531 28.425781 14.355469 28.671875 15.386719 28.667969 Z M 18.707031 26 C 18.160156 26 17.707031 25.546875 17.707031 25 C 17.707031 24.441406 18.160156 24 18.707031 24 C 19.265625 24 19.707031 24.441406 19.707031 25 C 19.707031 25.546875 19.265625 26 18.707031 26 Z M 18.707031 26"/></g></svg>


--------------------------------------------------------------------------------
/assets/Index_Ruby.svg:
--------------------------------------------------------------------------------
1 | <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="32pt" height="32pt" version="1.1" viewBox="0 0 32 32"><g id="surface1"><path style="stroke:none;fill-rule:nonzero;fill:#9b1010;fill-opacity:1" d="M 28 9.332031 L 26.667969 26.667969 L 9.332031 28 Z M 28 9.332031"/><path style="stroke:none;fill-rule:nonzero;fill:#b71c1c;fill-opacity:1" d="M 18.667969 18.667969 L 26.667969 26.667969 L 28 9.332031 Z M 18.667969 18.667969"/><path style="stroke:none;fill-rule:nonzero;fill:#c62828;fill-opacity:1" d="M 10.5 10.5 C 4.613281 16.390625 2.300781 23.628906 5.335938 26.664062 C 8.375 29.699219 15.609375 27.386719 21.5 21.5 C 27.386719 15.609375 29.699219 8.371094 26.664062 5.335938 C 23.625 2.300781 16.390625 4.613281 10.5 10.5 Z M 10.5 10.5"/><path style="stroke:none;fill-rule:nonzero;fill:#e53935;fill-opacity:1" d="M 6.667969 11.332031 L 11.332031 6.667969 L 16.667969 4 L 20.667969 6.667969 L 18.667969 12.667969 L 12.667969 18 L 6.667969 20 L 4 16 Z M 6.667969 11.332031"/><path style="stroke:none;fill-rule:nonzero;fill:#ff5252;fill-opacity:1" d="M 20.667969 6.667969 L 16.667969 4 L 24 4 Z M 28 10 L 20.667969 6.667969 L 18.667969 12.667969 Z M 12.667969 18 L 21.488281 21.488281 L 18.667969 12.667969 Z M 6.667969 20 L 9.332031 28 L 12.667969 18 Z M 4 16 L 4 23.332031 L 6.667969 20 Z M 4 16"/></g></svg>


--------------------------------------------------------------------------------
/assets/Index_Shell.svg:
--------------------------------------------------------------------------------
1 | <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="32pt" height="32pt" version="1.1" viewBox="0 0 32 32"><g id="surface1"><path style="stroke:none;fill-rule:nonzero;fill:#000;fill-opacity:1" d="M 29.773438 6.609375 L 18.226562 0.65625 C 16.859375 -0.046875 15.160156 -0.046875 13.792969 0.65625 L 2.246094 6.609375 C 0.847656 7.332031 -0.00390625 8.640625 0 10.050781 L 0 21.953125 C -0.0078125 23.359375 0.835938 24.667969 2.226562 25.394531 L 13.773438 31.347656 C 15.140625 32.050781 16.839844 32.050781 18.207031 31.347656 L 29.753906 25.394531 C 31.144531 24.667969 31.988281 23.359375 31.980469 21.953125 L 31.980469 10.050781 C 31.992188 8.648438 31.15625 7.339844 29.773438 6.609375 Z M 20.832031 25.191406 L 20.832031 26.042969 C 20.832031 26.148438 20.765625 26.25 20.664062 26.304688 L 20.078125 26.597656 C 19.984375 26.636719 19.910156 26.597656 19.910156 26.484375 L 19.910156 25.644531 C 19.496094 25.820312 19.023438 25.859375 18.578125 25.757812 C 18.507812 25.714844 18.480469 25.636719 18.515625 25.566406 L 18.722656 24.792969 C 18.742188 24.730469 18.78125 24.671875 18.839844 24.625 C 18.855469 24.613281 18.875 24.601562 18.898438 24.589844 C 18.925781 24.578125 18.960938 24.578125 18.988281 24.589844 C 19.398438 24.6875 19.832031 24.636719 20.199219 24.457031 C 20.730469 24.230469 21.078125 23.769531 21.101562 23.257812 C 21.101562 22.824219 20.828125 22.640625 20.167969 22.636719 C 19.328125 22.636719 18.554688 22.496094 18.535156 21.421875 C 18.554688 20.496094 19.050781 19.621094 19.886719 19.042969 L 19.886719 18.179688 C 19.886719 18.070312 19.953125 17.96875 20.058594 17.914062 L 20.621094 17.601562 C 20.714844 17.558594 20.792969 17.601562 20.792969 17.714844 L 20.792969 18.582031 C 21.136719 18.445312 21.523438 18.40625 21.894531 18.464844 C 21.976562 18.503906 22.007812 18.59375 21.96875 18.664062 L 21.769531 19.433594 C 21.753906 19.488281 21.71875 19.542969 21.671875 19.585938 C 21.652344 19.601562 21.636719 19.613281 21.613281 19.625 C 21.585938 19.632812 21.558594 19.632812 21.53125 19.625 C 21.164062 19.554688 20.785156 19.609375 20.464844 19.773438 C 19.988281 19.953125 19.675781 20.355469 19.660156 20.804688 C 19.660156 21.195312 19.898438 21.316406 20.695312 21.328125 C 21.761719 21.328125 22.222656 21.75 22.234375 22.679688 C 22.214844 23.65625 21.703125 24.574219 20.832031 25.191406 Z M 26.878906 23.75 C 26.894531 23.824219 26.859375 23.898438 26.789062 23.945312 L 23.871094 25.484375 C 23.84375 25.503906 23.804688 25.507812 23.773438 25.488281 C 23.742188 25.472656 23.726562 25.441406 23.734375 25.410156 L 23.734375 24.753906 C 23.738281 24.683594 23.789062 24.621094 23.867188 24.59375 L 26.742188 23.101562 C 26.769531 23.078125 26.8125 23.078125 26.84375 23.09375 C 26.875 23.109375 26.886719 23.140625 26.878906 23.171875 Z M 28.894531 9.117188 L 17.96875 14.976562 C 16.605469 15.675781 15.601562 16.441406 15.601562 17.867188 L 15.601562 29.550781 C 15.601562 30.40625 16.007812 30.949219 16.609375 31.117188 C 16.410156 31.152344 16.210938 31.167969 16.007812 31.171875 C 15.363281 31.167969 14.734375 31.019531 14.183594 30.734375 L 2.636719 24.785156 C 1.496094 24.183594 0.800781 23.109375 0.804688 21.953125 L 0.804688 10.050781 C 0.800781 8.894531 1.496094 7.816406 2.636719 7.214844 L 14.183594 1.265625 C 15.300781 0.691406 16.695312 0.691406 17.8125 1.265625 L 29.359375 7.214844 C 30.3125 7.714844 30.960938 8.554688 31.132812 9.507812 C 30.757812 8.800781 29.894531 8.605469 28.890625 9.117188 Z M 28.894531 9.117188"/></g></svg>


--------------------------------------------------------------------------------
/assets/Index_Sql.svg:
--------------------------------------------------------------------------------
1 | <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="88" height="32pt" version="1.1" viewBox="0 0 66 32"><g id="surface1"><path style="fill:none;stroke-width:15;stroke-linecap:butt;stroke-linejoin:miter;stroke:#df6c20;stroke-opacity:1;stroke-miterlimit:4" d="M 204.989347 50.009766 C 204.989347 30.673828 166.933002 15 119.998816 15 C 73.064631 15 35.008286 30.673828 35.008286 50.009766 C 35.008286 69.316406 73.064631 84.990234 119.998816 84.990234 C 166.933002 84.990234 204.989347 69.316406 204.989347 50.009766 Z M 204.989347 50.009766" transform="matrix(0.132,0,0,0.133333,0,0)"/><path style="fill:none;stroke-width:15;stroke-linecap:butt;stroke-linejoin:miter;stroke:#df6c20;stroke-opacity:1;stroke-miterlimit:4" d="M 35.008286 50.009766 L 35.008286 200.009766 C 36.665483 219.345703 76.053504 235.048828 122.987689 235.048828 C 169.921875 235.048828 206.646544 219.345703 204.989347 200.009766 L 204.989347 50.009766 M 35.008286 99.990234 C 36.665483 119.355469 76.053504 135.058594 122.987689 135.058594 C 169.921875 135.058594 206.646544 119.355469 204.989347 99.990234 M 35.008286 150 C 36.665483 169.365234 76.053504 185.039062 122.987689 185.039062 C 169.921875 185.039062 206.646544 169.365234 204.989347 150" transform="matrix(0.132,0,0,0.133333,0,0)"/><path style="fill:none;stroke-width:15;stroke-linecap:butt;stroke-linejoin:miter;stroke:#df6c20;stroke-opacity:1;stroke-miterlimit:4" d="M 300.011837 99.990234 C 300.011837 86.191406 288.796165 75 275.005919 75 C 261.18608 75 250 86.191406 250 99.990234 C 249.733665 107.900391 252.485795 115.488281 257.427794 120.410156 C 262.340199 125.332031 268.880208 127.060547 275.005919 125.009766 C 280.332623 124.951172 285.452178 127.558594 289.210464 132.246094 C 292.939157 136.933594 295.040246 143.349609 295.010653 150 C 293.619792 163.798828 281.309186 173.876953 267.489347 172.5 C 253.6991 171.123047 243.607955 158.818359 244.998816 144.990234" transform="matrix(0.132,0,0,0.133333,0,0)"/><path style="fill:none;stroke-width:15;stroke-linecap:butt;stroke-linejoin:miter;stroke:#df6c20;stroke-opacity:1;stroke-miterlimit:4" d="M 375 174.990234 C 349.254261 179.238281 324.603456 162.978516 318.359375 137.666016 C 312.085701 112.353516 326.349432 86.484375 351.089015 78.222656 C 375.828598 69.990234 402.728456 82.119141 412.908381 106.142578 C 423.088305 130.136719 413.11553 157.939453 390.003551 170.009766 M 375 150 L 405.007102 189.990234" transform="matrix(0.132,0,0,0.133333,0,0)"/><path style="fill:none;stroke-width:15;stroke-linecap:butt;stroke-linejoin:miter;stroke:#df6c20;stroke-opacity:1;stroke-miterlimit:4" d="M 439.985795 69.990234 L 439.985795 150 C 439.985795 163.798828 451.201468 174.990234 464.991714 174.990234 L 484.996449 174.990234" transform="matrix(0.132,0,0,0.133333,0,0)"/></g></svg>


--------------------------------------------------------------------------------
/assets/Index_Vbnet.svg:
--------------------------------------------------------------------------------
1 | <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="32pt" height="32pt" version="1.1" viewBox="0 0 32 32"><defs><filter id="alpha" width="100%" height="100%" x="0%" y="0%" filterUnits="objectBoundingBox"><feColorMatrix in="SourceGraphic" type="matrix" values="0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 1 0"/></filter><mask id="mask0"><g filter="url(#alpha)"><rect width="32" height="32" x="0" y="0" style="fill:#000;fill-opacity:.101961;stroke:none"/></g></mask><clipPath id="clip1"><rect width="32" height="32"/></clipPath><g id="surface6" clip-path="url(#clip1)"><path style="stroke:none;fill-rule:nonzero;fill:#fff;fill-opacity:1" d="M 4.910156 4.5 C 0.476562 8.449219 -1.402344 14.527344 0.0234375 20.289062 C 1.449219 26.050781 5.949219 30.550781 11.710938 31.976562 C 17.472656 33.402344 23.550781 31.523438 27.5 27.089844 Z M 4.910156 4.5"/></g></defs><g id="surface1"><path style="stroke:none;fill-rule:nonzero;fill:#004e8c;fill-opacity:1" d="M 32 16 C 32 24.835938 24.835938 32 16 32 C 7.164062 32 0 24.835938 0 16 C 0 7.164062 7.164062 0 16 0 C 24.835938 0 32 7.164062 32 16 Z M 32 16"/><use mask="url(#mask0)" xlink:href="#surface6"/><path style="stroke:none;fill-rule:nonzero;fill:#fff;fill-opacity:1" d="M 16.644531 9.699219 L 12 22.300781 L 10.355469 22.300781 L 5.785156 9.699219 L 7.429688 9.699219 L 10.929688 19.699219 C 11.050781 20.0625 11.136719 20.4375 11.183594 20.816406 L 11.21875 20.816406 C 11.273438 20.425781 11.367188 20.042969 11.5 19.675781 L 15.058594 9.675781 Z M 16.644531 9.699219"/><path style="stroke:none;fill-rule:nonzero;fill:#fff;fill-opacity:1" d="M 18.460938 22.300781 L 18.460938 9.699219 L 22.046875 9.699219 C 22.976562 9.648438 23.894531 9.933594 24.636719 10.5 C 25.261719 11.007812 25.617188 11.777344 25.59375 12.585938 C 25.605469 13.253906 25.394531 13.90625 25 14.445312 C 24.601562 14.980469 24.039062 15.375 23.398438 15.570312 L 23.398438 15.605469 C 24.171875 15.667969 24.898438 16.007812 25.441406 16.566406 C 25.964844 17.140625 26.238281 17.902344 26.203125 18.679688 C 26.238281 19.683594 25.8125 20.648438 25.046875 21.300781 C 24.226562 21.984375 23.183594 22.339844 22.121094 22.300781 Z M 19.960938 11.03125 L 19.960938 15.101562 L 21.460938 15.101562 C 22.144531 15.132812 22.816406 14.917969 23.355469 14.5 C 23.828125 14.085938 24.085938 13.476562 24.050781 12.851562 C 24.050781 11.625 23.246094 11.015625 21.636719 11.015625 Z M 19.960938 16.425781 L 19.960938 20.960938 L 21.960938 20.960938 C 22.679688 21 23.390625 20.785156 23.960938 20.34375 C 24.441406 19.921875 24.707031 19.300781 24.675781 18.660156 C 24.675781 17.171875 23.660156 16.429688 21.636719 16.429688 Z M 19.960938 16.425781"/></g></svg>


--------------------------------------------------------------------------------
/assets/Index_Xml.svg:
--------------------------------------------------------------------------------
1 | <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="104" height="32pt" version="1.1" viewBox="0 0 78 32"><g id="surface1"><path style="stroke:none;fill-rule:evenodd;fill:#af0084;fill-opacity:1" d="M 72.292969 7.089844 C 72.453125 5.722656 72.558594 4.015625 73.105469 2.84375 C 73.511719 4.058594 73.652344 5.632812 74.492188 6.550781 C 75.582031 6.296875 76.796875 6.359375 77.917969 6.597656 C 77.246094 7.476562 75.78125 8.070312 74.90625 8.636719 C 75.957031 9.515625 76.472656 10.539062 77.046875 11.753906 C 75.519531 11.726562 74.125 10.410156 72.945312 9.703125 C 71.929688 10.839844 71.214844 11.941406 69.722656 12.351562 C 70.261719 11.214844 71.519531 10.234375 71.675781 9.054688 C 70.484375 8.617188 69.007812 7.675781 68.234375 6.722656 C 69.464844 6.796875 71.0625 6.949219 72.292969 7.09375"/><path style="stroke:none;fill-rule:evenodd;fill:#98c000;fill-opacity:1" d="M 73.5625 15.75 C 73.675781 14.757812 73.757812 13.515625 74.148438 12.660156 C 74.445312 13.546875 74.546875 14.6875 75.15625 15.355469 C 75.945312 15.167969 76.832031 15.214844 77.644531 15.386719 C 77.15625 16.019531 76.097656 16.460938 75.460938 16.867188 C 76.230469 17.5 76.605469 18.25 77.015625 19.132812 C 75.90625 19.113281 74.890625 18.152344 74.035156 17.644531 C 73.300781 18.46875 72.78125 19.269531 71.695312 19.566406 C 72.085938 18.742188 73 18.027344 73.109375 17.175781 C 72.246094 16.855469 71.175781 16.171875 70.609375 15.480469 C 71.5 15.535156 72.664062 15.648438 73.554688 15.75"/><path style="stroke:none;fill-rule:evenodd;fill:#f08400;fill-opacity:1" d="M 69.757812 22.589844 C 69.835938 21.898438 69.890625 21.042969 70.164062 20.453125 C 70.367188 21.066406 70.4375 21.855469 70.859375 22.3125 C 71.40625 22.183594 72.015625 22.214844 72.578125 22.335938 C 72.238281 22.773438 71.507812 23.078125 71.070312 23.359375 C 71.597656 23.796875 71.855469 24.3125 72.140625 24.921875 C 71.375 24.90625 70.675781 24.25 70.082031 23.890625 C 69.570312 24.460938 69.210938 25.015625 68.464844 25.222656 C 68.734375 24.652344 69.363281 24.160156 69.441406 23.570312 C 68.84375 23.351562 68.101562 22.882812 67.714844 22.398438 C 68.332031 22.4375 69.136719 22.515625 69.75 22.585938"/><path style="stroke:none;fill-rule:evenodd;fill:#005fad;fill-opacity:1" d="M 12.875 22.148438 C 12.238281 22.148438 5.074219 29.050781 4.375 29.867188 C 3.792969 30.507812 3.476562 31.6875 2.472656 31.816406 C 1.40625 31.960938 1.167969 31.550781 0.652344 30.757812 C 0.167969 30.003906 -0.417969 28.667969 0.429688 28.121094 C 1.246094 27.601562 11.398438 18.398438 11.71875 18.019531 C 12.113281 17.625 11.679688 16.640625 11.488281 15.152344 C 11.246094 13.246094 11.125 11.496094 11.273438 9.605469 C 11.425781 7.667969 11.894531 5.277344 12.402344 3.394531 C 12.714844 2.246094 12.535156 -0.0234375 14.152344 -0.09375 C 14.480469 -0.015625 16.972656 1.6875 16.300781 3.933594 C 15.332031 7.152344 14.398438 10.773438 14.683594 14.222656 C 14.738281 14.890625 15.011719 15.464844 15.4375 15.160156 C 20.035156 11.910156 27.234375 8.382812 29.074219 7.753906 C 29.960938 7.476562 30.867188 7.257812 31.789062 7.144531 C 32.445312 7.21875 32.949219 7.832031 33.46875 8.265625 C 36.074219 10.476562 31.011719 18.304688 30.582031 20.691406 C 30.988281 20.691406 31.425781 20.082031 32.199219 19.390625 C 33.023438 18.648438 34.304688 17.484375 35.25 16.578125 C 36.695312 15.507812 37.957031 14.523438 39.789062 14.289062 C 44.199219 13.734375 42.878906 20.011719 41.882812 22.257812 C 42.453125 22.257812 43.84375 20.675781 44.953125 19.636719 C 45.511719 19.109375 46.132812 18.554688 46.695312 18.042969 C 47.367188 17.429688 47.679688 17.113281 48.1875 17.359375 C 48.527344 17.453125 50 18.335938 50.082031 19.6875 C 50.152344 20.777344 49.699219 21.851562 49.476562 22.898438 C 49.292969 23.777344 49.335938 26.632812 50.535156 26.636719 C 51.007812 26.300781 51.625 26.15625 52.191406 26.0625 C 53.097656 25.910156 53.054688 26.203125 53.800781 26.476562 C 54.976562 26.910156 53.917969 28.554688 53.300781 29.164062 C 52.46875 29.980469 51.28125 30.519531 50.097656 30.5 C 48.789062 30.476562 47.761719 29.683594 47.171875 28.566406 C 46.851562 27.953125 46.4375 25.695312 46.28125 25.023438 C 46.121094 24.363281 46.257812 23.574219 45.550781 24.242188 C 43.550781 26.144531 41.492188 27.914062 39.460938 29.789062 C 37.222656 31.855469 35.085938 29.019531 35.492188 26.703125 C 35.894531 24.4375 37.871094 21.671875 38.226562 19.425781 C 37.28125 19.425781 35.6875 21.054688 35.085938 21.726562 C 34.109375 22.820312 33.027344 24.03125 31.921875 25.179688 C 30.8125 26.332031 29.859375 27.394531 28.746094 28.542969 C 27.941406 29.371094 27.019531 30.550781 25.664062 30.625 C 24.996094 30.519531 23.933594 29.421875 23.75 28.019531 C 23.597656 26.855469 23.898438 25.566406 24.347656 24.496094 C 25.65625 21.390625 29.238281 14.832031 30.074219 11.570312 C 28.355469 11.734375 21.070312 15.066406 16.25 19.035156 C 14.855469 20.171875 16.144531 22.253906 16.726562 23.640625 C 17.351562 25.121094 19.195312 27.800781 19.746094 28.257812 C 21.191406 29.445312 20.039062 30.492188 18.605469 30.417969 C 17.996094 29.992188 17.261719 29.535156 16.691406 28.96875 C 16.070312 28.355469 15.535156 27.65625 15.046875 26.941406 C 14.058594 25.492188 13.113281 23.816406 12.859375 22.0625"/><path style="stroke:none;fill-rule:evenodd;fill:#005fad;fill-opacity:1" d="M 64.683594 3.5625 C 64.273438 2.0625 62.375 4.355469 61.421875 5.566406 C 58.792969 8.917969 56.394531 15.730469 56.007812 16.984375 C 54.828125 20.835938 54.371094 25.582031 56.921875 28.96875 C 58.40625 30.945312 61.015625 31.097656 63.578125 30.367188 C 64.898438 29.992188 66.222656 29.058594 66.675781 28.035156 C 67.046875 27.1875 67.242188 25.605469 65.355469 26.8125 C 64.625 27.277344 63.289062 27.789062 60.890625 27.753906 C 60.085938 27.738281 58.765625 26.597656 58.410156 25.417969 C 57.789062 23.496094 58.054688 20.933594 58.054688 20.933594 C 58.597656 17.617188 60.152344 14.03125 61.515625 11.019531 C 62.042969 9.855469 63.660156 6.957031 64.261719 6.035156 C 64.261719 6.035156 65.035156 4.832031 64.6875 3.550781 Z M 64.683594 3.5625"/></g></svg>


--------------------------------------------------------------------------------
/assets/Kubernetes_Architecture.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Kubernetes_Architecture.png


--------------------------------------------------------------------------------
/assets/Logging_Cheat_Sheet.drawio.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Logging_Cheat_Sheet.drawio.png


--------------------------------------------------------------------------------
/assets/NIST_ABAC.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/NIST_ABAC.png


--------------------------------------------------------------------------------
/assets/Netflix_AC.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Netflix_AC.png


--------------------------------------------------------------------------------
/assets/Netflix_ID_prop.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Netflix_ID_prop.png


--------------------------------------------------------------------------------
/assets/Network_Segmentation_Cheat_Sheet_BACKEND.drawio:
--------------------------------------------------------------------------------
1 | <mxfile host="Electron" modified="2022-04-11T17:23:42.194Z" agent="5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/16.5.1 Chrome/96.0.4664.110 Electron/16.0.7 Safari/537.36" etag="ihmdOyDP-7sdI_s1T5hh" version="16.5.1" type="device"><diagram id="NAMquWqF7pGOmIKc8PHd" name="Page-1">7VvblqJYEv2afKxcXE199C7ZgOktTXyphUAhiOIoivD1s+McvFvVWVNZ1Tmzprpn9NziROyIHRFI14NcX+zba3s1M2LXix4kwd0/yI0HSRJVVcAHzWR8piJV+IS/Dtxi02liEOReMVmc87eB620uNiZxHCXB6nLSiZdLz0ku5uz1Ok4vt32Lo8tbV7bv3UwMHDu6nR0HbjLjs2Xp6TTf8QJ/drhZLBX2LezD5sKSzcx24/RsSm4+yPV1HCf822Jf9yIC74ALP9f6zupRsbW3TN5zYLJUBvOSXK8Ky9ao5Xy128a3L6LExezsaFtYXGibZAcI0lmQeIOV7dA4hZsf5NosWUQYifga2VMvqtnO3F/H26Vbj6N4zQ7KLfYHWzZzL3EIDQEDOwr8Jb470NvDztrOWycBEK8WC0lMN2ySdTz3DtKW8RK3125tLmAgGd7+bKrAoO3FCy9ZZ9hSrMqFO4p4VJVinJ559xC0szPPSuVi0i4iyj+KPoGOLwXu931gtMxeyeys07eFvo++fMsrivelfOOCWrX+V9NsfBJPfAfhO374LuhPyiXqJeEWdVG6g7pY+l2o3wa+oTUaenNc7Tf/d4BXhb8HXhJ+F/D3U45wg7xmDpt9szn8VLj/UpZR3xHvvw120c7s0pP6ZRv/Swu+vD3n3tb7It6g3up3gfsnSzO/hLpYeUe0P/3RaL8tp56LBqMYxutkFvvx0o6ap9kag9VzC/hOe/SYgGI+CL0kyYpuyd4m8aWHgOA6e8Pgi/AoiKXDjEUSH5Vy+TDR2Bd38FF2Pnrx1gEgIIexye+6ZxNv1473I8LzfYm99r3kB/uKlorw+aGz115kJ8HuskG757ji6EscQOVjkEiy+Cipl3FSLj+WL+VwbYujVzFw1OUXkuANG+tR4BV3nUeLvVnxtvZbsKeQOHfzirRj+qq1B7Vxj2rBgvW3tW/xMinCBS3fcb4RLHzoHwVT/L+db9cemYqOe5kECTBsjTbeevO42fkfQ9An5bFcuoS+JD4+qTcsVYXHw4PCOU9V9Td1A8o/QdO78f6fcUy55dhdO+VfpNQv5ULlJujH3pSs89YIoRsPXBaRP8eDxcaxPXzWt5skXjTihR0sP44CcvmqRoEAsnSHAeUjL84ZoFQe5Q8gwV3/VP7xWlUSL2uVqpT+bK0qvbNWKR9dq37JcaVbYlVbn6KULL0kjdfzYElrYPvX6moVofdLgnj5tRWsvdSOoq8vMeYCb/MVan8c06SK9HhV59XK4z2qPT3eYdpp9sP9Vf7HiSbJV0QTn/4s0Z7eSbTSpyLa0w3RwBN76XzC6qXHtvv1oN3Xb56dgJIfSC7xuowpd5q4O6z6bT8riDcu+ADKuFX6Dfnh+AMkZloBKcZEuvZmxuTT5m+YP3sWdlWv7Co3P2RipSxN5VLpR2743Y9A4tPVj6DXj7+cvjdPP38rqCxcCfq4x6i77ex/q8//vuf/cJ8r5Q/y+bWgP+3zp3+0eB5LYVE3//Oq+bPPfd9/nnvHc5/6h6rmj5Q8q5rVFw0TZ73gp2hWV2tvF3gpvg0SaOVQs3r48eMUQaTB8V3e6TH+136ml6+rqfzOLlUp/San3amnn5hnH0gp9Z2UEoX7Lv0znFJvOfV/NhUHStKnY9PtTyv/b1S+0188SR/UqFwL+uPN6e2Lzoad2FN7491EAyiw4kziTDu8ItPpXdtLvAkYreXGNE6SePHwo5dw39ifh++9ZrtJBezK6mFWOKO1C20f5CofSi2irlTbIwCl+kvHlCZZTZmO91snX82tXAjsTl9wGvFOl2uis0i3U/l5qUv9UJdeN5OxGE2X/VzPm1tjUA60ziyZttW8uzDDl8Fz7Hb6aTco7yz5ObLe+it38RpOJTGZSmquLyrZJKtsncw4nVs+zyfh+Z2u7GaqbGTqzlk4O2M4V7uDcmoEZZwSs0nbShw52rrtlqKP1VzLNN9ri5vp0ig58mR5rgMkyfrSKe7F+UY11WWy93imoi1mgtuplvSsgt3O1s0Nbm+updi/I5lacMQnn0r9ldOuzO3huc7mbtKOUlrTl+bOfXsOJ+MJ9HcjfaFGbr3SfG32do6Ec2817J0nRl2du+3eGX7R1pbN0HqrRTc2nK0dMLTgBwdpxJJec106rUNXafL2nNvjyvZloO31sBlo7WgOmbm7cFQzrypmXfPtsbp2JHPmtEcl+ChzpGg3hR+MuqIagZJrdT8zG1XRHPYkvV4Fdk1FH1Zzfdjc/zXQ/DNbSpN2JZwuWskEmDhya/Mm9WfwT2C9mRHw4Hg3ILtTU6CfCr1Sp+PD9slq8ubWp7Jf0cKqb9SrsjlQRCOo7oH91hg2OT6NVe60WyGT33mOHOk1cxcjrLmrSacfQx4/R7EydGDvLLLHbuzSnUP4PGzutVApT8evgjUm3ZqwvwffixH0nCNOZ8bQycwAzWztpUMRuRr0mxaN2mbYjVz4cuM7i/6iu2gFU/lVwJ3BS7gHX1YLxEtivfWw2x6Ls4k0YlHzl0yap0DIKE3gtem4JRQnBI88xe/JJm9FxAx/xLx+OB1H7JwumoI93m8G/K5Az5Uy3eG2I2HaHu1ewnRnSUbpVapkNtZ0+cKeeiWZwN5JuyVYQzr5unCy2moCrNj3vCkbYS94CazQazef6gP++RyYijXcPBefC02ezbrpnH9mv3lvb345n86fr849H+QdPz/4DHCbg9P5AZeX9mQ17fQjJyiwW0Qbt/2aveXaCbvhfjEZuTP3zQQfW9veYi+e9r92rLfXHLybTefPG/dNI26mBnFL7s/77VcJZ4SCx5kWlOG9QpuyLhW3hwrXNN+fZaYVyw4Txi7HtyhjQDNLqmymslbRAkNCrqD/gSnPiGzIWVRSa2yu3M4cTKSMMVm5dRFR/by0x0oCGYLbriTEXDB4Yb/1EsRzNkHm0cf7aLLsEYNvzjmLaGl37q9BXlrIW2IfsmFlg8w1my7MiDKXgSw1kV9X0F2YSnvo2Npa0oj0ozMMRZZ1xn0g9SqD+Wm3QTadsiGqkugsn1GxoG+7pU7eYD9lpHwuGw1fIDnTRZJbUiudDFchZSmdMl44R8bTJHNwmSktmfAxFD10cmMIDIPLdWSp5WR8jmX1Up9lDZx9zW1knansYF27WnehT3/nZmI8GR+wa6YGy2p39wHP2Qq5oTQZ9wrf3d0n2+O+YLOMCNuuKwD8iCwu62/IxIGgXOGCsyrpm3hDwse/umO1m0oC7h5tjbCpGnlTNZHxp9LzvyZjU7jnV46TuZu2KxnmwsmC/4N7gU1FnsjPBUtaGwc57sSo9LyKls79f9hz4AjuEOw6jxP2vUE+b974HJ3JlvQENxJLpsrSEpCPoyI2c7cTbSg3E8OnjThEZZKNhSFhjapqojWqG2NobM3Q990Aa4GCalQLad7MFNEcVPdmgKo6SPdGpkjdejXHvGwGh3FtrDWauR5aitY2UAXTVKsLhz2X3zsx5fuL7PjSqaGi+byiLdl3yiTUY13GrlTZTtGNwR+ZPiZeTGZu5zUj25hP5L6K+oGqiNzSTksaspGZP4cU44xrA6Z3ZtbTQ3X27TpV11HG9A6r225jtDFO9iWwGzaexgecXqnCc9s1rWHIeqgJWuvdtuXX8fvTtklFxIXJgmqpfuJsCR3Qnnj/2WzufpTNJ38W3dYxDs9jFnpb2+6weYxtfUg6O5J+iNUm7D/sCZ2tkVsUu5kxUDLYnx73kUyOyYEHKbefZFV9c+hDfnNz6v5S5N9mrjUckXA+ynk/VsJ1Xv752HcX1gJ5t37ESgIuCnTJ9NBXC54KqBMq+En4CeYgVfWwmhNfEUMpYuYwJrvF7oBzuVhLTPYJnHPEVaO30YdzfDK5tKYiTxzkJt2Bgieg6vFsMT7JbRiIyaqgN3okyz/I5PtqpYvu4dAxpOh74+LZgH2nCop+/7qC7qZ4hrHk/s4JxBCZUcJedKcjXt06puChA4AMxqRuYAbddk8wcqps8Mpc8OHdrckiCZ5uNP1eBjQHsAysggUKLD2gS4jKWsNCdPjYr227R+QdijRECyzMwTjMmSeWIUJ8nGPPO7LeMMBKx6c1RBNkzfeIpq2Za4VMHunI1ClkwKOGxM4MfR/65HpjRPr6pCPQTbBvD0/tmccyjMEQY4AMS3fXj2N4G3ojoslOI4SOAyUn+WzfgHQc7X8ig0u/nMFvGZ/BJhk2SLBlf2A87MOzDyKxrijACz6o7hGpwAWdUIOq+gjshw/DHtmUsajNFBX+YjjryAJmPqc18gnhJRSVS2AMrguIzp6IscT8A0YA81zrWDgL+bnmW8gO8BPJkIAlIllDrGiFP/h3rO0ZvgNFZZm1jkwTkP9GMr/DkmDPtlhDfFGmnm9Id84s6Mzudmgf5qsUEz59God9+YiNYRcbdxs+GyNL8f1Dg2OR83UjpPPIkMMRxhrusfg4NDZ8X5PZaDZonbPzNLZYzBHjixiDvg7pSPEsIp6hD90LjIY9slvs0l74ALygrFjYMxfAGextcp1pL3AzMsoMPR6LdYwHVZHJB0bEJXQrnG/twqaQn6cqx2xgWYnmrULn+dmYYUpZO2F+R9eCipYVcSPQHXwf8wf5nzJhWviYslfC/NEgjEas64FuIvnP4HFG3KG5nMcZ7QEf2b4eqgrOwUckC/kDd84lLmtOtoNzKXCpQh7lAo1ifG8wex3GdXSqLB7AS9pXyGP7KG4w18t4Nh35XqDt3tddOumvdpdnnXDRXY5IF8T9iJ46DpWHqtCe42kJnKM9n/u+SRWcVR34QyHuHGLSILyQq7CGODBUZl/e86fIv/TEoyOGTNad9ASGXTNFJZlTPGxM+r0vnFPuhl9SmVV56o4I/wHGdQU5HRUKd2MsdRmPkV843woO9go9NMYVk+UOyrs9zo2Qc607NAruNXmc5RR35EfjbGwx3xTcEXiscI5Rt0Jc0Vm+sfbkW3T+BTcMig/BGLC8LfCY0HKd5aqepLFY0476sjzHbBhJjGPsDqpnFsnZ8+oL3YcWcQzxNsJ5FuNUE/aH+MX9JAuxmjJ+aLxSb5CHc43x0eL5M2CxJ/B65JAdVCclni9jHzk8AebAmnhgUN5Mdc65Ih5YvoUtRsaxR9wwfzvFuCpye8gXWsFpxAjJpRwR8FzE9/qsQ2M+y1kOkXlO78ksrgaM+3vqIIv799SpcX75RU7xN6QvcE7ZmZzlYXSYVGeaKuMdMDVZbiPbqywnGJzHtC/j/KRYtVjN5vu4bhRvBs/36BPIl+AKw6Oacb8f8jrLn5LB6zf8RjKsnGMzEn6iLssf3YkP0eOALyL8TDxS+BPCiDgqai3LB09YrOPJg+Zkqpt4imf8wRzygp9d6J+n7BfIF59eJNC/l3+Ph97+nb1nENifm3dIrvfN3kbJ1Tun02x09Ubj+JLx5q3jR78WfHqq3PnvQW//c1BFvH0xqMo//WIQw9Nf7uXvlE5/RVpu/hs=</diagram></mxfile>


--------------------------------------------------------------------------------
/assets/Network_Segmentation_Cheat_Sheet_BACKEND.drawio.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Network_Segmentation_Cheat_Sheet_BACKEND.drawio.png


--------------------------------------------------------------------------------
/assets/Network_Segmentation_Cheat_Sheet_FRONTEND.drawio:
--------------------------------------------------------------------------------
1 | <mxfile host="Electron" modified="2022-04-11T16:52:42.087Z" agent="5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/16.5.1 Chrome/96.0.4664.110 Electron/16.0.7 Safari/537.36" etag="nQQU9d18YMW6eyFxdaux" version="16.5.1" type="device"><diagram id="NAMquWqF7pGOmIKc8PHd" name="Page-1">3Vjbcps6FP0aP5rhbvzoGznttGmmaac958WjwDaoFsgVcmzn6yuBAGPRNG3sNHPyEKPFlrS1lpYkNHBm2f6KoU36nsZABrYZ7wfOfGDb1tgeix+JHCqkARKGYxXUArf4ARRoKnSLYyg6gZxSwvGmC0Y0zyHiHQwxRnfdsBUl3V43KAENuI0Q0dEvOOZphQb2qMX/AZykdc+Wr8aXoTpYjaRIUUx3R5CzGDgzRimvnrL9DIgkr+alqhf+5G2TGIOcP6XCf7l7u/ad2cTMw89htERX71dDy66auUdkq0assuWHmoJdijncblAkyzsh88CZpjwjomSJR4LugExRtE4Y3ebxjBLKyopOWP6JkGINPJJsmKKACE5y8RyJvEFETu+BcSwYn6gXnMoeCs7oGurWcpqL3qf6mBUNsg3YH0GKgyugGXB2ECHq7dBXeqgJ6bmqvGvl9cYKS4+ktQMFIjWlkqbtlnXxoIj/HRFMTYQ3158WH68Xn16JGOfg3e3y7ps675bfw3sDPod3Cx2QP/KGW/r9DR5+ffsAWxhaGu3hxw+C+Ov5/4d2y/817Y53Kdp7p7u+wkAs1lxVpIynNKE5IosWnZa0Qqzoa2PeUUlUqcE34PygNhC05bSrkGCQHb6KwtA0TMuvkX9li4YbBDUw36s+qtLhuHQDDAsKpGAl+FN5CrplETzmeLWTIZYAfyRO7TKSn0fFZkAQx/fdPatPOFX1hmKRcjNJbMcybK87T4LACLrtVNmqqidzoMnlGaug5sYZwaD6Op4tqNhUO/0K7+WUOJZ5I7Mr8/WmA2/eZzWclVv+dEVzrqaL2AUbfI6zRORP8J34jx62DORQxSEk55gLDsPPBbDCKO6TMxnUNQK/S71vGZ6+J5lGfXQ6tqnnXcilribHF7iTQgATg9NE6S5vL6dQVkQIxO9sW3CazWmGcH4+cVzb1KRx7B5xAmPk6eK4Y8O5lD7jv76K+lZ3FfVc/2VXUf+Jq6h77lX0WcL5urEm4atY5HLgO8rWOJfvhNuXk82GiFMJxzRfhpjBDhGyvKECw1AsRdrnc5pj2sbJDuSNjT6rjYwep7Xo2fUK/rrRbOfEaNboZY02eqLR/FdltJFmNOETlEevcPd6R1G8rLNbrgBxYcnzmau5TWm2MbfnfNHjqot98VqaBGewTDyRFz6D5rZAICGWiZVNxqhIy/Zl8ErgR19psQdB7Gq3DuJNYN85vv+YDJc+nFsnH87e6YdZZV/tXP7LhgLzpKE/PuCLYnuPVYW3t4HO4gc=</diagram></mxfile>


--------------------------------------------------------------------------------
/assets/Network_Segmentation_Cheat_Sheet_FRONTEND.drawio.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Network_Segmentation_Cheat_Sheet_FRONTEND.drawio.png


--------------------------------------------------------------------------------
/assets/Network_Segmentation_Cheat_Sheet_MIDDLEWARE.drawio:
--------------------------------------------------------------------------------
1 | <mxfile host="Electron" modified="2022-04-11T17:20:53.046Z" agent="5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/16.5.1 Chrome/96.0.4664.110 Electron/16.0.7 Safari/537.36" etag="OCj5A9Lltisfn_A-Syv_" version="16.5.1" type="device"><diagram id="NAMquWqF7pGOmIKc8PHd" name="Page-1">7Vnbdqs2EP0aP5rFTYAffSMnXYmbJuespH3xUkC2VQNyhXzL11cYcbOw4x5jx+1qHmI0SGK092xmJFpGP9zcUbiYPRIfBS1d9TctY9DSdd2wbf6TWLappaN3UsOUYj81aYXhBX8gYVSFdYl9FFc6MkIChhdVo0eiCHmsYoOUknW124QE1acu4BRJhhcPBrL1Fftsllod3S7s3xCezrIna5ZYXwizzmIl8Qz6ZF0yGcOW0aeEsPQq3PRRkICX4ZKOcw/czR2jKGKnDPgjMl/mltHvqpH7w/XG8O5x0tb0dJoVDJZixcJbts0gWM8wQy8L6CXtNae5ZfRmLAx4S+OXAXxHQQ968ykly8jvk4DQ3UDD3f3xLvEcMS9BQ+UNGOBpxK897jfiPXsrRBnmiHfFDUaSJ8SMkjnKZotIxJ/ek9csYEjmQJuSSWBwh0iIGN3yLuJu2xJ8iIAEpmivS/TawjYrUas7wghFSE3zuQvU+YUAvp6ER3f0mzX6Rtdv4cMmaE8+OiZqyxw83g8GD8PX7vPwRtg4gHINFweBB6AKvKXKwOtmDfCa1QDw9dGvSsjfj74Pn0fD7zeF+3kBb36Oew5x47hrcAstG7SX5K973H775QMtUVuTYHeff+XAjwb/Hdg163PYDXDVcJdf7cjnyU40CWUzMiURDIaFtbeDFfkCvqLPA0mA2nHwJ2JsKzI3XDJSZYgjSLdvvNFWFVWzMsvvyYyK6TiZYbARz0hb23LrCVHMIUgI2xkP0hOTJfXQMcWLEgLSKWJH+on0nuBzlGyKAsjwqlos1BEnhj4RzF3Og0Q3NEUH1ThxHMWpzpN6K4buxUDuyxlvQUmN/QAj8axytMB4kZZYE7xJQqJM8yLxbucv6LXAoE5qONzVWr0JiZgIF15+5PYBDqfc/wC/8//wY0lRslRe/UUMM46h+yNGNFbi1bQhgZqKY1WhtzQFSCIFqpLVrGWZAnChasD8CpXWhvvPScyUJVa7TuNMRZ31KjSlmH9F78nqEOURJDFQzSHXk0EYexDx3/4yZiQckBDiqDkFmPpeiuLxb+g1CnAUG8gKMDuK0YAIavnpfHmqsrRqqgKmdd1UZZ2YqsymU9VZxFmysLruTWSSCLE1oXMcJfe42sfdxSLgpR/DJBq7mKI1DILxE+E2jOIxd7s5pRmqruyledBR6qRmKzVKK6yN8+V8udB0Y09omn1dodknCs26KaHZktC4TmDk3WD2eiDQH2fejScIMi7J5sSVnxXmacysKeJqVHWxYwVNoqAByfjd5DizlZ+FcYuLE8d2U/ownu3mTzpPuL20FfYBcnxTOlPjdxz93bCsYzRcegek7Z1OgP3dbypfafPz6USOujdRc7uo2nL238r55zV/45wDoyHO9ye6Nuf2lybPPBWKvPnzWfOf7vsO7+dO2PeBK2XNY06Wsmb36Z4bSrXgTRSrC4pWGK351QvjXnlJsZqdfRQRlHiQf1YqtvHnHdM7+9nUOLFKNa0LkQZk0v6nSwywpeLngnTxZvG9Mn2JFl99jeHf</diagram></mxfile>


--------------------------------------------------------------------------------
/assets/Network_Segmentation_Cheat_Sheet_MIDDLEWARE.drawio.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Network_Segmentation_Cheat_Sheet_MIDDLEWARE.drawio.png


--------------------------------------------------------------------------------
/assets/Network_Segmentation_Cheat_Sheet_Monitoring.drawio.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Network_Segmentation_Cheat_Sheet_Monitoring.drawio.png


--------------------------------------------------------------------------------
/assets/Network_Segmentation_Cheat_Sheet_Schematic_symbols.drawio:
--------------------------------------------------------------------------------
1 | <mxfile host="Electron" modified="2022-04-11T16:56:48.813Z" agent="5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/16.5.1 Chrome/96.0.4664.110 Electron/16.0.7 Safari/537.36" etag="HXSf9nVqhsJPb6Jpk0Bc" version="16.5.1" type="device"><diagram id="NAMquWqF7pGOmIKc8PHd" name="Page-1">7Vxbe6JKFv01+b6Zh+mPaxIfvUXJAMZ4xTcEgiCKoyjCr5+1q8Bruk96utM5050zc45UUZe999pr7QLtvpHri31rba9mRux60Y0kuPsbuXEjSaIoSPignoz3VKQK7/DXgVsMOnb0gtwrOoWidxu43uZsYBLHURKszjudeLn0nOSsz16v4/R82Escne+6sn3vqqPn2NF17yhwkxnvvZfujv1tL/Bn5c7ibeHfwi4HF55sZrYbpyddcvNGrq/jOOFXi33diyh4ZVz4vIev3D0YtvaWyVsmaNX/PG5bzXzp7Nvi5M6xVsPkX8UqOzvaFg4XxiZZGYF0FiReb2U71E6B8o1cmyWLCC0Rl5E99aKa7cz9dbxduvU4itdsovzA/sGQzdxLHAqGgIYdBf4S1w7M9jCytvPWSYCAV4sbi8B1ae/aJlnHc69ccBkvqfPa69IFLOPtT7qKKLS8eOEl6wxDirslINl5Mz3Cq94WfbMTaBW56LSLlPIPKx+jjosi8K+DcCeOlt1mPhwve31Verrz1w3nX7dXIDwEUeS56Itin2LD6BFvV/iMXwgez18gABtcVs0G9SI4r4z+YCiTmHZ4gTPlWq73Ym+j5ArdY79rb2aeW1j0E9CWb8/hVq7hloRX4Jbu3wtu8Zp0b8f7E1FJvjtH9P4aUfH+FUTFdyPwNaCml6Txen6EDlf/GOpVE5/eF//LPz8cyYPM/gRElL+kmCi9Asjte+EhXeGhX/LqlqXmdI0rn64uZRXRxX+Smbe+ZuXH0/AA3scy8QJ3UXwj8O8mrfKnsv4InuLdXxP5VWVV3wtQ5U3KKv7W6no4nhSo3L2RZcp7gaK+CRTpjwJFfGvRezdU7j6pguBePNu98nD3a1G5/+TKNSofrmCVT65cofLm09u7oVIa8EmWU1huPxwW+SrAnut7vaIZr5NZ7MdLO2oee2sssuxsShEMt4tVOd5eO/S8dZilx3TyZcCEXpJkxTtge5vE57B5+yAZFwvStUXXX9Si1dif3GpkReMlXiYn+ArsH3aittdJld4P3xxeLbI+el4o5n4VzE28XTvetyJWPIBSmL6J+dqL7CTYnb9rfg3AYupTHDAKlJl0Xe6+CBVVku+L/96drwgHfS8pFrnIioNVP5Ao16f1zjbxsZ1//cC9LJl9ecN2HG9z/TxGsdSJuOdJ8XZurr1NkNtTth7Bu6IwsMCotRu18Y1kuU6Eb/LkiuuHbyeK3W9OvwB4TQOEL6D93Rm05TuNH8wY+f48Yc7nxy8vG+99UuP6lcwr0v4bybh08dr58LxwIuOVX6ri6m+u4k5kbzaBcyHkbMuleyH16Pk5Qn/3QUJ/dy70Fwu+t85ff2GlLaeUKn+EzJevPz5l/qt8+HNlXv1omb//lPnTQUel50MQ4/Fp48Quah4NY63Ssv+9QpRPalySvzVQ/JhSIisfWkq+8SbmaxXjsj9YYoFpDLpd3XKDNfQ4iJf/l4WmfHf4Ny40JX6/utBIb3pV9BsXGvmVN9u/tNAcXPhTEFD+bgBIn5X+b1XplbdWevVjKr0ifGSll65/m/FZ6S+o/Fnpv06rP6bOXFX6V37f+GsLzZt+7/EbIXBZ6T8cgOu3KsNgnWzZr9lW62BnJ/Tr78OrtgsoNjN7RZdOFgUo/msZUfoLeKb8mKBPDx0HqDrbBMt4Rf+GnwpE9X/A9OuHgNd/7fb6b+O+Q8bjxKYKgb4K7TOL10EOG+y/fA/8HamjqOcyWbZPf26uXufO4euBn588179A6bA/LMB+/pjM6HIV4wxFFUa6BRCiwGreCmUPgbCLonoy/jDokHGC6+0C5NLXUi9YsD9mc8CGleOneBMUeBww+noOvbB/voWvvVnxPwH0EuzpiFtju1bLXqHsofSxE/tGrvKm9LDZ+TdSbY/0l+pPbVOaZDVlOtpvnXw1t3IhsNvPgtOId7pcE51Fup3Kj0tdeg51abiZjMRounzO9by5NXr3gdaeJdOWmncWZvjUe4zd9nPaCe53lvwYWePnlbsYhlNJTKaSmuuLSjbJKlsnM47zlo/zSXi6pyu7mSobmbpzFs7O6M/VTu8+NYJ7zBKzSctKHDnauq0HRR+puZZpvtcSN9OlcevIk+WpDVhJ1pdOsS/mN6qpLpO/hzkVbTET3Hb1Vs8qGO1s3dzg/uZaivE7WlMLDvHJp9LzymlV5nb/1GZzN2lFKd3Tl+bOHT+Gk9EE9ruRvlAjt15pDpvdnSNh3riGsfPEqKtzt9U9iV+0tWUztMa16MqHk3tlDC3g4IDUljTMdel4H7ZKk/Fjbo8q26eettfDZqC1ojnWzN2Fo5p5VTHrmm+P1LUjmTOnNbgFRpkjRbspcDDqimoESq7V/cxsVEWz35X0ehWxayp6v5rr/eb+3z3NP/HldtKqhNPFQzJBTBz5YTOWnmfAJ7DGZoR48Hg3sHa7psA+FXalTtuH75PVZOzWp7Jf0cKqb9SrstlTRCOo7hH7rdFv8vg0VrnTegjZ+u3HyJGGmbsY4J67mrSfY6zH51Gu9B34O4vskRu7tGcfmIfNvRYq99PRULBGZFsT/neBvRjBzjnydGb0ncwMNPDiqU0Zueo9Ny1qtcywE7nAcuM7i+dFZ/EQTOWhgD2Dp3APvqwWyJfEGncx2h6Js4k0YFnzb5ksTxEh43YC1KajB6GYIXiEFN8nm4yLjOl/i3nP4XQUsXm6aAr2aL/p8b0CPVfuaQ+3FQnT1mD3FKY7SzJuh1Ils3FPl8/8qVeSCfydtB4Eq08zhwsnq60miBW7zpuyEXaDp8AKvVbzrt7jn4+BqVj9zWPxudDk2ayTzvln9s5ju/Pz/nT+eDHvsVzv8PmT5yBuc3A6L+Py1Jqspu3nyAmK2C2ijdsaZuNcO8auv19MBu7MHZvg48O2u9iLx/HDtjUe5uDdbDp/3LhjjbiZGsQt+Xn+3BpKmCMUPM60AIWtVlhzr0vF7qHCLc33J8q0YuowYexyfIsUA5ZZUmUzlbWKFhgStIL+BVMekdlYZ1FJrZG5cttzMJEUY7Jy6yKy+nFpj5QEawhuq5IQc8HghT3uJsjnbALl0Uf7aLLsEoOv5jmLaGm3X7+H9dJivSXGQQ0rGyjXbLowI1IuAyo1kYcr2C5MpT1sfNha0oDsozksikx1Rs+I1FAG89NOg3w6qiGqkugsH1GxYG/rQZ2M4T8pUj6XjYYv0DrTRZJb0kM66a9CUimdFC+cQ/E0yeydK6UlU3wMRQ+d3OgjhsH5fajUcjI6jWX13J5lDZwd5jZUZyo7uK9d3Hdhz/POzcR4Mipj10wNpmqvjkM8Zytow+1k1C2we3WcbI+eBZspIny7rADAESou62MocSAoF3HBXJXsTbw+xce/2GO1m0oC9h5sjbCpGnlTNaH4U+nxP5ORKbyGK4+TuZu2Khn6wsmC/w/7IjYVeSI/Fix52DjQuCOj0tMqenuKfzmm5Aj2EOw6zxN23SDMm1eY42SyJTvBjcSSqbI8CNDjqMjN3G1HG9JmYvi0EYeoTLKxMCTco6qaaI3qxugbWzP0fTfAvUBBNaqF1G9mimj2qnszQFXtpXsjU6ROvZqjXzaDsl0baY1mroeWorUMVME01epCOeb8uh2T3p+p41O7horm84q2ZNekJHTGOs9dqbKd4jQGPDJ9RLyYzNz2MCPfGCbys4r6gaoIbWmltxrUyMwfQ8pxxrUeszsz62lZnX27TtV1kDG7w+q20xhsjKN/CfyGj8d2GachVXjuu6Y1DFkPNUF7eLNv+WX+frdvUpFxYbKgWqofOXuLE9CeeP9387nzs3w+4lmctg55eJqzsNvadvrNQ27rfbLZkfQyV5vwvxwTOlsjtyh3M6OnZPA/PYyjNXlMSh6k3H9aq+qbfR/rNzfH018K/W3mWsMRKc6Hdd4eK+FSl78/992FtYDu1g+xkhAXBbZkeuirBU8F1AkV/KT4CWYvVfWwmhNfkUMpcqZsk99ip8e5XNxLTPaJOOfIq0Z3o/fn+GTr0j0VOlGum3R6Cp6Aqoe5Rfu4bsNATlYFvdGltfxyTT6udnt2eihPDCnOvXHxbMCuqYLivH9ZQXdTPMNY8vPOCcQQyihhLE6nA17d2qbg4QSANRiTOoEZdFpdwcipsgGVueAD3a3JMglIN5p+N0M0e/AMrIIHCjwto0sRlbWGhezwMV7bdg6RdyjTkC3wMAfj0GceWYYM8TGPPe/IesMAKx2f7iGbsNZ8j2zamrlWrMkzHUqdYg0gakhsTt/3YU+uNwZkr082IroJxu2B1J4hlqENhhg9KCztXT+0gTbsRkaTn0YIG3tKTuuzcT2ycbD/DgWXfljBrxmfwScZPkjwZV8yHv7h2QeZWFcUxAsYVPfIVMQFJ6EGVfUB2A8Mwy75lLGszRQVeLE461ABM5/TPcKE4iUUlUtgDK4LyM6uiLbE8AEjEPNca1uYi/VzzbegDsCJ1pAQS2SyhlzRCjz4Ne7tWXx7isqUtQ6lCQi/gcz3sCT4sy3uIb9Iqecbsp0zCzazvR0ah/4q5YRPn0Y5Lh+wNvxi7U7DZ22oFB/fN3gscn7fCGk+FLI/QFvDPhZvh8aGj2syH80G3efsPLYtlnPE+CLHYK9DNlI+i8hn2EP7Ikb9LvktdmgsMAAvSBULf+YCOIOxTW4zjUXcjIyUoctzsY52ryqy9REj4hJOK5xvrcKnkM+nKsd8YKpE/VZh8/ykzWJKqp0w3HFqQUXLirwRaA8+juFB+JMSpgXGpF4Jw6NBMRqwUw9sEwk/g+cZcYf6cp5nNAZ8ZOO6qCqYB4xoLegH9pxLfK05+Q7OpYhLFeuRFmiU43uD+eswruOkyvIBvKRxxXpsHOUN+roZV9OB7wXa7m2nSyf90dPlyUm4OF0OyBbk/YCeOsrKQ1Voz+NpCZyjXZ9j36QKzqoO8FCIO2VOGhQvaBXuIQ8MlfmXd/0p9JeeeHTkkMlOJ12Bxa6ZopLMKR82Jr3vC+ek3cAllVmVp9MRxb+Hdl2BpqNCYW+0pQ7jMfSF863gYLewQ2NcMZl2kO52OTdCzrVO3yi41+R5llPeEY7GSdti2BTcEXiucI7RaYW4ojO9sfaELU7+BTcMyg/B6DHdFnhOaLnOtKoraSzXtIO9TOeYDwOJcYztQfXMonX2vPrC9r5FHEO+DTCf5TjVhH2Zv9if1kKupowfGq/UG+hwrjE+Wlw/A5Z7Aq9HDvlBdVLiehn70PAEMUesiQcG6Waqc84V+cD0Fr4YGY898obh7RTtqsj9ISy0gtPIEVqXNCLgWsTH+uyExjDLmYbIXNO7MsurHuP+nk6Qxf57OqlxfvmFpvgbshdxTtmcnOkwTphUZ5oq4x1iajJtI9+rTBMMzmMal3F+Uq5arGbzcdw2yjeD6z3OCYQluMLiUc047qWuM/2UDF6/gRutYeU8NgPhO+qy/LNP4n2cccAXETgTjxT+hDAgjorag+WDJyzX8eRBfTLVTTzFM/6gD7rgZ2f25yl7A/nk03cJ9P/3+CYquvhSY82/3jl8QxV5L8nP+Zbp8u80kl/5A7WKeP0tkyp/95dMaB7/ijL+nf7xL3qTm/8F</diagram></mxfile>


--------------------------------------------------------------------------------
/assets/Network_Segmentation_Cheat_Sheet_Schematic_symbols.drawio.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Network_Segmentation_Cheat_Sheet_Schematic_symbols.drawio.png


--------------------------------------------------------------------------------
/assets/Network_Segmentation_Cheat_Sheet_TIER_Example.drawio.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Network_Segmentation_Cheat_Sheet_TIER_Example.drawio.png


--------------------------------------------------------------------------------
/assets/Network_Segmentation_Cheat_Sheet_firewall_1.drawio:
--------------------------------------------------------------------------------
1 | <mxfile host="Electron" modified="2022-04-11T16:45:34.318Z" agent="5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/16.5.1 Chrome/96.0.4664.110 Electron/16.0.7 Safari/537.36" etag="DrC9QuQ9x9RjFykm4mMx" version="16.5.1" type="device"><diagram id="NAMquWqF7pGOmIKc8PHd" name="Page-1">5Vprl5pKFv01/TF38dJuP/oWB7B9C1/uQiAIgjiKIvz62acKfLSdrGRu7kxmTSdpqapTVee19ylSvsjt+NI/2PuNnrhe9CIJ7uVF7rxI0ttbHb+pI+cdNVnkHf4hcHnXXcc0KLyyUyh7T4HrHR8E0ySJ0mD/2Okku53npA999uGQZI9iX5Pocde97XtPHVPHjp57l4GbbkqzpNdb/8AL/E21s1hv8JHYroRLS44b202yuy65+yK3D0mS8qf40vYi8l3lFz6v943Rq2IHb5f+yIQ/hS+113TsxltpM4wjPYlW4y8SX+VsR6fS4FLZNK88kG2C1JvubYfaGYL8Irc2aRyhJeIxstde1LKdrX9ITju3nUTJgU2Ue+wHIsetlzrkDAENOwr8HZ4dqO1BsnX2DmkAhzfLgTShHY7pIdl61Wq7ZIfdW6WymOBdvukF8epb5KSXxF56yCFSTVDKcFT5+Fq2s1t0a29l3+YuspJQdtplRvnXtW9Ox0Pp928Ezc7t+mvtyyn5pxp8WQ0L7+R9EZ9iYHhplhy2FAfPj8kySRB/k8B8w+GfhOXbMah/iEHjOQZXAriPwXXiL4/BMw4+i8HvAo5fEAOl8dvFoP4Ug46d2mv76D25HVy6p8cgZvR9dZNG/n5PjkEaJOSuOHBdmvOdQHxlP5+4+jrXPu55ZfkaXDwY0GK7NqteoerBswuFX+Qmb0q949l/kVoXpIPUfh8YkpW3lPXycnKK/dYshMAeTASnk5w1uSU6cXZay8OdJk1CTVocraUYrXeTQiu6J336FqiDTbru14pRbITv02HiDibZKHg7m/IwMleTvRsvwrUkpmupVmhxI7fyxsnJ9du83XBrhfd7urKb12Q9r52d2Dnrs21tNH3L9OANs8Tc6pupI0cnt99TtGWtUHPV9/ricb3T645s7e51wEqytnPKfTG/08w0mey9zmmo8UZwB826ljcg7ZzcQuf2FmoG+TOtqQZX/xRrabJ3+o2tPbvX2Thb/SijMW1nnN3VMLSWFvR3Iy2uRW670V10x2dHwrxVC7LbVG/Xtm5/fOe/6GTLRmiuWtGTDXdjlQ9NxMEBqE1pUWjSbRy6ShYy1142Tu9T9aKF3UDtR1usWbixUzOKpmK0Vd9e1g6OZGyc/ryOGOWOFJ3XiIPeVmp6oBRq28+NTlM0ZmNJazfhu66izZqFNute/jFV/Ttb6la/Ea7jXmrBJ47cO66kyQbxCcyVEcEf3N8drD1oKdCvBr0yZ+DDdmtvrdz2WvYbatj09XZTNqaKqAfNC3x/0mdd7p/OvnD6vZCtPxhGjrTI3XiOMXdvDSYJ1uPzKFdmDuzdRPbSTVzac4aYh92LGipv6+VCMJekWxf2jxF7MYKeW+TpRp85uRGowMX7gDJyP510TWr1jXAUuYjl0XfiSTyKe8FaXgjYM3gPL8DLPka+pOZqDGl7KW4sac6y5h8yaZ7BQ3rdQtTWy55QzhA8ihTfJ7dWZcbMvoe8SbheRmyeJhqCvbwcp3yvQCuUN9rD7UfCuj8/v4fZ2ZT0+kJq5DbGNPnBnnYjtWCv1e8J5oxmLmInb+0t+Io9F11ZD8fBe2CGXr/72p7yz2FgKObsOCw/Y1XebEbZln/mf7PsePvYn22HH+YNq/Wun794Dvy2BaaLyi/vfWu/HkwiJyh9F0dHt7/IV4V6893sEltzd+OuDOCxdxrHF/EmvxiYq0UB3G3W2+HRXamEzUwnbMmT7aS/kDBHKHGcq8Eboldq86ZJ5e6hwjUtLnfMtGfsYDF0Ob5JjAHNTKlxXMtqQw10CVxB/4CUITIb68SNzFwae3ewBRKJMay92xaR1cOdvVRSrCG4/UZKyAWCY3s1TpHPuQXm0ZaXyNqNCcFP85w42tmDz8ewXlaut4Mc2LBxBHNt1rEREXPpYClLXuyhu7CWLtCxdzKlOelHc5gXGessJ/DUQgbys1GHbLqxIaqS6OyGqFjQt9+rWSvYT4xUbGW94wu0zjpOC1PqZdZsHxJLacR44RaMp0rG9JEpTZn8oyta6BT6DD4MHsfBUjtree/L5qM+uxYwuyhssM5adjCufhh3oc/k7OZiYi0r33UznbHap3Lw52YPbqhby3EZu0/lZHs5EWzGiLDtYwVAHMHisrYCEweC8sEvmFsjfVNvRv7xP+yxP68lAXvPT3rYrelFt2aA8dfS8J/W0hA+iyv3k3Fe9xs5+kIr5n+wL3zTkC15WKKkd3TAcTdEZfdVtH4f/0qmwgj2EOw2zxP23KGYd59ijpPJifQENlJTpsrSE8DHUZmbhTuIjsTNhPB1JwlRmWQ91iWMUVVN1U7zqM/0kxH6vhtgLFBQjVoh9Ru5IhrT5sUIUFWn2UXPFWnUbhbol42gareWaqdbaKGpqH0dVTDL1LZQyTw+DxLi+wd2fB+0UNF8XtF27JmYhM5Yj7krNU5rnMYQj1xbEi6sjTtY5GQbi4k8qaF+oCqCW/pZXQUbGcUwpBxnWJsyvXOjnVXV2bfbVF3nOdM7bJ5GnflRv9mXwm7YeGtXflpQhee2q2pHl7VQFdTeD9tWfMzfn7ZNKjMuTGOqpdoNs3WcgC6E+9/N5tGvsvkWz/K0dc3D+5yF3uZpNOtec1ubkc6OpFW52oX9lUzonPTCpNzN9amSw/7sKkdrcp9UOMi4/bRW0zdmPtbvHm+nvwz82y3UjiOSn6/r/LivhI+8/PO578ZmDN5tX30lwS8KdMm10K+VOBVQJ2rAJ/lPMKZZTQubBeEVOZQhZ6o22S2OphzL5VhqsE/4uUBedcZHbbbFJ1uXxmrgiWrddDRV8AbUvM4t27d1OzpysilonTGt5VdrcrlW/eH0UJ0YMpx7k/LdgD1TBcV5/2MFPa/xDmPKk7MTiCGYUYIsTqdzXt0GhuDhBIA1GJJGgRGM+mNBL6iyISpbwUd0TwbLJES60/XHObw5hWVAFSxQYGnlXfKorHZMZIcPefU0unreoUxDtsDCAohDn3FDGTLExzz2viNrHR2odHwaQzZhre0F2XQyCrVck2c6mDrDGoioLrE5M9+HPoXWmZO+PukI76aQuyBSFxaxHG0gRJ+CYWnv9rWNaENvZDTZqYfQcaoUtD6Tm5KO88tPMLj0lxn8GfE5bJJhgwRbLhXiYR/efZCJbUWBvxCD5gWZCr/gJNShqj4H+hHDcEw25Sxrc6WGeDE/a2ABo9jSGMWE/CWUlUtgCG4LyM6xiLbE4gNEwOeFOjAxF+sXqm+CHRAnWkOCL5HJKnJFLePBnzF2Yf6dKjXGrG0wTUDxm8t8D1OCPadyDPlFTL09ku4cWdCZ7e2QHPqblBM+feqVXDFnbdjF2qOOz9pgKS4/07kvCj6uhzQfDDmbo61iH5O3Q/3I5brMRqND4xydt7bJco4QX+YY9HVIR8pnEfkMfWhf+Gg2JrvFEckiBsAFsWJpz1YAZiDb5TqTLPym58QMY56LbbSnTZGtDx8RlnBa4XjrlzaFfD5VOWYDYyXqN0udt3dt5lNi7ZTFHacWVLS8zBuB9uByLB4Uf2LCrIwxsVfK4tEhH83ZqQe6iRQ/necZYYf6Cp5nJAM8MrkxqgrmIUa0FvgDe24lvtaWbAfmMvilifWIC1TK8YvO7HUY1nFSZfkAXJJcuR6To7xB3zjnbDr3vUA9/9jp0sn+6uny7iRcni7npAvyfk5vHVXloSp04f40BY7Rsc9j36UKzqoO4qEQdqqc1Mlf4CqMIQ/0GrOvGPtr8C+98WjIIYOdTsYC8103QyXZUj4cDfr/vnBL3I24ZDKr8nQ6Iv9P0W4r4HRUKOyNtjRiOAa/cLyVGByXeqgMKwbjDuLdMcdGyLE2mukl9ro8zwrKO4qjftc2WWxK7Ag8VzjG6LRCWNEY35gXii1O/iU2dMoPQZ8y3hZ4TqiFxrhqLKks19SrvoznmA1ziWGM7UH1zKR1Lrz6QveZSRhDvs0xn+U41YRLlb/Yn9ZCrmYMHyqv1EfwcKEyPJqcPwOWewKvRw7ZQXVS4nyZ+ODwFD6HrwkHOvFmpnHMlfnA+Ba26Dn3PfKGxdsp202R20OxUEtMI0doXeKIgHMRl/XZCY3FrGAcInNOH8ssr6YM+xc6QZb7X+ikxvHll5ziH0lf+DljcwrGwzhhUp3p1hju4FODcRvZ3mScoHMck1zO8Um5arKazeW4bpRvOud7nBMolsAK80cz53GveJ3xp6Tz+o240RpmwX0zF36iLsu/+iQ+wxkHeBERZ8KRwt8Q5oRRUe2ZPnDCch1vHtQnU93EWzzDD/rAC37+oH+Rsf+BfPfpLoH+Pl7nfE126d1Vg8B+ni43Xe+rfYpSkg+i6Lk3+nCpceCXMdfLosj7Ss3r/bL4a26Iam/KH7WHO6J6Ta567m6JFPH5kqgm/113pcLTXZDn+t60bCaHdJP4yc6OurfeFrvyoZsbFpSbjJbQbRrzV+ilaV5++8A+pcnjNd43vXlMTgfH+46+5dcEUvvge+l35MovDZAt343NwYvsNDg/fjnhl3v59ekmrrf89Ar66Wrszmn7JNilTLNa66XW+ex2s7q+I5yUzhelu+u0IPahfxSs8dsuTgeP7Nrxi9lgR2NN6v2zFxy8zI6iP3V7h5mHP+ji7T7u4t+AD1lRPqDj+Qb19ZML1L/t/lR8js9/ABtw4CFflfNZw6QGiKJsdi73g528bP37mGr8IKbqvxWmGp9g6vn7BP/PgFI+fC3kvw8o5X+r2IjyDyLj9bdCRqX2HTSa+30UODY78PwOENkfvHPgZXiaptDK+RMKHv8joJBk8Q/p4zHs9QkXtdfqZHaPDKX+0yFD8/aVRDZ2971Oufsv</diagram></mxfile>


--------------------------------------------------------------------------------
/assets/Network_Segmentation_Cheat_Sheet_firewall_1.drawio.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Network_Segmentation_Cheat_Sheet_firewall_1.drawio.png


--------------------------------------------------------------------------------
/assets/Network_Segmentation_Cheat_Sheet_firewall_2.drawio:
--------------------------------------------------------------------------------
1 | <mxfile host="Electron" modified="2022-04-11T16:46:10.749Z" agent="5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/16.5.1 Chrome/96.0.4664.110 Electron/16.0.7 Safari/537.36" etag="X8JxaWi-1FoDmWfYog1d" version="16.5.1" type="device"><diagram id="NAMquWqF7pGOmIKc8PHd" name="Page-1">zVpZm6JIFv01+Vj9sWmmj+5iA6a78NIfAoUgiKMoy6+fcyNwS7N6qqaqZyq7qySCWO69555zw4p8kdtx3j/Y+42euF70Iglu/iJ3XiTptS7gb+ooeEddEXmHfwhc3nXXMQ1Kr+qs5vmnwPWODwPTJInSYP/Y6SS7neekD3324ZBkj8O+JtHjrnvb9546po4dPfcuAzfd8N436fXWP/ACf3PZWaw3+JvYvgyuPDlubDfJ7rrk7ovcPiRJyp/ivO1FFLtLXPi83jfeXg07eLv0eyaMhMOX7XDfMOqb17/evePmz0D8Uq1ytqNT5XBlbFpcIpBtgtSb7m2H2hlAfpFbmzSO0BLxGNlrL2rZztY/JKed206i5MAmyj32gyHHrZc6FAwBDTsK/B2eHZjtYWTr7B3SAAFvVi/ShHY4podk611W2yU77N6qjMUEL/9mFMRrbJGTXhJ76aHAkMsEpYKjysfaa9XObugqjapvc4esJFSddpVR/nXtW9DxUMX9G6DZhV1/rX05Jf9Sgy+rYemdvE8wMLw0Sw5bwsHzY/JMEsTfBJhvBPwTWL6NQf0DBo1nDK7hvsfgOvGXYyB9Fwa/Czl+AQaK+NthUH/CoGOn9to+ek9hh5bu6TGImXxfw6RRvN+TY5AGCYUrDlyX5vwNEF/Zzyehvs61j3teWb4GuQcHWmzX5qVXuPTg2YXBL3KTN6Xe8ey/SK0c6SC13weGZBUtZb3MT06535qlENiDieB0krMmt0Qnzk5rebjTpEmoSYujtRSj9W5SamX3pE/fAnWwSdf9WjmKjfB9OkzcwSQbBW9nUx5G5mqyd+NFuJbEdC3VSi1uFFbRODmFfpu3G26t8H5PV3aLmqwXtbMTO2d9tq2Npm+ZHrxhllhYfTN15Ojk9nuKtqyVaqH6Xl88rnd63ZGt3b0NWEnWdk61L+Z3mpkmk7/XOQ013gjuoFnXigZGOye31Lm/pZph/JnWVINrfMq1NNk7/cbWnt3bbJytfpTRO21nnN3VMLSWFux3Iy2uRW670V10x2dHwrxVC2O3qd6ubd3++C5+0cmWjdBctaInH+7eXWJoAgcHpDalRalJt/ewVbKQufaycXqfqrkWdgO1H22xZunGTs0om4rRVn17WTs4krFx+vM6MCocKTqvgYPeVmp6oJRq2y+MTlM0ZmNJazcRu66izZqlNuvmf05V/86XutVvhOu4l1qIiSP3jitpsgE+gbkyIsSDx7uDtQctBfbVYFfmDHz4bu2tldtey35DDZu+3m7KxlQR9aCZI/Ynfdbl8ensS6ffC9n6g2HkSIvCjed45+6twSTBenwe5crMgb+byF66iUt7zoB52M3VUHlbLxeCuSTbuvB/DOzFCHZukacbfeYURqCCF+8Dysj9dNI1qdU3wlHkAsuj78STeBT3grW8ELBn8B7m4Ms+Rr6k5mqM0fZS3FjSnGXNnzJZniFCet0CautlT6hmCB4hxfcprFWVMbO/Y94kXC8jNk8TDcFe5scp3yvQSuWN9nD7kbDuz8/vYXY2Jb2+kBqFjXea/OBPu5Fa8Nfq9wRzRjMXsVO09hZixZ7LrqyH4+A9MEOv331tT/nnMDAUc3YcVp+xKm82o2zLP4t/eOx4+9ifbYcf5g0v610/f/EcxG0LTpeXuLz3rf16MImcoIpdHB3d/qJYleotdrM8tubuxl0Z4GPvNI5z8TZ+MTBXixK826y3w6O7UombmU7ckifbSX8hYY5Q8bhQgzegV1nzpknV7qHCLS3zO2XaM3WwGLsc3yTFgGWm1DiuZbWhBroEraA/YMoQmY114kZmLo29O9iCiaQY1t5ti8jq4c5eKinWENx+IyXmgsGxvRqnyOfCgvJoyzyydmNi8NM8J4529uDzd1gvq9bbYRzUsHGEcm3WsRGRculQKUte7GG7sJZy2Ng7mdKc7KM5LIpMdZYTRGohg/nZqEM+3dQQVUl0dkNULNjb79WsFfwnRSq3st7xBVpnHaelKfUya7YPSaU0UrxwC8VTJWP6qJSmTPHRFS10Sn2GGAaP76FSO2t5H8vmoz27Fji7KG2ozlp28F798N6FPZOzW4iJtbzErpvpTNU+HYd4bvbQhrq1HFfYfTpOtpcTwWaKCN8+VgDgCBWXtRWUOBCUD3HB3BrZm3ozio//YY/9eS0J2Ht+0sNuTS+7NQOKv5aG/7KWhvAZrjxOxnndbxToC62Y/4d9EZuGbMnDiiW9owONuzEqu6+i9Xv8L2MuHMEegt3mecKeO4R59wlznExOZCe4kZoyVZaeAD2Oqtws3UF0JG0mhq87SYjKJOuxLuEdVdVU7TSP+kw/GaHvuwHeBQqqUSukfqNQRGPazI0AVXWa5XqhSKN2s0S/bASXdmupdrqlFpqK2tdRBbNMbQuXMY/Pg4T0/kEd3wctVDSfV7QdeyYloTPWY+5KjdMapzHgUWhL4oW1cQeLgnxjmMiTGuoHqiK0pZ/VVaiRUQ5DynHGtSmzuzDa2aU6+3abquu8YHaHzdOoMz/qN/9S+A0fb+1LnBZU4bnvqtrRZS1UBbX33b6VH/P3h32TqowL05hqqXbjbB0noJx4/7v5PPpVPt/wrE5b1zy8z1nYbZ5Gs+41t7UZ2exI2iVXu/D/MiZ0TnppUu4W+lQp4H92HUdr8phceJBx/2mtpm/MfKzfPd5Ofxn0t1uqHUekOF/X+f5YCR91+cdz343NGLrbvsZKQlwU2FJooV+reCqgTtTAT4qfYEyzmhY2S+IrcihDzlza5Lc4mnIuV+9Sg30iziXyqjM+arMtPtm69K4Gnbism46mCr4BNa9zq/Zt3Y6OnGwKWmdMa/mXNfm4Vv3h9HA5MWQ49ybVdwP2TBUU5/2PFfS8xncYU56cnUAMoYwSxuJ0OufVbWAIHk4AWIMxaRQYwag/FvSSKhtQ2Qo+0D0ZLJOAdKfrjwtEcwrPwCp4oMDTS3QporLaMZEdPsarp9E18g5lGrIFHpZgHPqMG8uQIT7mse87stbRwUrHp3fIJqy1zZFNJ6NUqzV5pkOpM6wBRHWJzZn5Puwptc6c7PXJRkQ3xbgcSOUMsQJtMESfQmFp7/a1DbRhNzKa/NRD2DhVSlqfjZuSjfP8BxRc+mkFf2Z8AZ9k+CDBl/zCePiH7z7IxLaiIF7AoJkjUxEXnIQ6VNXnYD8wDMfkU8GytlBqwIvFWYMKGOWW3hEmFC+hqlwCY3BbQHaORbQlhg8YgZiX6sDEXKxfqr4JdQBOtIaEWCKTVeSKWuHBn/EuZ/GdKjWmrG0oTUD4zWW+hynBn1P1DvlFSr09ku2cWbCZ7e3QOPQ3KSd8+tQv48o5a8Mv1h51fNaGSvHxM53HouTv9ZDmQyFnc7RV7GPydqgf+bgu89Ho0HvOzlvbZDlHjK9yDPY6ZCPls4h8hj20L2I0G5Pf4ojGAgPwglSx8mcrgDMY2+U201jETS9IGcY8F9toT5siWx8xIi7htML51q98Cvl8qnLMB6ZK1G9WNm/v2iympNopwx2nFlS0osobgfbg4xgehD8pYVZhTOqVMjw6FKM5O/XANpHw03meEXeor+R5RmPARzZujKqCecCI1oJ+YM+txNfaku/gXIa4NLEeaYFKOZ7rzF+HcR0nVZYP4CWNq9Zj4yhv0DcuuJrOfS9Qz993unSynz1d3p2Eq9PlnGxB3s/pW8el8lAVynk8TYFzdOxz7LtUwVnVAR4KceeSkzrFC1qFd8gDvcb8K8f+GvpL33g05JDBTidjgcWum6GSbCkfjgb9e1+4Je0GLpnMqjydjij+U7TbCjQdFQp7oy2NGI+hL5xvFQfHlR0q44rBtIN0d8y5EXKujWZ6xb0uz7OS8o5w1O/aJsOm4o7Ac4VzjE4rxBWN6Y2ZE7Y4+Vfc0Ck/BH3KdFvgOaGWGtOqsaSyXFOv9jKdYz7MJcYxtgfVM5PWyXn1he0zkziGfJtjPstxqgn5JX+xP62FXM0YP1ReqY/Q4VJlfDS5fgYs9wRejxzyg+qkxPUy8aHhKWKOWBMPdNLNTOOcq/KB6S180Qsee+QNw9up2k2R+0NYqBWnkSO0LmlEwLWIj/XZCY1hVjINkbmmj2WWV1PG/ZxOkNX+OZ3UOL/8SlP8I9mLOGdsTsl0GCdMqjPdGuMdYmowbSPfm0wTdM5jGldwflKumqxm83HcNso3nes9zgmEJbjC4tEsOO4XXWf6Kem8fgM3WsMseWzmwg/UZflXn8RnOOOALyJwJh4p/BvCnDgqqj3TB09YruObB/XJVDfxLZ7xB33QBb94sL/M2L9Avvt0l0D/P17nfE126d1Vg8B+ni43Xe+rfYpSGh9E0XNv9OFS48AvY66XRZH3lZrX+2XxF90QvSl/1B7uiOo1+dJzf1sqPl8S1eR/6I7o9emOqLf89HL06dLm7lZunwS7lFlWa73UOp/du10ulgjB6pcSROnuoieIfdgfBWv8bZeng0d+7fiVYbCjd03q/asXHLzMjqK/dHuHmYc/6EpIbrFLKDKL2fOrkZNr9Q+4Pd/tvX5ytfeP3eyJz/h4ru9Nq2ZySDeJn+zsqHvrvYsRUeY2RkvoDpTFKvTStKjgsU9p8ggzAngoVtV81jCpgRSump38/mWnqFrfROCYnA6O95+zM7UPvpf+zbgKHorB3+J58CI7Dc6Pv4ryGTrV1HdK7Fse1OTHO9762weAuUPVrA8YX834CdiV/wfs/z18ovyd+L3+avx+jl3ykyg29/socGxWMH4HZdwfvHPgZXiaprDK+QsGHv8nWijJ4h/SxzL2+iSHtddLZbsXRKX+w5ChefuVLk6k2+/Fyd1/Aw==</diagram></mxfile>


--------------------------------------------------------------------------------
/assets/Network_Segmentation_Cheat_Sheet_firewall_2.drawio.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Network_Segmentation_Cheat_Sheet_firewall_2.drawio.png


--------------------------------------------------------------------------------
/assets/Network_Segmentation_Cheat_Sheet_interservice.drawio:
--------------------------------------------------------------------------------
1 | <mxfile host="Electron" modified="2022-04-14T17:57:18.436Z" agent="5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/16.5.1 Chrome/96.0.4664.110 Electron/16.0.7 Safari/537.36" etag="-H_12LM2uwsq1q4MSwJP" version="16.5.1" type="device"><diagram id="TVD-_7uCiSrhKYJF-UI9" name="Страница 1">7V1pd6JKE/418/HmQANGP7pLLmDcYvDLHAQGQRRfRRF+/VvVDS6QTDI3ZszMMffOkW56qe2pKpbSb0J9sW+vjdVMDSzb/0Y4a/9NaHwjhOc5Ah/YE7OeCqmwDmftWumgY8fATey0k0t7t65lb84GhkHgh+7qvNMMlkvbDM/6jPU6iM6H/Qj8811XhmMXOgam4Rd7x64Vzlhvmdwf+zu268yynflSyt/CyAannGxmhhVEJ11C85tQXwdByI4W+7rto/AyubB5rVfOHghb28vwPRP03n1XFErJsK4t//mRJNbKmfyTrrIz/G3KcEpsGGcSiGZuaA9WhontCLT8TajNwoUPLR4OfWNq+zXDnDvrYLu06oEfrOlEoUX/YMhmbocmCoODhuG7zhKOTSDbhpG1nb0OXRB4NT0RBrjDJlwHcztbbRksYfdaSixMsPevSoE/yBaM0g4WdriOYUg6QUi1kZqjVErb0YlypbRvdqJYiUs7jdSgnMPSR5nDQSr2X1ABKaigVq3/29TgiOO/iDYuIPh78VzyJa4oeZ68IHm+9FmSFwqSV+VGQ2mOq/3m3yX8g/X+RPiE+63CFwvCl7Vhs681h3+T2N82+ZekLpLPkrpUkHqr3wW5/23ehq+8w+Dvf6vBlwrStS1INdJmsA5ngRMsDb957K1RsdpWKr7jGCVAQVEdeHYYxmneZGzD4FxDIK51/AyNf7g7ji9lPTqueCeWy1lHY5/uwVrxaevRXrsgAlQY7WR8IPE/Vw7wGmzXpv22EwiNtWOHP0tThJe1vbZ9I3R354S8pLl06mPgAokHKyECf0ekc0Mpl+/K5+sw6tKppwlWbjU+D/dybiEmjsJC1JoOTP13Aytfw8AuaAyV9xrD/QeN4WNxi7uGmA845u6kMxC/AeANSDOs4nXQMYumfS0X2b40nvn36lC8BJ6BLyM+GbBCZG1eh3uplEv+y7krpjyguZ+OhwNGwUVRLBavwG729asu4irmJXKVr29elUICOLanKHp7DQlXwfTO07fNit1i+eHu0dhODSgVDkySat+kxkvJnrug91pqP4JlmBoiT479DXfhAEu+O0XGNqZhw2d9uwmDRSNYGO7ybrNzsqTzMdi4oRu8mEwquQEsqcynmtMghJUvdFOhnIv8Jf5OyBKLk4xTKt/dS8WcU6zcCdInhSv+uuEK084Sf+ZR7iSx9IZX+ey0k8/uJL7lRyrXzDQyKk+xWm0V1PkbUWkk27WNXC3tMArWc3eJ58CBfK+uVj6gCxH3veWu7cjw/e+PAfS59uY7kP11wUsq5C53DSBV7l5C7/3dC+A99l7eAK6bCiB2iZDDLiTfV8au8N7LhFfU/pvAW7y5CNgzluYXDLJKYFjfM+q+/7CNEGD+hQHL56OtWMTqi7fwP0vXYkGlF0ChlUuroeckqbaMzYyuj4N/QP/JzTdLssuWWHiIAmfKZCqUSr8AyIvfcuHvc0lvXiuv3CR5cyGeu8+t9Mp9m0tl0rx00/p7tS6WL6T1/EK/X+vXvY17iLBpOL52ML5/bzC+biZ9XwjG1UcZOk7S1i+RV6/W9s61IzgahECViXn1Jo3ERyNCCg5vExyew3ytIC0J+SAtvDOhFkufZQVXuUH+X6F7SZS+97bZh73/x/RTvDd1w+dn4bNEvhw+SfFW1S2heiUPuicXSqjyC/32hIoU73I1jNCYGhu7YA4AqhXDJsPuz+Hz+tsJP+jfzxBWcC50y2rWy504Cguo/SZUWZO00BmQ2h4skNQfOxqZxDVxOt5vzWQ11xPONTp9zmwEO0Wo8eYi2k6Fh6VC+p5CnjaTMe9Pl/1ESZpbdVB25c4snLalpLvQvMfBQ2B1+lHXLe904cHXn/sra/HkTQkfTomUKItKPIkrWzNWj/OWD/OJd7qnJVixJKixtDMX5k4dzqXuoBypbhlm8fGkrYem4G+tdktUxlIix7Jjt/nNdKmWTGGyPKUBVhKUpZnuC/Mb1UgRkN/DnIq8mHFWp1pS4gqMNrdWojJ+EzmC8TtcU3YP8kmmpL8y25W5MTylWdtN2n6E55SltrOeH7zJeAL0W76ykHyrXmk+NXs7k8C85xqMnYdqXZpb7d6J/PytIWie/lzzCzycnMtkqIMeTPAjOnlKFHI8D7SSyfNDYowr28eBvFe8piu3/TmsmVgLU9KSqqjVZccYS2uTaDOzPSqBjmKT+Lsp6EGti5Lqiolcd2KtUeW1YY8o9SrIrikqw2qiDJv7fweyc8JLadKueNNFK5yATEyhtXkm/Rnox9WfNR/kweTdgLU7NRHok4CuyOw4wPtkNXm26lPBqche1VHrVUEbiLzqVvcg+606bDL5NFaJ2W55dP3Og2+Sp9hajOCctZp0+gGsx+ahrQxN4HfmG2MrsHDPIejca+5lTyxPx0+cPkbamsB/D3TP+0DnHOx0pg7NWHMh4a49dtAiV4N+U8dWW/O6vgW63Djmor/oLlruVHjiYE/30dsDXlYLsJdQf+7BaGPMzyZkRK3mXwEpj0BCamkCWpuOW1w6g7NRU2yfePKcWszwZ8jre9OxT+cpvMYZ4/1mwPZylUQs4x5W2+em7dHu0Yt2OlFLT6QSG3BOEc74qVfCCfA7abc4fYgznxZmXFtNQFb0OGkKqtdzH13ds9vN+/qAfT64mqgPNw/p50IWZrNuNGef8SeP7c3P+6P5Q27eQ7be4fPCc0Buc8B0ksnlsT1ZTTt933RT2S38jdV+ip8T+Si74X4xGVkz61kDPLa2vcWeP45/6ujPTwngbjadP2ysZxmxGamILaE/77efCMzhUhzHsguXBrWUmrJC0t09kVGa7E8804p6hwlFl+no6DGAMp1UNlNBrsiuSsBX4D9AygNYNqyzqET6WFtZnTkgET3GZGXVebDqh6UxFkNYg7PalRCRCwheGM+9EOw5noDnUcZ7f7LsIYIL88yFvzQ6L5+D9aJ0vSWMA29Y2YDnmk0Xmo+eSwUvNRGeVkA7NyV7oLG11ckI6cM5VIrU64z7IKknAZAfdRvI09EbQlTizeUDRCygt92SJs/AP3qkZC6oDYfDdaaLMNFJK5oMVx56KQU9njcHjycTbXDuKXUB5aOKimcm6hBk6J6fBy+1nIxPZVk9p2dZA8w+JQZ4nalgwnk5d94Cevo7K+aDyTiTXTNSqVd7cRzIc7YC31CajHup7l4cJxjjPmdQjwi85SMA6BG8uKA8gyd2OTEnF5grIb2hPUT5OLk9Vrsp4WDv0Vb1mpKaNCUNPP6UPPxvMta4l/TK5KTtpu1KDH3eZMH+g31BNhVhIjykKGltTPBxR0RFp1G0dKr/bEyGEdiDM+rMTuhxA3XeLOgcMpMt0gnYCHUBI0uLA3/sp7aZWB1/g74ZET5tBB5EJkFdqATOYVQN5UZ1ow7VreY5juXCOVeEaFTzsF+LRV4bVPeaC1F1EO3VWCTdejWBfkFzs3ZtLDeaieLpotxWIQpGkVznsjHnx50A/f2Zd3zs1CCiOSyiLekxehLMsc5tl1S2U8jGQB+xMkZcTGZW5ylG3qhOhL4E8QOiIviWdlSSwRtpyYOHNk6xNqB0x1o9yqKzY9Qxuo5iSrdX3XYbo4165C8EvoHHYzuT0xNGeMa7LDdUQfFkTm69m7ckb7+/zBtJLc4LFxhLlSNmS5AB7RH3X43n7qV4PuozzbYOdnhqs0C3vu0OmwfbVoZIs0mUzFabwH82xjO3aqKj7cbqQIyB/+gwDtdkMslwEDH+ca2qow0dWL+5OWZ/EfjfZiI3TB7lfFjn/bLi8n75123fWugL8Lv1g6wIyEUEWmLFc6QUpxzECQnwifLjtEEkKV41QbyCDUVgM1kb+ea7A4bl9Fyo0U+QcwJ21ehtlOEcPum6eE4CP5GtG3YHIlwBVQ9z0/Zx3YYKNlnllEYP13KyNdm4Wukse8gyhgjy3iC9NqDHGEEh389H0N0UrmF0ob8zXd4Dz0hgLGSnIxbdOhpnQwYAa1AkdV3N7bZ7nJpgZAOtzDkHtLvVqCWBphtNpxeDNAfAGaAKOBCB00y6KFFBbuhgHQ6Ml7fdg+RNtDSwFuAwAcRBn3ZEGViIA/Po9Y6gNFRApengObAmWGu+B2vaaomcrsksHTx1BGuARlVC5wwdB+hJlMYI6XWQRpBuCOP2oKk91VgMbUCIOgAPi3vXD23QNtANFo18qh7QOBATXJ+OGyCNo/0veHDyYQ9eRHwMPAnAAwFe9hnigT+49gFLrIsiyAt0UN2DpYJcIBNqYFQfAfpBh14PeYqp1caiBPqiclbAC2jJHM+hTlBeXBq5OIrgOgfW2eOhTah+ABEg80Tu6DAX1k9kRwfvAHrCNQjIEixZBluRU32wYzi3p/IdiBL1rHXwNC7qbySwPXQC/GzTc2Bf6KnnG6SdIQtopnubOA76q2gTDn6q2bhkRNvAF213Gw5tg5di44cqk0XCzqsezgcPORxBW4Z9dNb21A0b16Q8ag08z9B5bOvU5hDxqY0BvSbSiPbMgz0DPbgvyGjYQ775Lo4FHQAu0Cum/Mw5wAyMbTKacSzITY3RM/SYLdahPajydH2QEWIJshWGt3bKk8fmY5SjPFCvhP16SvP8pE1lil47pHqHrAUiWpzaDYd7sHFUH6h/9IRRqmP0XiHVRwNlNKJZD9DGo/5UZmeIHexLmJ3hGMAjHdeDqALzQEe4FvgP2HNO2Fpz5B0wF4FcqrAe+gIZbXyvUn5NinXIVKk9AC5xXLoeHYd2A329mHnTkWO78u592aUZfTS7PMmE0+xyhLSA3Y/wqiOLPBiF9kyeOscw2nOY7psYwWnUAX2IiJ3MJlWUF/gqOAd2oEqUv6TnTMH/4hWPAjak0eykx1HZNSOIJHO0h42G9/u8Ofpu0Esk0CiP2RHKfwDtugg+HSIU7A1t0qU4Bv/C8JZisJfSIVOsaNR3oN/tMWx4DGvdoZpir8nsLEG7Qz2qJ22d6ibFDsdshWEMsxXEikL9jb5H3ULmn2JDRfvg1AH12xyzCTlRqK/qEZnamnygl/o5ysOIUIzRPTCe6bjOnkVfoH2oI8bA3kYwn9o4xoR9Zr+wP64FthpRfMgsUm/ADycyxaPO/KdLbY9j8chEPjBOEuYvAwd8eAgyB1kjDlT0m5HCMJfaA/W3wIsaM9mD3VB9m2m7yjN+UBdyimmwEVwXfYTLfBEb69AMjeosoT5EYD69J1C7GlDs7zGDTPffY6bG8OWkPsXZIL0g54jOSagfhgwT40xTorgDmWrUtyHvVeoTVIZjHBczfKKt6jRms3GMNrQ3lfl7yBNQl4AVKo9qzPSe+XXqP4nK4jfoDdfQEyabEfcLcVm4dCY+hBwH8MKDnhFHIrtCGCFGebmlO4ATautw5YF9AsZNuIqn+IE+8AtOfEZ/EtE7kI8OPkvA/89rHPF54smjBo7+FR4iWfYPY+uHuYdOx95XnxgWnmOePWi8wIPB+/vKC6/DFt+GFfnio0FJ+KxHg6TwkOhYJF98S/aPLVvNF8mXX/h6gt9cJE/eqJL/i6Sfr5J/Sfq/uUqeFMvkTwq2/yLZ5wu2X5T97y3YJsUXPP+sglqSvqnx5ns/AvngSwof+xqOyjXk/FrF4+Hc16h4FN5bIv8lKmp5Tvy1msf8hE+qqS1+s8XNwn7ZS3yJotovamGZEP/gutoLBPF8HWyFfJk62OwL2251sKdCKb8T+sy8r5UgZGT+TYWwF0BbsXC1wn+NwlVy3YzuaxauZgURb4OtfNVsnCuA7Y8sXL0EwPh8OLtyoalw5Tz225cqPhPIOwElfDRz/ZjSivcu/6riswsALV8sViFXL0YRhD8JapdE1XtvOLBU/WqoKt4YveHpteKur4Cn4jePfrjM51Ct8x8qfdiN61uZz63M51bmcyvzuZX53Mp8bmU+tzKfW5nPrcznVuZzK/O5lfncynxuZT63Mp9bmc+tzOdW5nMr87mV+dzKfG5lPrcyn7+5zAdfHrpymY9wlS/XPXvf1vSNzcY1c6/c/rdvB2Rnsp+NJZd9TvvuL/W88tsP1/3S1Rd/9q4k/pc3V+y9Gz5n68PxyZN5aB1XwsYnPJd/92N57oPqfvm1aoKvFnInf7kawUr5Tjw5m1v/3T+hl6snKPO5V6k++Sf0hKu8JfxnOqB3f6nwJ707DM3jj2czAzj+BLnQ/D8=</diagram></mxfile>


--------------------------------------------------------------------------------
/assets/Network_Segmentation_Cheat_Sheet_interservice.drawio.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Network_Segmentation_Cheat_Sheet_interservice.drawio.png


--------------------------------------------------------------------------------
/assets/Network_Segmentation_Cheat_Sheet_interservice_balancer.drawio.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Network_Segmentation_Cheat_Sheet_interservice_balancer.drawio.png


--------------------------------------------------------------------------------
/assets/Network_Segmentation_Cheat_Sheet_interservice_deny.drawio.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Network_Segmentation_Cheat_Sheet_interservice_deny.drawio.png


--------------------------------------------------------------------------------
/assets/Network_Segmentation_Cheat_Sheet_logs.drawio:
--------------------------------------------------------------------------------
1 | <mxfile host="Electron" modified="2022-04-14T19:07:13.923Z" agent="5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/16.5.1 Chrome/96.0.4664.110 Electron/16.0.7 Safari/537.36" etag="wRaEmXLjkCGic4XyxrYM" version="16.5.1" type="device"><diagram id="TVD-_7uCiSrhKYJF-UI9" name="Страница 1">3VfbjtowEP2aPIJwTGDzSLhspdJtKypV25eVSUzixclEjrl+fe3EISSBvaiLVioPyD6esWfmzIwdC4/j/b0gafQNAsotuxfsLTyxbNtFd+pfA4cCGA77BRAKFhQQqoAFO1ID9gy6YQHNaoISgEuW1kEfkoT6soYRIWBXF1sBr5+akpC2gIVPeBv9zQIZFeidPazwL5SFUXkyGrjFSkxKYeNJFpEAdmcQnlp4LABkMYr3Y8p17Mq4FHqzK6snwwRN5FsUHn8Ov/fx4Phr/JB0VsdjkIZ/Oqh0ZEv4xrhszJWHMga7iEm6SImv5ztFs4W9SMZczZAacrKk3CP+OhSwSYIxcBC5Ip7lPyWSran0dTh6akI4CxM19pXhVEl6WyokUyEfmYUlSAmxWghIFtHAHJNJAWta7p5AoqzxjPFqA7q/Ghd0irbKUgoxleKgRIxCv0y1Q5l5dwbYVYRjx2DROdmuAYlJsvC0ecWDGhgq3kGL02+xMkq0zQmVOxDr7NM5kpA2CfoILnCTC3fYdVpsuJfIcJwbkeG2S2QOoQ4/FVumAv5/cuG4LS7aTKCLdXEzKhBGLS680fjr9GHy6SycutYHxH7Q7EnIbvckhC7FHt2qJyHbbcV+ccj4qRRUVJockCwtLuUV2+vcPCcgBZbI3EjHs5zJpRCzOL+dvRUk0jwNkF3hExars2ecLdU/OW4E1S5mEoRetmcTIsnTnKzp06LAnu5pgrrZNrxBuQyw20WDBmu4zZqDuuUT4Zy3vn2zkmlf6DRQbxwzBSEjCCEhfFqhXl4TeXh07j9v4rSUJ8JXSKU1B9198ig+UykPhieykVDnO5NEyJF+klXXd47NmPYoP6i448uHVsWMNvhlXpR/sBE+fcOlqs4MqXw909tUC8qJZNu6KZcYy1WVr+RwJmASvtr5hwbOGu6wWfQOqr/o3qmgBoUNVfacnPmXhMJX+8CFPJvrPlvPhFdbacyCoEhDmrEjWeb79S72jKuVaz4IjLJ1eoafZ85LBXO10Du9LsblZ42JfMfU2PsSpCK0sU2pAatVpjK12QJeJFFNq2+KQrz6MMPTvw==</diagram></mxfile>


--------------------------------------------------------------------------------
/assets/Network_Segmentation_Cheat_Sheet_logs.drawio.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Network_Segmentation_Cheat_Sheet_logs.drawio.png


--------------------------------------------------------------------------------
/assets/Network_Segmentation_Cheat_Sheet_repo.drawio:
--------------------------------------------------------------------------------
1 | <mxfile host="Electron" modified="2022-04-14T19:02:20.036Z" agent="5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/16.5.1 Chrome/96.0.4664.110 Electron/16.0.7 Safari/537.36" etag="rZxGWr3r2rsLt4k6Ur6g" version="16.5.1" type="device"><diagram id="TVD-_7uCiSrhKYJF-UI9" name="Страница 1">5Vxbd9o4EP41PMbH8t2P4db2bJpmS3q63ZccYwtwYxDHFknIr1/JN2xJQCi2MV4ecvBYEvLM6JtvRnJ66mD59il01ouvyINBT5G9t5467CmKDSzylwq2icA0tUQwD30vEYGdYOK/w1Qop9KN78Go1BAjFGB/XRa6aLWCLi7JnDBEr+VmMxSUf3XtzCEnmLhOwEt/+h5eJFJLMXfyz9CfL7JfBoad3Fk6WeP0SaKF46HXgkgd9dRBiBBOvi3fBjCgusv0kvQb77mbTyyEK/yRDr/+Nr9pqvH+OLhf3cze3731/N8bkD3IixNs0kdOp4u3mQ5eFz6Gk7Xj0utXYuae2l/gZUCuAPkaOFMY9B33eR6izcoboACFcUd1HH9Ik+gZYpeqQyYXTuDPV+S7SyYOScv+CwyxT1R+m96YIozRktzwnGgBvfRnIhyiZ5iNvkIrMpt+OnkyAHzbqxeQa5t4KURLiMMtaZJ2UOzUQKmHGkZ6/bqzt2mlskXB1kZmWSf1sXk+9s4M5EtqiROsoqucUQZfyEiDITUMDF98Yop2WqkCg+hq2SCWyRtEVQUGUYzaDKJxBnkIkbdxsY9WRL6C+BWFz9HFjYLRugaLaCazRCzeIpoisAiobYko7YOtRPcVqNtk1G0CXt22QNt6Xcrm4ag7ys5RvC3K1jusbM06rmxRqK1N2Qrv2l+/DId3o5+330cX13seYquIqhoTVQUYDoAoqtZHcwCn/C9UEySaXlz1lbm8ChiXtz+GL6pWm9o7jTAMmzeVCyOMbnDaHn//dv84uh92R+u6zGhdvbTWW5jWVkdZ1OM+3ixlsdocRavTu3bcy5vVu91hLzdZrnhpL8+qCwVt928Hf3UKyE02fF7axS2NUy705nCSXqIQL9AcrZxgtJP2Y63GBRCqvd+b5Tpr74Qukex63SGqudgovyHG27QA7WwwKpsswk6Ib2lBuZcXH2PZ2KcPFP9QUqHMysS014zcLFh3NoOG63K1THLHM+2pLOc2pI94qgVDGDjYfyn3E9kj7fqAfDLiLoQzRQc7K9RnQ0RoE7ow7aUU6szMQKppSfrhoYje5hBzQ8UOkj/Rn/uMzReHhuh1FSDH6ylGQNTYn4bk25x+20RwtgmETnZHl2nZDY6uxKXveYkPwsh/d6bxeNSwa/q08fPr/Z4+PLRc072MtHMvT8CKTnBgsexd3LJkKBkdTU1zk/7kmc4DyqMq5f5oNotgLZYGAFwzPBBrhtt/6G1Jsa1M8IvelWSq7EQwfEtHSK62xasHGPpEi9QXY2F9iEOUHCPAIf9LqynJ+j5EXPY46rkYZpeBxwJMWKoZeAAQIA9cB2jbDXxJl9shgDEtSwQFf2rYrbBDfYBi8bWRh820l++68Ts8TrRO9p1n/hvFlKI1eZtw9vWX8QZ0f4ZWOEUXoOzkQ385Jw8S+GQOY+d9E0L6zM56/bSb0PiWXE7SSyl6mdewA6SqgA3qei4p7gKZPDfMZNVzQ7608snHi81UctGSM1S2kuJV94AiP967KxRZC4YT82vOeMItaQaBZbk/GlOLRgtnTaeyfJvTkxJSbE1pHk/4yUUezBwGhqMXmPgNqMWUZaIHZI3n+HqjHL/V5YMqi/Amu7V9+SK8xVfKvuEF0YQik8XE82WKO/TutayupxCu6XQQjQuVLybTYLImXRagYrOr6QNFodIKEIFOflhJLipNZknvcQMNx9ZAU7J1WXAMbr3t9ZwPugva4MBfkelkB8FkgVu8QOgsFWnpuyGK0Aw/YXIdVQWsZepjaQYfHzVBfNRq8oSsUHOdyVGdmczRBCVZRC0uslhckSWjrkdyHWIHZ1tolnLUvVNmz/5kU943M7a9ZViMIyczqLbiw+8kT+BKUO25R9ifETChGMNz+atMymy5dwiVZAloatlVzqz51J+F2eo1A1de1ckvaEWH8oKW1XOOo6DRFApKsqpplmLqlqHITL74cUzkEhu7lZAIZENvABP5M6sxoZfdgHpyN7BP7R726e3Avl1tugIUax8DrK6WnSTQZ4DkeRxfWAPr2CrXD67yG7LMzSyJqmhfq4F1ztddHmFEf7s1LxPU94YHG6mBLqiDmYKqCWB3dKpbSF0+S2MAJgoCwUtOjZ7rAHK3Xypg9S14h6lhffN0sHvnUA2W7QFBgb1ZvYNu5LInssDroG72udRNnO8Zsi4RgM0/oOSTFlAlXSmPuScxFY1cGsvWbckufKzysHsy51PzXfZYBclf5YPT1AGX8J7YQZEbyJAB4DGxW8c1jqXHVR/XyBh52V9uVKM8Qo3nN3hWcUt3AoloCF++rSO+JDwRb2iWI1hzhzyWketA6u902k/JpGs61MHV4QQsvNGtSwD44zc/JqPvk4szlNpSIZt5/VT0sjsQvuxu1mcFvqZwd3vfHhtUoXb2bcgPvpWn1JZ/guw/pVwnUWQIn+dAayYkfIZrwemsRC13bPJXiUyKqWWFRJGkZR9kivqeSHpaoDyVeOV7upmX6odplMGefy23r4tF8ZWTyeQzGev78KGnkEHlz4+PDzyGXymnso5wKsK6rq0Wma+DEhFO6BJjtEscd/U90t3HRDfjHxEM66JDtqFITJ3MlvmwoOmSCZokRTmctWVH6MR97WoCig4tTxMFFEuZqoZRcWDI8KChEsKpgcGy2QRbPRwZuA7NJNhZPlnAlS7FgiOAQmIBgYvWg3/2vGXw/78jvyAhaB75W3IW4HoRvPLarm0SV9EKJVcGhzVZkgsfps770aNMBlMPtdn/bFfRSaaz44h9pD33IGoTGYnCFzA6FXYOn4eoIuxkhVwgN1a6BUpLdsraznOFJ6wuQn7PPvp0SYxlX90h/qcd2kxrDeSaxuH2LOSW29cFufxWWgq53H4LrQ11A4ePnj49G4czG54PwuRy97+mk+a7f9itjv4D</diagram></mxfile>


--------------------------------------------------------------------------------
/assets/Network_Segmentation_Cheat_Sheet_repo.drawio.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Network_Segmentation_Cheat_Sheet_repo.drawio.png


--------------------------------------------------------------------------------
/assets/OS_Command_Injection_Defense_Cheat_Sheet_CmdInjection.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/OS_Command_Injection_Defense_Cheat_Sheet_CmdInjection.png


--------------------------------------------------------------------------------
/assets/OWASP_Logo.svg:
--------------------------------------------------------------------------------
1 | <svg xmlns="http://www.w3.org/2000/svg" xmlns:svg="http://www.w3.org/2000/svg" id="svg2" width="261.493" height="261.507" version="1.1" viewBox="0 0 261.493 261.507" xml:space="preserve"><metadata id="metadata8"/><g id="g10" transform="matrix(1.3333333,0,0,-1.3333333,0,261.50667)"><g id="g12" transform="scale(0.1)"><path id="path14" style="fill:#fff;fill-opacity:1;fill-rule:nonzero;stroke:none" d="M 980.629,0 C 439.043,0 0,439.051 0,980.637 0,1522.22 439.043,1961.27 980.629,1961.27 1522.2,1961.27 1961.25,1522.22 1961.25,980.637 1961.25,439.051 1522.2,0 980.629,0 m -0.008,1810.35 c -458.226,0 -829.707,-371.48 -829.707,-829.705 0,-458.235 371.481,-829.715 829.707,-829.715 458.219,0 829.699,371.48 829.699,829.715 0,458.225 -371.48,829.705 -829.699,829.705"/><path id="path16" style="fill:#fff;fill-opacity:1;fill-rule:nonzero;stroke:none" d="m 1299.1,285.75 c -31.36,0.02 -145.64,203.41 -161,261.398 -32.11,121.411 -25.2,172.704 -23.28,189.102 5.88,50.07 54.46,75.09 57.4,142.801 0.91,20.91 11.47,125.449 19.9,207.109 -20.8,4.07 -41.52,13.45 -59.94,28 55.3,-74.17 -26.09,-163.058 -144.352,-281.332 C 862.305,707.309 583.695,590.809 583.695,590.809 c 0,0 116.508,278.613 242.024,404.132 92.269,92.259 166.636,162.079 230.101,162.079 17.89,0 34.92,-5.55 51.23,-17.7 -14.56,18.41 -23.93,39.12 -28.01,59.92 -81.661,-8.45 -186.208,-18.99 -207.106,-19.91 -67.719,-2.94 -92.743,-51.52 -142.782,-57.39 -5.761,-0.68 -15.828,-1.98 -31.722,-1.98 -29.367,0 -78.629,4.42 -157.387,25.27 -63.07,16.68 -298.078,150.37 -256.512,167.17 21.196,8.58 88.75,14.38 177.715,14.38 85.559,0 190.922,-5.36 293.844,-18.77 128.328,-16.72 246,-37.87 326.19,-53.6 1.3,4.31 2.86,8.5 4.73,12.57 l -81.98,39.29 c 0,0 -65.479,75.14 -58.487,80.32 0.27,0.2 0.613,0.3 1.023,0.3 10.27,0 62.654,-59.89 67.694,-66.71 3.88,-1.29 26.09,-8.7 49.45,-16.47 l -23.19,20.28 c 0,0 -31.74,117.55 -23.47,120.32 0.1,0.03 0.21,0.05 0.33,0.05 8.71,0 37.51,-102.22 39.98,-109.56 5.66,-4.96 24.78,-12.41 48.67,-26.19 l -25.12,64.62 c 0,0 11.37,106.61 19.88,106.61 0.07,0 0.13,-0.01 0.2,-0.02 8.57,-1.71 -1.68,-88.92 -3.85,-99.78 3.11,-4.77 22.38,-34.33 41.7,-63.97 11.89,4.48 24.68,6.69 37.81,6.69 15.07,0 30.57,-2.92 45.61,-8.67 -19.26,41.01 -17.8,83.75 7.74,109.27 8.08,8.1 17.9,13.75 28.84,17.1 1.32,7.46 4.78,14.54 10.45,20.22 7.39,7.38 17.12,11.05 26.97,11.05 10.31,0 20.76,-4.03 28.76,-12.04 7.67,-7.65 11.65,-17.54 11.99,-27.39 12.33,25.41 26.88,59.7 25.86,70.81 -2.37,25.14 -31.53,69.64 -31.8,70.09 -1.9,2.87 -1.11,6.75 1.78,8.66 1.05,0.69 2.24,1.02 3.42,1.02 2.03,0 4.02,-0.99 5.21,-2.82 1.29,-1.92 31.17,-47.54 33.83,-75.79 1.48,-16.16 -17.07,-56.88 -27.18,-77.68 14.2,-7.77 28.04,-18.03 40.68,-30.67 12.63,-12.63 22.89,-26.47 30.67,-40.68 20.01,9.73 58.4,27.26 75.71,27.26 0.69,0 1.35,-0.02 1.97,-0.08 28.24,-2.66 73.87,-32.54 75.78,-33.81 2.88,-1.89 3.68,-5.77 1.78,-8.65 -1.2,-1.82 -3.19,-2.81 -5.22,-2.81 -1.17,0 -2.36,0.33 -3.41,1.03 -0.45,0.29 -44.94,29.44 -70.09,31.79 -0.38,0.04 -0.79,0.05 -1.22,0.05 -12.23,0 -45.07,-13.97 -69.61,-25.89 9.87,-0.33 19.76,-4.33 27.4,-12 15.67,-15.65 16.1,-40.59 0.99,-55.7 -5.67,-5.68 -12.74,-9.17 -20.2,-10.47 -3.37,-10.95 -9.03,-20.77 -17.11,-28.85 -14.08,-14.09 -33.38,-20.84 -54.76,-20.84 -17.38,0 -36.13,4.47 -54.52,13.1 10.77,-28.12 11.59,-57.89 1.99,-83.41 29.62,-19.32 59.22,-38.6 63.96,-41.71 7.78,1.55 54.5,7.22 81.17,7.22 10.66,0 18.13,-0.9 18.61,-3.34 1.73,-8.56 -106.57,-20.12 -106.57,-20.12 l -64.63,25.15 c 13.79,-23.91 21.21,-43.02 26.18,-48.69 7.47,-2.5 112.26,-32.04 109.5,-40.31 -0.31,-0.96 -2.15,-1.37 -5.16,-1.37 -23.1,0 -115.14,24.85 -115.14,24.85 l -20.3,23.19 c 7.79,-23.37 15.18,-45.56 16.49,-49.45 7.1,-5.25 71.57,-61.7 66.4,-68.708 -0.27,-0.363 -0.71,-0.524 -1.32,-0.524 -11.31,0 -78.99,58.992 -78.99,58.992 l -39.3,81.99 c -4.06,-1.88 -8.26,-3.42 -12.58,-4.73 15.73,-80.19 36.89,-197.861 53.63,-326.181 27.34,-209.949 21.19,-429.969 4.39,-471.571 -1.35,-3.347 -3.46,-4.898 -6.2,-4.898"/></g></g><text xml:space="preserve" style="font-style:normal;font-variant:normal;font-weight:700;font-stretch:normal;font-size:24px;line-height:1.25;font-family:sans-serif;-inkscape-font-specification:'sans-serif Bold';letter-spacing:0;word-spacing:0;fill:#fff;fill-opacity:1;stroke:none" id="text3771" x="214.246" y="255.205"><tspan id="tspan3769" x="214.246" y="255.205" style="fill:#fff;fill-opacity:1">™</tspan></text></svg>


--------------------------------------------------------------------------------
/assets/OWASP_Logo_Transp.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/OWASP_Logo_Transp.png


--------------------------------------------------------------------------------
/assets/Password_Storage_Cheat_Sheet_Test_PBKDF2_Iterations.java:
--------------------------------------------------------------------------------
 1 | import javax.crypto.SecretKeyFactory;
 2 | import javax.crypto.spec.PBEKeySpec;
 3 | import java.security.SecureRandom;
 4 | 
 5 | // PLEASE RENAME THIS FILE TO PBKDF2ItEval.java BEFORE COMPILING.
 6 | public class PBKDF2ItEval {
 7 | 
 8 |     public static void main(String[] args) throws Exception {
 9 |         //Initialization
10 |         SecureRandom rnd = new SecureRandom();
11 |         byte[] salt = new byte[64];
12 |         SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512");
13 |         char[] password = "mypassword".toCharArray();
14 |         //Test for 10.000 iterations
15 |         rnd.nextBytes(salt);
16 |         PBEKeySpec spec = new PBEKeySpec(password, salt, 10000, 256);
17 |         long start = System.currentTimeMillis();
18 |         skf.generateSecret(spec);
19 |         System.out.printf("Computation time is %s milliseconds for 10.000 iterations with a key size of 256 bits\n", (System.currentTimeMillis() - start));
20 |         //Test for 100.000 iterations
21 |         rnd.nextBytes(salt);
22 |         spec = new PBEKeySpec(password, salt, 100000, 256);
23 |         start = System.currentTimeMillis();
24 |         skf.generateSecret(spec);
25 |         System.out.printf("Computation time is %s milliseconds for 100.000 iterations with a key size of 256 bits\n", (System.currentTimeMillis() - start));
26 |         //Test for 500.000 iterations
27 |         rnd.nextBytes(salt);
28 |         spec = new PBEKeySpec(password, salt, 500000, 256);
29 |         start = System.currentTimeMillis();
30 |         skf.generateSecret(spec);
31 |         System.out.printf("Computation time is %s milliseconds for 500.000 iterations with a key size of 256 bits\n", (System.currentTimeMillis() - start));
32 |         //Test for 1.000.000 iterations
33 |         rnd.nextBytes(salt);
34 |         spec = new PBEKeySpec(password, salt, 1000000, 256);
35 |         start = System.currentTimeMillis();
36 |         skf.generateSecret(spec);
37 |         System.out.printf("Computation time is %s milliseconds for 1.000.000 iterations with a key size of 256 bits\n", (System.currentTimeMillis() - start));
38 |     }
39 | }


--------------------------------------------------------------------------------
/assets/Pinning_Cheat_Sheet_Certificate.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Pinning_Cheat_Sheet_Certificate.png


--------------------------------------------------------------------------------
/assets/Pinning_Cheat_Sheet_Certificate_DotNetSample.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Pinning_Cheat_Sheet_Certificate_DotNetSample.zip


--------------------------------------------------------------------------------
/assets/Pinning_Cheat_Sheet_Certificate_OpenSSLSample.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Pinning_Cheat_Sheet_Certificate_OpenSSLSample.zip


--------------------------------------------------------------------------------
/assets/Pinning_Cheat_Sheet_PublicKey.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Pinning_Cheat_Sheet_PublicKey.png


--------------------------------------------------------------------------------
/assets/Pinning_Cheat_Sheet_RandomOrgDERDump.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Pinning_Cheat_Sheet_RandomOrgDERDump.png


--------------------------------------------------------------------------------
/assets/Preface_Cheatsheet_Header.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Preface_Cheatsheet_Header.png


--------------------------------------------------------------------------------
/assets/Preface_Cheatsheet_Logo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Preface_Cheatsheet_Logo.png


--------------------------------------------------------------------------------
/assets/README_FlagshipCombinedReviews.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/README_FlagshipCombinedReviews.pdf


--------------------------------------------------------------------------------
/assets/README_PluginWarningUI.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/README_PluginWarningUI.png


--------------------------------------------------------------------------------
/assets/REST_Security_Cheat_Sheet_Bypassing_VBAAC_with_HTTP_Verb_Tampering.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/REST_Security_Cheat_Sheet_Bypassing_VBAAC_with_HTTP_Verb_Tampering.pdf


--------------------------------------------------------------------------------
/assets/Secure_Cloud_Architecture_Shared_Responsibility_Model.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Secure_Cloud_Architecture_Shared_Responsibility_Model.png


--------------------------------------------------------------------------------
/assets/Secure_Cloud_Architecture_Trust_Boundaries_1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Secure_Cloud_Architecture_Trust_Boundaries_1.png


--------------------------------------------------------------------------------
/assets/Secure_Cloud_Architecture_Trust_Boundaries_2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Secure_Cloud_Architecture_Trust_Boundaries_2.png


--------------------------------------------------------------------------------
/assets/Secure_Cloud_Architecture_Trust_Boundaries_3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Secure_Cloud_Architecture_Trust_Boundaries_3.png


--------------------------------------------------------------------------------
/assets/Secure_Cloud_Architecture_Trust_Boundaries_4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Secure_Cloud_Architecture_Trust_Boundaries_4.png


--------------------------------------------------------------------------------
/assets/Secure_Cloud_Architecture_VPC.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Secure_Cloud_Architecture_VPC.png


--------------------------------------------------------------------------------
/assets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet_Case1_NetworkLayer_PreventFlow.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet_Case1_NetworkLayer_PreventFlow.png


--------------------------------------------------------------------------------
/assets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet_Case1_NetworkLayer_PreventFlow.xml:
--------------------------------------------------------------------------------
1 | <mxfile modified="2019-06-24T06:15:53.132Z" host="www.draw.io" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0" etag="aO9HOJArD0Zy5hCNdZAd" version="10.8.0" type="device"><diagram name="Page-1" id="7a6c530e-6e37-e111-ec74-82921da8cc10">7Vldc5s6EP01nul9qAeQAfvRDk7buW0n086k7ZNHhg2oEYgrhG3y668EwoCN89WQpJ2Gh6CjlXbZPbuL8Aidxbt3HKfRJxYAHVlGsBshb2RZJnKn8p9CigqZTt0KCDkJKshogK/kBvTKGs1JAJnGKkgwRgVJu6DPkgR80cEw52zbFbtiNOgAKQ7hCPjqY1qjY7vBv5FARBo3nVkz8R5IGGnlU8upJtbYvw45yxOtMWEJVDMxrrfRT5lFOGDbFoSWI3TGGRPVXbw7A6oce+CzTBS1oSO0iERM5cCUt+X0+YnF5n0Wy+fikIi2ulP7uZ+dm8sv9pcPK7oiq+RfzxP47fRICQTSs3rIuIhYyBJMlw26KJ0FaldDjhqZj4yl2rafIEShaYJzwbqWS4N58V2vLwc/1GDsmJMa8Hbtaa9ojy6AkxgEcA1mgrPrfdRRr2tqZ7Kc+3CLP2ryYh6CuEXOquSUs1oKtOPfAZP28UIKcKBYkE2XvFizPdzLNWGTNzpyD4ii3neDaV5TxXKotH+xljehKF1SAVdMuqQdcOe/nNUTb7MyZHMpYNrprpmsd5kLIdNFel7vJq2tNuwqkXBL8QHB9lmkYhfgLNpTqUWRKqZnjDIV5TIn0YLiNdALlhFBWCJhX4ZXsWCxAS6IrAYfDwTWTAgWtwTmlIRqQiimLrAe7feRpqXKyngXqjo5xjc5h3GelZNXhNLaoJGFXE9dt5FNKYXdrfSoZ+tKocuvo6vZtqlkE12Qo1YNQ85AfHJeoio8ZRpb90xj9KrS2H1Nxdh+6VJ83xhOnjqG5dI557hoCaSMJCJr7XyhgCaF7ToZdQq7drcZ3yFu2fYBfSoDGjLtn+Tx/LKeq01c5jQBjtcU5mlKZeEt6/HQPWP49tDXlA57Rpz5GMZZkQmIV9XScQbyxTfAvFhJ3XDcS2xTXac0lNQDvtyAYuCpl78HNx1kdpvOxDhqOq5x3HRq7MmrHxqenfL8Ufu8AdHM9QzX7XnZaXPXkM403lAIidIsuUL/+Uvo10Vox31dhJ6cJPSvVddnSovzcyT/7koL9YRvZPBVYhB5YoZHZccJ0b9JM3zSON2k2X+0eKmsmfVkze97gqx4EIJ6HaJjPwL/Osb8+jj4M9OzbGO4ONsz+67iiMyeI+Zgnyz6vln8KXFOmFjJGsi2yuDDSHtLe2YMGml0Z0YjuyfUaKhQnz53BGSjNGrvNr2GwpV4hsZX7XJOOGyxeo7HdKzyEU40rL4I/3akZnGmWlfOiSh6mpahrqdh7mTmdphrm0fEtXtakf3wViSHzWf76njd/DCClv8D</diagram></mxfile>


--------------------------------------------------------------------------------
/assets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet_Orange_Tsai_Talk.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet_Orange_Tsai_Talk.pdf


--------------------------------------------------------------------------------
/assets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet_SSRF_Bible.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet_SSRF_Bible.pdf


--------------------------------------------------------------------------------
/assets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet_SSRF_Common_Flow.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet_SSRF_Common_Flow.png


--------------------------------------------------------------------------------
/assets/Session_Management_Cheat_Sheet_Diagram.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Session_Management_Cheat_Sheet_Diagram.png


--------------------------------------------------------------------------------
/assets/Signed_ID_propogation.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Signed_ID_propogation.png


--------------------------------------------------------------------------------
/assets/Single_PDP_HLD.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Single_PDP_HLD.png


--------------------------------------------------------------------------------
/assets/TLS_Cipher_String_Cheat_Sheet_CipherTable01.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/TLS_Cipher_String_Cheat_Sheet_CipherTable01.png


--------------------------------------------------------------------------------
/assets/TLS_Cipher_String_Cheat_Sheet_CipherTable02.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/TLS_Cipher_String_Cheat_Sheet_CipherTable02.png


--------------------------------------------------------------------------------
/assets/Threat_Modeling_Cheat_Sheet_dfd.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Threat_Modeling_Cheat_Sheet_dfd.png


--------------------------------------------------------------------------------
/assets/Token_validation.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/Token_validation.png


--------------------------------------------------------------------------------
/assets/WebSite_Favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/WebSite_Favicon.ico


--------------------------------------------------------------------------------
/assets/WebSite_Favicon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/WebSite_Favicon.png


--------------------------------------------------------------------------------
/assets/XS_Attack_Vector.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/XS_Attack_Vector.png


--------------------------------------------------------------------------------
/assets/XS_Leaks_Cache_Attack.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/XS_Leaks_Cache_Attack.png


--------------------------------------------------------------------------------
/assets/XS_Leaks_Frame_Counting.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/XS_Leaks_Frame_Counting.png


--------------------------------------------------------------------------------
/assets/XS_Leaks_ID.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/XS_Leaks_ID.png


--------------------------------------------------------------------------------
/assets/XS_Leaks_Sec_Fetch_Dest.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/XS_Leaks_Sec_Fetch_Dest.png


--------------------------------------------------------------------------------
/assets/XS_Leaks_eTLD.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/XS_Leaks_eTLD.png


--------------------------------------------------------------------------------
/assets/cost-of-breach-2024.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/cost-of-breach-2024.png


--------------------------------------------------------------------------------
/assets/ms_logging_pattern.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/assets/ms_logging_pattern.png


--------------------------------------------------------------------------------
/book.json:
--------------------------------------------------------------------------------
 1 | {
 2 |    "root": "./cheatsheets",
 3 |    "plugins": [
 4 |       "anchors"
 5 |    ],
 6 |    "structure": {
 7 |       "readme": "Preface.md",
 8 |       "summary": "TOC.md"
 9 |    },
10 |    "title": "OWASP Cheat Sheet Series",
11 |    "language": "en",
12 |    "description": "Website with the collection of all the cheat sheets of the project."
13 | }


--------------------------------------------------------------------------------
/cheatsheets/AJAX_Security_Cheat_Sheet.md:
--------------------------------------------------------------------------------
  1 | # AJAX Security Cheat Sheet
  2 | 
  3 | ## Introduction
  4 | 
  5 | This document will provide a starting point for AJAX security and will hopefully be updated and expanded reasonably often to provide more detailed information about specific frameworks and technologies.
  6 | 
  7 | ### Client Side (JavaScript)
  8 | 
  9 | #### Use `.innerText` instead of `.innerHTML`
 10 | 
 11 | The use of `.innerText` will prevent most XSS problems as it will automatically encode the text.
 12 | 
 13 | #### Don't use `eval()`, `new Function()` or other code evaluation tools
 14 | 
 15 | `eval()` function is evil, never use it. Needing to use eval usually indicates a problem in your design.
 16 | 
 17 | #### Canonicalize data to consumer (read: encode before use)
 18 | 
 19 | When using data to build HTML, script, CSS, XML, JSON, etc. make sure you take into account how that data must be presented in a literal sense to keep its logical meaning.
 20 | 
 21 | Data should be properly encoded before used in this manner to prevent injection style issues, and to make sure the logical meaning is preserved.
 22 | 
 23 | [Check out the OWASP Java Encoder Project.](https://owasp.org/www-project-java-encoder/)
 24 | 
 25 | #### Don't rely on client logic for security
 26 | 
 27 | Don't forget that the user controls the client-side logic. A number of browser plugins are available to set breakpoints, skip code, change values, etc. Never rely on client logic for security.
 28 | 
 29 | #### Don't rely on client business logic
 30 | 
 31 | Just like the security one, make sure any interesting business rules/logic is duplicated on the server side lest a user bypasses needed logic and does something silly, or worse, costly.
 32 | 
 33 | #### Avoid writing serialization code
 34 | 
 35 | This is hard and even a small mistake can cause large security issues. There are already a lot of frameworks to provide this functionality.
 36 | 
 37 | Take a look at the [JSON page](http://www.json.org/) for links.
 38 | 
 39 | #### Avoid building XML or JSON dynamically
 40 | 
 41 | Just like building HTML or SQL you will cause XML injection bugs, so stay away from this or at least use an encoding library or safe JSON or XML library to make attributes and element data safe.
 42 | 
 43 | - [XSS (Cross Site Scripting) Prevention](Cross_Site_Scripting_Prevention_Cheat_Sheet.md)
 44 | - [SQL Injection Prevention](SQL_Injection_Prevention_Cheat_Sheet.md)
 45 | 
 46 | #### Never transmit secrets to the client
 47 | 
 48 | Anything the client knows the user will also know, so keep all that secret stuff on the server please.
 49 | 
 50 | #### Don't perform encryption in client side code
 51 | 
 52 | Use TLS/SSL and encrypt on the server!
 53 | 
 54 | #### Don't perform security impacting logic on client side
 55 | 
 56 | This is the overall one that gets me out of trouble in case I missed something :)
 57 | 
 58 | ### Server Side
 59 | 
 60 | #### Use CSRF Protection
 61 | 
 62 | Take a look at the [Cross-Site Request Forgery (CSRF) Prevention](Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md) cheat sheet.
 63 | 
 64 | #### Protect against JSON Hijacking for Older Browsers
 65 | 
 66 | ##### Review AngularJS JSON Hijacking Defense Mechanism
 67 | 
 68 | See the [JSON Vulnerability Protection](https://docs.angularjs.org/api/ng/service/$http#json-vulnerability-protection) section of the AngularJS documentation.
 69 | 
 70 | ##### Always return JSON with an Object on the outside
 71 | 
 72 | Always have the outside primitive be an object for JSON strings:
 73 | 
 74 | **Exploitable:**
 75 | 
 76 | ```json
 77 | [{"object": "inside an array"}]
 78 | ```
 79 | 
 80 | **Not exploitable:**
 81 | 
 82 | ```json
 83 | {"object": "not inside an array"}
 84 | ```
 85 | 
 86 | **Also not exploitable:**
 87 | 
 88 | ```json
 89 | {"result": [{"object": "inside an array"}]}
 90 | ```
 91 | 
 92 | #### Avoid writing serialization code Server Side
 93 | 
 94 | Remember ref vs. value types! Look for an existing library that has been reviewed.
 95 | 
 96 | #### Services can be called by users directly
 97 | 
 98 | Even though you only expect your AJAX client side code to call those services the users can too.
 99 | 
100 | Make sure you validate inputs and treat them like they are under user control (because they are!).
101 | 
102 | #### Avoid building XML or JSON by hand, use the framework
103 | 
104 | Use the framework and be safe, do it by hand and have security issues.
105 | 
106 | #### Use JSON And XML Schema for Webservices
107 | 
108 | You need to use a third-party library to validate web services.
109 | 


--------------------------------------------------------------------------------
/cheatsheets/Access_Control_Cheat_Sheet.md:
--------------------------------------------------------------------------------
1 | # DEPRECATED: Access Control Cheatsheet
2 | 
3 | The Access Control cheatsheet has been deprecated.
4 | 
5 | Please visit the [Authorization Cheatsheet](Authorization_Cheat_Sheet.md) instead.
6 | 


--------------------------------------------------------------------------------
/cheatsheets/Automotive_Security.md:
--------------------------------------------------------------------------------
 1 | # Top 10 Automotive Security Vulnerabilities
 2 | 
 3 | This document outlines common security vulnerabilities found in automotive security and provides examples of how attackers can exploit these vulnerabilities.
 4 | 
 5 | ## 1. Weak Vehicle Communication Protocols
 6 | 
 7 | **Vulnerability**: Many vehicles use communication protocols like CAN (Controller Area Network) without adequate security measures.  
 8 | **Example**: An attacker could intercept messages on the CAN bus, leading to unauthorized commands being sent to critical vehicle systems (e.g., brakes, steering).  
 9 | **Attack Surface**: In-vehicle networks and any exposed diagnostic ports.
10 | 
11 | ## 2. Insecure Over-the-Air (OTA) Updates
12 | 
13 | **Vulnerability**: OTA updates may lack proper authentication and encryption, allowing attackers to inject malicious firmware.  
14 | **Example**: An attacker could spoof an update server and deliver a malicious update that compromises the vehicle's control systems.  
15 | **Attack Surface**: Wireless communication channels, including cellular and Wi-Fi.
16 | 
17 | ## 3. Insecure Telematics Systems
18 | 
19 | **Vulnerability**: Telematics units that connect vehicles to cloud services may have insufficient security controls.  
20 | **Example**: An attacker exploiting weak API security could access sensitive vehicle data or manipulate vehicle settings remotely.  
21 | **Attack Surface**: Cloud interfaces, telematics gateways, and mobile applications.
22 | 
23 | ## 4. Software Supply Chain Vulnerabilities
24 | 
25 | **Vulnerability**: Third-party software components may have known vulnerabilities that can be exploited.  
26 | **Example**: If a vehicle’s infotainment system relies on a vulnerable third-party library, an attacker could exploit that vulnerability to execute arbitrary code.  
27 | **Attack Surface**: Infotainment systems, vehicle software updates, and any integrated third-party applications.
28 | 
29 | ## 5. Physical Access Exploits
30 | 
31 | **Vulnerability**: Physical access to the vehicle can allow attackers to manipulate systems directly.  
32 | **Example**: An attacker with physical access could connect a malicious device to the OBD-II port to alter vehicle settings or firmware.  
33 | **Attack Surface**: Diagnostic ports, service stations, and unsecured vehicle access.
34 | 
35 | ## 6. Inadequate Access Control Mechanisms
36 | 
37 | **Vulnerability**: Weak or poorly implemented access control measures can allow unauthorized access to vehicle systems.  
38 | **Example**: A driver might gain unauthorized access to administrative functions through a poorly secured mobile app.  
39 | **Attack Surface**: Mobile applications, vehicle interfaces, and internal network connections.
40 | 
41 | ## 7. Poorly Implemented Authentication Mechanisms
42 | 
43 | **Vulnerability**: Many automotive systems use weak authentication methods, making it easier for attackers to gain unauthorized access.  
44 | **Example**: If a vehicle’s mobile app uses easily guessable passwords, an attacker could log in and change vehicle settings or track location.  
45 | **Attack Surface**: Mobile applications, web interfaces, and vehicle systems that allow remote access.
46 | 
47 | ## 8. Data Leakage and Privacy Violations
48 | 
49 | **Vulnerability**: Vehicles often collect extensive data, which can be inadequately protected.  
50 | **Example**: An unsecured data transmission channel could expose sensitive user data, such as location history and personal preferences, to eavesdroppers.  
51 | **Attack Surface**: Data transmission channels, cloud storage, and interfaces with third-party services.
52 | 
53 | ## 9. Lack of Security in Integrated Systems
54 | 
55 | **Vulnerability**: The integration of various systems (e.g., infotainment, navigation) can create vulnerabilities if not properly secured.  
56 | **Example**: An attacker could exploit a vulnerability in the infotainment system to gain access to the vehicle’s control systems through interconnected components.  
57 | **Attack Surface**: Interconnected vehicle systems, APIs, and communication channels between systems.
58 | 
59 | ## 10. Insecure Legacy Systems
60 | 
61 | **Vulnerability**: Many vehicles still use legacy systems with outdated security protocols.  
62 | **Example**: An attacker could exploit known vulnerabilities in older vehicle models that have not been patched, gaining control over critical systems.  
63 | **Attack Surface**: Older vehicle models, diagnostic tools, and maintenance interfaces.
64 | 


--------------------------------------------------------------------------------
/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.md:
--------------------------------------------------------------------------------
 1 | # HTTP Strict Transport Security Cheat Sheet
 2 | 
 3 | ## Introduction
 4 | 
 5 | HTTP [Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) (also named **HSTS**) is an opt-in security enhancement that is specified by a web application through the use of a special response header. Once a supported browser receives this header that browser will prevent any communications from being sent over HTTP to the specified domain and will instead send all communications over HTTPS. It also prevents HTTPS click through prompts on browsers.
 6 | 
 7 | The specification has been released and published end of 2012 as [RFC 6797](http://tools.ietf.org/html/rfc6797) (HTTP Strict Transport Security (HSTS)) by the IETF.
 8 | 
 9 | ## Threats
10 | 
11 | HSTS addresses the following threats:
12 | 
13 | - User bookmarks or manually types `http://example.com` and is subject to a man-in-the-middle attacker
14 |     - HSTS automatically redirects HTTP requests to HTTPS for the target domain
15 | - Web application that is intended to be purely HTTPS inadvertently contains HTTP links or serves content over HTTP
16 |     - HSTS automatically redirects HTTP requests to HTTPS for the target domain
17 | - A man-in-the-middle attacker attempts to intercept traffic from a victim user using an invalid certificate and hopes the user will accept the bad certificate
18 |     - HSTS does not allow a user to override the invalid certificate message
19 | 
20 | ## Examples
21 | 
22 | Simple example, using a long (1 year = 31536000 seconds) max-age. This example is dangerous since it lacks `includeSubDomains`:
23 | 
24 | `Strict-Transport-Security: max-age=31536000`
25 | 
26 | This example is useful if all present and future subdomains will be HTTPS. This is a more secure option but will block access to certain pages that can only be served over HTTP:
27 | 
28 | `Strict-Transport-Security: max-age=31536000; includeSubDomains`
29 | 
30 | This example is useful if all present and future subdomains will be HTTPS. In this example we set a very short max-age in case of mistakes during initial rollout:
31 | 
32 | `Strict-Transport-Security: max-age=86400; includeSubDomains`
33 | 
34 | **Recommended:**
35 | 
36 | - If the site owner would like their domain to be included in the [HSTS preload list](https://hstspreload.org) maintained by Chrome (and used by Firefox and Safari), then use the header below.
37 | - Sending the `preload` directive from your site can have **PERMANENT CONSEQUENCES** and prevent users from accessing your site and any of its subdomains if you find you need to switch back to HTTP. Please read the details at [preload removal](https://hstspreload.org/#removal) before sending the header with `preload`.
38 | 
39 | `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`
40 | 
41 | The `preload` flag indicates the site owner's consent to have their domain preloaded. The site owner still needs to then go and submit the domain to the list.
42 | 
43 | ## Problems
44 | 
45 | Site owners can use HSTS to identify users without cookies. This can lead to a significant privacy leak. Take a look [here](http://www.leviathansecurity.com/blog/the-double-edged-sword-of-hsts-persistence-and-privacy) for more details.
46 | 
47 | Cookies can be manipulated from sub-domains, so omitting the `includeSubDomains` option permits a broad range of cookie-related attacks that HSTS would otherwise prevent by requiring a valid certificate for a subdomain. Ensuring the `secure` flag is set on all cookies will also prevent, some, but not all, of the same attacks.
48 | 
49 | ## Browser Support
50 | 
51 | As of September 2019 HSTS is supported by [all modern browsers](https://caniuse.com/#feat=stricttransportsecurity), with the only notable exception being Opera Mini.
52 | 
53 | ## References
54 | 
55 | - [Chromium Projects/HSTS](https://www.chromium.org/hsts/)
56 | - [OWASP TLS Protection Cheat Sheet](Transport_Layer_Security_Cheat_Sheet.md)
57 | - [sslstrip](https://github.com/moxie0/sslstrip)
58 | - [AppSecTutorial Series - Episode 4](https://www.youtube.com/watch?v=zEV3HOuM_Vw)
59 | - [Nmap NSE script to detect HSTS configuration](https://github.com/icarot/NSE_scripts/blob/master/http-hsts-verify.nse)
60 | 


--------------------------------------------------------------------------------
/cheatsheets/Injection_Prevention_in_Java_Cheat_Sheet.md:
--------------------------------------------------------------------------------
1 | # Injection Prevention Cheat Sheet in Java
2 | 
3 | This information has been moved to the dedicated [Java Security CheatSheet](Java_Security_Cheat_Sheet.md#injection-prevention-in-java)
4 | 


--------------------------------------------------------------------------------
/cheatsheets/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet.md:
--------------------------------------------------------------------------------
 1 | # Insecure Direct Object Reference Prevention Cheat Sheet
 2 | 
 3 | ## Introduction
 4 | 
 5 | Insecure Direct Object Reference (IDOR) is a vulnerability that arises when attackers can access or modify objects by manipulating identifiers used in a web application's URLs or parameters. It occurs due to missing access control checks, which fail to verify whether a user should be allowed to access specific data.
 6 | 
 7 | ## Examples
 8 | 
 9 | For instance, when a user accesses their profile, the application might generate a URL like this:
10 | 
11 | ```
12 | https://example.org/users/123
13 | ```
14 | 
15 | The 123 in the URL is a direct reference to the user's record in the database, often represented by the primary key. If an attacker changes this number to 124 and gains access to another user's information, the application is vulnerable to Insecure Direct Object Reference. This happens because the app didn't properly check if the user had permission to view data for user 124 before displaying it.
16 | 
17 | In some cases, the identifier may not be in the URL, but rather in the POST body, as shown in the following example:
18 | 
19 | ```
20 | <form action="/update_profile" method="post">
21 |   <!-- Other fields for updating name, email, etc. -->
22 |   <input type="hidden" name="user_id" value="12345">
23 |   <button type="submit">Update Profile</button>
24 | </form>
25 | ```
26 | 
27 | In this example, the application allows users to update their profiles by submitting a form with the user ID in a hidden field. If the app doesn't perform proper access control on the server-side, attackers can manipulate the "user_id" field to modify profiles of other users without authorization.
28 | 
29 | ## Identifier complexity
30 | 
31 | In some cases, using more complex identifiers like GUIDs can make it practically impossible for attackers to guess valid values. However, even with complex identifiers, access control checks are essential. If attackers obtain URLs for unauthorized objects, the application should still block their access attempts.
32 | 
33 | ## Mitigation
34 | 
35 | To mitigate IDOR, implement access control checks for each object that users try to access. Web frameworks often provide ways to facilitate this. Additionally, use complex identifiers as a defense-in-depth measure, but remember that access control is crucial even with these identifiers.
36 | 
37 | Avoid exposing identifiers in URLs and POST bodies if possible. Instead, determine the currently authenticated user from session information. When using multi-step flows, pass identifiers in the session to prevent tampering.
38 | 
39 | When looking up objects based on primary keys, use datasets that users have access to. For example, in Ruby on Rails:
40 | 
41 | ```
42 | // vulnerable, searches all projects
43 | @project = Project.find(params[:id])
44 | // secure, searches projects related to the current user
45 | @project = @current_user.projects.find(params[:id])
46 | ```
47 | 
48 | Verify the user's permission every time an access attempt is made. Implement this structurally using the recommended approach for your web framework.
49 | 
50 | As an additional defense-in-depth measure, replace enumerable numeric identifiers with more complex, random identifiers. You can achieve this by adding a column with random strings in the database table and using those strings in the URLs instead of numeric primary keys. Another option is to use UUIDs or other long random values as primary keys. Avoid encrypting identifiers as it can be challenging to do so securely.
51 | 


--------------------------------------------------------------------------------
/cheatsheets/PHP_Configuration_Cheat_Sheet.md:
--------------------------------------------------------------------------------
  1 | # PHP Configuration Cheat Sheet
  2 | 
  3 | ## Introduction
  4 | 
  5 | This page is meant to help those configuring PHP and the web server it is running on to be very secure.
  6 | 
  7 | Below you will find information on the proper settings for the `php.ini` file and instructions on configuring Apache, Nginx, and Caddy web servers.
  8 | 
  9 | For general PHP codebase security please refer to the two following great guides:
 10 | 
 11 | - [Paragonie's 2018 PHP Security Guide](https://paragonie.com/blog/2017/12/2018-guide-building-secure-php-software)
 12 | - [Awesome PHP Security](https://github.com/guardrailsio/awesome-php-security)
 13 | 
 14 | ## PHP Configuration and Deployment
 15 | 
 16 | ### php.ini
 17 | 
 18 | Some of following settings need to be adapted to your system, in particular `session.save_path`, `session.cookie_path` (e.g. `/var/www/mysite`), and `session.cookie_domain` (e.g. `ExampleSite.com`).
 19 | 
 20 | You should be running a [supported version of PHP](https://www.php.net/supported-versions.php) (as of this writing, 8.1 is the oldest version receiving security support from PHP, though distribution vendors often provide extended support). Review the [core `php.ini` directives](https://www.php.net/manual/ini.core.php) in the PHP Manual for a complete reference on every value in the `php.ini` configuration file.
 21 | 
 22 | You can find a copy of the following values in a [ready-to-go `php.ini` file here](https://github.com/danehrlich1/very-secure-php-ini).
 23 | 
 24 | #### PHP error handling
 25 | 
 26 | ```text
 27 | expose_php              = Off
 28 | error_reporting         = E_ALL
 29 | display_errors          = Off
 30 | display_startup_errors  = Off
 31 | log_errors              = On
 32 | error_log               = /valid_path/PHP-logs/php_error.log
 33 | ignore_repeated_errors  = Off
 34 | ```
 35 | 
 36 | Keep in mind that you need to have `display_errors` to `Off` on a production server and it's a good idea to frequently notice the logs.
 37 | 
 38 | #### PHP general settings
 39 | 
 40 | ```text
 41 | doc_root                = /path/DocumentRoot/PHP-scripts/
 42 | open_basedir            = /path/DocumentRoot/PHP-scripts/
 43 | include_path            = /path/PHP-pear/
 44 | extension_dir           = /path/PHP-extensions/
 45 | mime_magic.magicfile    = /path/PHP-magic.mime
 46 | allow_url_fopen         = Off
 47 | allow_url_include       = Off
 48 | variables_order         = "GPCS"
 49 | allow_webdav_methods    = Off
 50 | session.gc_maxlifetime  = 600
 51 | ```
 52 | 
 53 | `allow_url_*` prevents [LFI](https://www.acunetix.com/blog/articles/local-file-inclusion-lfi/)s to be easily escalated to [RFI](https://www.acunetix.com/blog/articles/remote-file-inclusion-rfi/)s.
 54 | 
 55 | #### PHP file upload handling
 56 | 
 57 | ```text
 58 | file_uploads            = On
 59 | upload_tmp_dir          = /path/PHP-uploads/
 60 | upload_max_filesize     = 2M
 61 | max_file_uploads        = 2
 62 | ```
 63 | 
 64 | If your application is not using file uploads, and say the only data the user will enter / upload is forms that do not require any document attachments, `file_uploads` should be turned `Off`.
 65 | 
 66 | #### PHP executable handling
 67 | 
 68 | ```text
 69 | enable_dl               = Off
 70 | disable_functions       = system, exec, shell_exec, passthru, phpinfo, show_source, highlight_file, popen, proc_open, fopen_with_path, dbmopen, dbase_open, putenv, move_uploaded_file, chdir, mkdir, rmdir, chmod, rename, filepro, filepro_rowcount, filepro_retrieve, posix_mkfifo
 71 | disable_classes         =
 72 | ```
 73 | 
 74 | These are dangerous PHP functions. You should disable all that you don't use.
 75 | 
 76 | #### PHP session handling
 77 | 
 78 | Session settings are some of the MOST important values to concentrate on in configuring. It is a good practice to change `session.name` to something new.
 79 | 
 80 | ```text
 81 |  session.save_path                = /path/PHP-session/
 82 |  session.name                     = myPHPSESSID
 83 |  session.auto_start               = Off
 84 |  session.use_trans_sid            = 0
 85 |  session.cookie_domain            = full.qualified.domain.name
 86 |  #session.cookie_path             = /application/path/
 87 |  session.use_strict_mode          = 1
 88 |  session.use_cookies              = 1
 89 |  session.use_only_cookies         = 1
 90 |  session.cookie_lifetime          = 14400 # 4 hours
 91 |  session.cookie_secure            = 1
 92 |  session.cookie_httponly          = 1
 93 |  session.cookie_samesite          = Strict
 94 |  session.cache_expire             = 30
 95 |  session.sid_length               = 256
 96 |  session.sid_bits_per_character   = 6
 97 | ```
 98 | 
 99 | #### Some more security paranoid checks
100 | 
101 | ```text
102 | session.referer_check   = /application/path
103 | memory_limit            = 50M
104 | post_max_size           = 20M
105 | max_execution_time      = 60
106 | report_memleaks         = On
107 | html_errors             = Off
108 | zend.exception_ignore_args = On
109 | ```
110 | 
111 | ### Snuffleupagus
112 | 
113 | [Snuffleupagus](https://snuffleupagus.readthedocs.io) is the spiritual
114 | descendent of Suhosin for PHP 7 and onwards, with [modern
115 | features](https://snuffleupagus.readthedocs.io/features.html). It's considered
116 | stable, and is usable in production.
117 | 


--------------------------------------------------------------------------------
/cheatsheets/Prototype_Pollution_Prevention_Cheat_Sheet.md:
--------------------------------------------------------------------------------
 1 | # Prototype Pollution Prevention Cheat Sheet
 2 | 
 3 | ## Explanation
 4 | 
 5 | Prototype Pollution is a critical vulnerability that can allow attackers to manipulate an application's JavaScript objects and properties, leading to serious security issues such as unauthorized access to data, privilege escalation, and even remote code execution.
 6 | 
 7 | For examples of why this is dangerous, see the links in the [Other resources](#other-resources) section below.
 8 | 
 9 | ## Suggested protection mechanisms
10 | 
11 | ### Use "new Set()" or "new Map()"
12 | 
13 | Developers should use `new Set()` or `new Map()` instead of using object literals:
14 | 
15 | ```javascript
16 | let allowedTags = new Set();
17 | allowedTags.add('b');
18 | if(allowedTags.has('b')){
19 |   //...
20 | }
21 | 
22 | let options = new Map();
23 | options.set('spaces', 1);
24 | let spaces = options.get('spaces')
25 | ```
26 | 
27 | ### If objects or object literals are required
28 | 
29 | If objects have to be used then they should be created using the `Object.create(null)` API to ensure they don't inherit from the Object prototype:
30 | 
31 | ```javascript
32 | let obj = Object.create(null);
33 | ```
34 | 
35 | If object literals are required then as a last resort you could use the `__proto__` property:
36 | 
37 | ```javascript
38 | let obj = {__proto__:null};
39 | ```
40 | 
41 | ### Use object "freeze" and "seal" mechanisms
42 | 
43 | You can also use the `Object.freeze()` and `Object.seal()` APIs to prevent built-in prototypes from being modified however this can break the application if the libraries they use modify the built-in prototypes.
44 | 
45 | ### Node.js configuration flag
46 | 
47 | Node.js also offers the ability to remove the `__proto__` property completely using the `--disable-proto=delete` flag. Note this is a defense in depth measure.
48 | 
49 | Prototype pollution is still possible using `constructor.prototype` properties but removing `__proto__` helps reduce attack surface and prevent certain attacks.
50 | 
51 | ### Other resources
52 | 
53 | - [What is prototype pollution? (Portswigger Web Security Academy)](https://portswigger.net/web-security/prototype-pollution)
54 | - [Prototype pollution (Snyk Learn)](https://learn.snyk.io/lessons/prototype-pollution/javascript/)
55 | 
56 | ### Credits
57 | 
58 | Credit to [Gareth Hayes](https://garethheyes.co.uk/) for providing the original protection guidance [in this comment](https://github.com/OWASP/ASVS/issues/1563#issuecomment-1470027723).
59 | 


--------------------------------------------------------------------------------
/cheatsheets/REST_Assessment_Cheat_Sheet.md:
--------------------------------------------------------------------------------
 1 | # REST Assessment Cheat Sheet
 2 | 
 3 | ## About RESTful Web Services
 4 | 
 5 | Web Services are an implementation of web technology used for machine to machine communication. As such they are used for Inter application communication, Web 2.0 and Mashups and by desktop and mobile applications to call a server.
 6 | 
 7 | RESTful web services (often called simply REST) are a light weight variant of Web Services based on the RESTful design pattern. In practice RESTful web services utilizes HTTP requests that are similar to regular HTTP calls in contrast with other Web Services technologies such as SOAP which utilizes a complex protocol.
 8 | 
 9 | ## Key relevant properties of RESTful web services
10 | 
11 | - Use of HTTP methods (`GET`, `POST`, `PUT` and `DELETE`) as the primary verb for the requested operation.
12 | - Non-standard parameters specifications:
13 |     - As part of the URL.
14 |     - In headers.
15 | - Structured parameters and responses using JSON or XML in a parameter values, request body or response body. Those are required to communicate machine useful information.
16 | - Custom authentication and session management, often utilizing custom security tokens: this is needed as machine to machine communication does not allow for login sequences.
17 | - Lack of formal documentation. A [proposed standard for describing RESTful web services called WADL](http://www.w3.org/Submission/wadl/) was submitted by Sun Microsystems but was never officially adapted.
18 | 
19 | ## The challenge of security testing RESTful web services
20 | 
21 | - Inspecting the application does not reveal the attack surface, I.e. the URLs and parameter structure used by the RESTful web service. The reasons are:
22 |     - No application utilizes all the available functions and parameters exposed by the service
23 |     - Those used are often activated dynamically by client side code and not as links in pages.
24 |     - The client application is often not a web application and does not allow inspection of the activating link or even relevant code.
25 | - The parameters are non-standard making it hard to determine what is just part of the URL or a constant header and what is a parameter worth [fuzzing](https://owasp.org/www-community/Fuzzing).
26 | - As a machine interface the number of parameters used can be very large, for example a JSON structure may include dozens of parameters. [fuzzing](https://owasp.org/www-community/Fuzzing) each one significantly lengthen the time required for testing.
27 | - Custom authentication mechanisms require reverse engineering and make popular tools not useful as they cannot track a login session.
28 | 
29 | ## How to pentest a RESTful web service
30 | 
31 | Determine the attack surface through documentation - RESTful pen testing might be better off if some level of clear-box testing is allowed and you can get information about the service.
32 | 
33 | This information will ensure fuller coverage of the attack surface. Such information to look for:
34 | 
35 | - Formal service description - While for other types of web services such as SOAP a formal description, usually in WSDL is often available, this is seldom the case for REST. That said, either WSDL 2.0 or WADL can describe REST and are sometimes used.
36 | - A developer guide for using the service may be less detailed but will commonly be found, and might even be considered *opaque-box* testing.
37 | - Application source or configuration - in many frameworks, including dotNet ,the REST service definition might be easily obtained from configuration files rather than from code.
38 | 
39 | Collect full requests using a [proxy](https://www.zaproxy.org/) - while always an important pen testing step, this is more important for REST based applications as the application UI may not give clues on the actual attack surface.
40 | 
41 | Note that the proxy must be able to collect full requests and not just URLs as REST services utilize more than just GET parameters.
42 | 
43 | Analyze collected requests to determine the attack surface:
44 | 
45 | - Look for non-standard parameters:
46 |     - Look for abnormal HTTP headers - those would many times be header based parameters.
47 |     - Determine if a URL segment has a repeating pattern across URLs. Such patterns can include a date, a number or an ID like string and indicate that the URL segment is a URL embedded parameter.
48 |         - For example: `http://server/srv/2013-10-21/use.php`
49 |     - Look for structured parameter values - those may be JSON, XML or a non-standard structure.
50 |     - If the last element of a URL does not have an extension, it may be a parameter. This is especially true if the application technology normally uses extensions or if a previous segment does have an extension.
51 |         - For example: `http://server/svc/Grid.asmx/GetRelatedListItems`
52 |     - Look for highly varying URL segments - a single URL segment that has many values may be parameter and not a physical directory.
53 |         - For example if the URL `http://server/src/XXXX/page` repeats with hundreds of value for `XXXX`, chances `XXXX` is a parameter.
54 | 
55 | Verify non-standard parameters: in some cases (but not all), setting the value of a URL segment suspected of being a parameter to a value expected to be invalid can help determine if it is a path elements of a parameter. If a path element, the web server will return a *404* message, while for an invalid value to a parameter the answer would be an application level message as the value is legal at the web server level.
56 | 
57 | Analyzing collected requests to optimize [fuzzing](https://owasp.org/www-community/Fuzzing) - after identifying potential parameters to fuzz, analyze the collected values for each to determine:
58 | 
59 | - Valid vs. invalid values, so that [fuzzing](https://owasp.org/www-community/Fuzzing) can focus on marginal invalid values.
60 |     - For example sending *0* for a value found to be always a positive integer.
61 | - Sequences allowing to fuzz beyond the range presumably allocated to the current user.
62 | 
63 | Lastly, when [fuzzing](https://owasp.org/www-community/Fuzzing), don't forget to emulate the authentication mechanism used.
64 | 
65 | ## Related Resources
66 | 
67 | - [REST Security Cheat Sheet](REST_Security_Cheat_Sheet.md) - the other side of this cheat sheet
68 | - [YouTube: RESTful services, web security blind spot](https://www.youtube.com/watch?v=pWq4qGLAZHI) - a video presentation elaborating on most of the topics on this cheat sheet.
69 | 


--------------------------------------------------------------------------------
/cheatsheets/TLS_Cipher_String_Cheat_Sheet.md:
--------------------------------------------------------------------------------
1 | # DEPRECATED: TLS Cipher String Cheat Sheet
2 | 
3 | The TLS Cipher String Cheat Sheet has been deprecated.
4 | 
5 | Please visit the [Transport Layer Security Cheat Sheet](Transport_Layer_Security_Cheat_Sheet.md) instead.
6 | 


--------------------------------------------------------------------------------
/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.md:
--------------------------------------------------------------------------------
1 | # DEPRECATED: Transport Layer Protection Cheat Sheet
2 | 
3 | The Transport Layer Protection Cheat Sheet has been deprecated.
4 | 
5 | Please visit the [Transport Layer Security Cheat Sheet](Transport_Layer_Security_Cheat_Sheet.md) instead.
6 | 


--------------------------------------------------------------------------------
/cheatsheets_excluded/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/cheatsheets_excluded/.gitkeep


--------------------------------------------------------------------------------
/cheatsheets_excluded/PL_SQL_Security_Cheat_Sheet.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: PL SQL Security Cheat Sheet
 3 | permalink: /PL/SQL_Security_Cheat_Sheet/
 4 | ---
 5 | 
 6 | PL/SQL is a powerful procedural language built on top of Oracle SQL syntax. Extensive library of business-related and data-processing functions it incorporates makes it an attractive environment for building business-critical applications operating fully within the Oracle database. Introduction of PL/SQL Web Toolkit enabled Oracle developers to generate HTML straight from the PL/SQL code and build web applications fully residing from within the Oracle database.
 7 | 
 8 | Just as any other web stack, PL/SQL web applications require careful input validation and other standard safeguards to prevent exploitable [OWASP Top 10](/OWASP_Top_10 "wikilink") vulnerabilities. Oracle `htp` (hypertext procedures) and `htf` (hypertext functions) packages contain the primary functions for generating output in PL/SQL web applications as well as output escaping functions. See [Oracle: The htp and htf Packages](https://docs.oracle.com/cd/B14099_19/web.1012/b15896/pshtp.htm)
 9 | 
10 | Escaping output data to prevent Cross-Site Scripting
11 | ----------------------------------------------------
12 | 
13 | Applications running on newer Oracle versions where APEX packages are available should use `apex_escape` for contextual escaping of output data in a manner similar to [ESAPI](/ESAPI "wikilink") validators. See [Oracle: apex_escape](https://docs.oracle.com/database/121/AEAPI/apex_escape.htm)
14 | 
15 | -   APEX_ESCAPE.HTML
16 | -   APEX_ESCAPE.HTML_ATTRIBUTE
17 | -   APEX_ESCAPE.HTML_TRUNC
18 | -   APEX_ESCAPE.HTML_WHITELIST
19 | -   APEX_ESCAPE.JS_LITERAL
20 | -   APEX_ESCAPE.LDAP_DN
21 | -   APEX_ESCAPE.LDAP_SEARCH_FILTER
22 | -   APEX_ESCAPE.NOOP
23 | 
24 | Applications should use `htp.prints` to output text blocks rather than `htp.print` as the former escapes potentially dangerous characters (&lt;code&gt;&lt;&gt;"'</code>). Note that the `htp.prints` cannot be used as a simple drop-in replacement for `htp.print` because it will also escape legitimate HTML but by `htp` usage model raw HTML shouldn't be generally entered in strings but rather generated with appropriate HTML functions (e.g. `htp.header(1,` `'Hello');` will output <code>
25 | 
26 | <H1>
27 | Hello
28 | 
29 | </H1>
30 | </code>).
31 | 
32 | Sample usage in typical PL/SQL code:
33 | 
34 | `   htp.header(1, 'Details for user ' \|\| apex_escape.html(username)); -- outputs `
35 | 
36 | <H1>
37 | ...
38 | 
39 | </H1>
40 | `   htp.print('Username: '); -- just a string literal, no need to escape`
41 | `   htp.italic(apex_escape.html(username), 'class=' \|\| apex_escape.html_attribute(userclass) );`
42 | `   htp.para();`
43 | `   htp.prints(address); -- escapes dangerous chars in address string`
44 | `   htp.script ('var username="' \|\| apex_escape.js_literal(username) \|\| '";');`
45 | 
46 | On older Oracle platforms `htf.escape_sc` for output in HTML context can be used and the `utl_url.escape` function is available to escape URL characters (&lt;code&gt;&"&lt;&gt;%</code>). URL escaping functionality is also provided by legacy `htf.escape_url` function. These functions are generally less robust than their `apex_escape` equivalents and not context-aware.
47 | 
48 | Input validation and sanitization
49 | ---------------------------------
50 | 
51 | ### Regular expression functions
52 | 
53 | `   IF REGEXP_LIKE('untrusted input', '^[0-9a-zA-z]{2,6}$') THEN /* Match */ ELSE /* No match */ END IF;`
54 | `   select REGEXP_REPLACE('subject<<>>', '[<>]') from dual; -- returns: "subject"`
55 | 
56 | ### DBMS_ASSERT
57 | 
58 | -   ENQUOTE_LITERAL — Enquotes a string literal
59 | -   ENQUOTE_NAME — Encloses a name in double quotes
60 | -   NOOP — Returns the unmodified value
61 | -   QUALIFIED_SQL_NAME — Verifies that the input string is a qualified SQL name
62 | -   SCHEMA_NAME — Verifies that the input string is an existing schema name
63 | -   SIMPLE_SQL_NAME — Verifies that the input string is a simple SQL name
64 | -   SQL_OBJECT_NAME — Verifies that the input parameter string is a qualified SQL identifier of an existing SQL object
65 | 
66 | Example:
67 | 
68 | `   SELECT SYS.DBMS_ASSERT.SIMPLE_SQL_NAME  ('Data with `<invalid>` characters') FROM dual;`
69 | `   ORA-44003: invalid SQL name`
70 | 
71 | See [Oracle: DBMS_ASSERT](https://docs.oracle.com/database/121/ARPLS/d_assert.htm#ARPLS231)
72 | 
73 | References
74 | ----------
75 | 
76 | -   [Oracle "How to write SQL injection proof PL/SQL"](http://www.oracle.com/technetwork/database/features/plsql/overview/how-to-write-injection-proof-plsql-1-129572.pdf)
77 | -   [Security in Oracle ADF: Addressing the OWASP Top 10 Security Vulnerabilities](http://www.oracle.com/technetwork/developer-tools/adf/adfowasptop10-final-2348304.pdf)
78 | 
79 | Authors
80 | -------
81 | 
82 | -   Pawel Krawczyk
83 | 
84 | Other Cheatsheets
85 | -----------------
86 | 
87 | [Category:Cheatsheets](/Category:Cheatsheets "wikilink")
88 | 


--------------------------------------------------------------------------------
/cheatsheets_excluded/Security_Testing_Cheat_Sheet.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: Security Testing Cheat Sheet
 3 | permalink: /Security_Testing_Cheat_Sheet/
 4 | ---
 5 | 
 6 | DRAFT CHEAT SHEET - WORK IN PROGRESS
 7 | ------------------------------------
 8 | 
 9 | Introduction
10 | ------------
11 | 
12 | This page intends to provide quick basic security tips for quality assurance specialists. The goal of the cheat sheet is to act as a starting point for a comprehensive QA Test Plan for security of web applications.
13 | 
14 | Testing Tools
15 | -------------
16 | 
17 | Testing web applications is difficult without tools. The following tools are the common set for QA professionals to accomplish all of the test cases in the security test plan.
18 | 
19 | -   Zed Attack Proxy
20 | -   WebScarab
21 | 
22 | Security Test Plan
23 | ------------------
24 | 
25 | Each major security surface in a web application has a known set of vulnerabilities that can be tested for using a set of test cases.
26 | 
27 | ### Injection
28 | 
29 | ### Authentication and Authorization
30 | 
31 | ### Session management
32 | 
33 | ### Configuration
34 | 
35 | ### Compliance
36 | 
37 | #### PCI
38 | 
39 | #### HIPPA
40 | 
41 | ### Handling data
42 | 
43 | ### Technology Specific Tests
44 | 
45 | #### PHP
46 | 
47 | #### Microsoft
48 | 
49 | #### Ruby on Rails
50 | 
51 | #### Adobe
52 | 
53 | #### Java
54 | 
55 | #### JavaScript Frameworks
56 | 
57 | ### Configuration
58 | 
59 | ### Cross Site Request Forgery
60 | 
61 | Authors and Primary Editors
62 | ---------------------------
63 | 
64 | Bill Sempf - bill.sempf \[at\] owasp.org [User:Bill Sempf](/User:Bill_Sempf "wikilink")
65 | 
66 | Other Cheatsheets
67 | -----------------
68 | 
69 | [Category:Cheatsheets](/Category:Cheatsheets "wikilink")


--------------------------------------------------------------------------------
/exploit-protection-guard.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/CheatSheetSeries/d5e64fdb76a6c9d9b45ea1f5ecb0fed13349aabf/exploit-protection-guard.png


--------------------------------------------------------------------------------
/markdown-link-check-config.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "ignorePatterns": [
 3 |     {
 4 |       "pattern": "^bundle.zip"
 5 |     },
 6 |     {
 7 |       "pattern": "^News.xml"
 8 |     },
 9 |     {
10 |       "pattern": "^/"
11 |     },
12 |     {
13 |         "pattern": "vincent.bernat.im"
14 |     },
15 |     {
16 |         "pattern": "developer.android.com"
17 |     },
18 |     {
19 |         "pattern": "csrc.nist.gov"
20 |     },
21 |     {
22 |         "pattern": "www.exploit-db.com"
23 |     }
24 |   ],
25 |   "httpHeaders": [
26 |     {
27 |       "urls": ["https://", "http://"],
28 |       "headers": {
29 |         "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0"
30 |       }
31 |     }
32 |   ]
33 | }
34 | 


--------------------------------------------------------------------------------
/mkdocs.yml:
--------------------------------------------------------------------------------
 1 | # Project information
 2 | site_name: OWASP Cheat Sheet Series
 3 | site_url: https://cheatsheetseries.owasp.org/
 4 | site_description: Website with the collection of all the cheat sheets of the project.
 5 | # Repository
 6 | repo_name: OWASP/CheatSheetSeries
 7 | repo_url: https://github.com/OWASP/CheatSheetSeries
 8 | 
 9 | # Copyright
10 | copyright: ©Copyright <script>document.write(new Date().getFullYear())</script> - Cheat Sheets Series Team - This work is licensed under <a rel="license" href="https://creativecommons.org/licenses/by-sa/4.0/">Creative Commons Attribution-ShareAlike 4.0 International</a>.
11 | 
12 | #Config
13 | docs_dir: cheatsheets/
14 | google_analytics:
15 |   - !!python/object/apply:os.getenv ["WORKFLOW_GOOGLE_ANALYTICS_KEY", "none"]
16 |   - auto
17 | use_directory_urls: false
18 | plugins:
19 |   - search:
20 |     #        prebuild_index: true
21 |       lang:
22 |         - en
23 | #For read the docs
24 | # theme:
25 | #     name: readthedocs
26 | #     custom_dir: custom_theme/
27 | #     highlightjs: true
28 | #     sticky_navigation: false
29 | # markdown_extensions:
30 | #     - pymdownx.emoji:
31 | #        emoji_index: !!python/name:pymdownx.emoji.twemoji
32 | #        emoji_generator: !!python/name:pymdownx.emoji.to_alt
33 | #     - toc:
34 | #         permalink: true
35 | 
36 | #For material
37 | theme:
38 |   name: material
39 |   custom_dir: custom_theme/
40 |   features:
41 |     - navigation.sections
42 |     - navigation.expand
43 |   favicon: assets/WebSite_Favicon.png
44 |   logo: "assets/OWASP_Logo.svg"
45 |   palette:
46 |     # Palette toggle for light mode
47 |     - media: "(prefers-color-scheme: light)"
48 |       scheme: default
49 |       primary: indigo
50 |       accent: indigo
51 |       toggle:
52 |         icon: material/brightness-7
53 |         name: Switch to dark mode
54 |     # Palette toggle for dark mode
55 |     - media: "(prefers-color-scheme: dark)"
56 |       scheme: slate
57 |       primary: black
58 |       accent: indigo
59 |       toggle:
60 |         icon: material/brightness-4
61 |         name: Switch to light mode
62 | markdown_extensions:
63 |   - pymdownx.highlight
64 |   - pymdownx.superfences # Required by Pygments
65 |   - pymdownx.inlinehilite
66 |   - pymdownx.emoji:
67 |       emoji_index: !!python/name:pymdownx.emoji.twemoji
68 |       emoji_generator: !!python/name:pymdownx.emoji.to_svg
69 |   - toc:
70 |       permalink: true
71 |   - sane_lists
72 | 


--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "cheatsheetseries",
 3 |   "version": "1.0.1",
 4 |   "description": "OWASP CSS Project",
 5 |   "main": "index.js",
 6 |   "dependencies": {},
 7 |   "devDependencies": {
 8 |     "markdownlint-cli": "^0.26.0",
 9 |     "textlint": "^11.6.3",
10 |     "textlint-filter-rule-comments": "^1.2.2",
11 |     "textlint-filter-rule-whitelist": "^2.0.0",
12 |     "textlint-rule-terminology": "^2.1.4"
13 |   },
14 |   "scripts": {
15 |     "test": "npm run lint-markdown && npm run lint-terminology",
16 |     "lint-terminology": "textlint ./cheatsheets/",
17 |     "lint-markdown": "markdownlint ./ -c .markdownlint.json --ignore node_modules --ignore cheatsheets_excluded",
18 |     "link-check": "find  cheatsheets -name \\*.md -exec markdown-link-check -c markdown-link-check-config.json 1> log 2> err {} \\; && if [ -e err ] && grep -q  \"ERROR:\" err ; then exit 113  ; else echo -e \"All good\"; fi"
19 |   },
20 |   "repository": {
21 |     "type": "git",
22 |     "url": "git+https://github.com/OWASP/CheatSheetSeries.git"
23 |   },
24 |   "author": "OWASP",
25 |   "license": "CC-BY-SA-4.0",
26 |   "bugs": {
27 |     "url": "https://github.com/OWASP/CheatSheetSeries/issues"
28 |   },
29 |   "homepage": "https://github.com/OWASP/CheatSheetSeries#readme"
30 | }
31 | 


--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
 1 | Babel==2.16.0
 2 | certifi==2024.8.30
 3 | charset-normalizer==3.4.0
 4 | click==8.1.7
 5 | colorama==0.4.6
 6 | feedgen==1.0.0
 7 | ghp-import==2.1.0
 8 | idna==3.10
 9 | Jinja2==3.1.4
10 | lxml==5.3.0
11 | Markdown==3.7
12 | MarkupSafe==3.0.2
13 | mergedeep==1.3.4
14 | mkdocs==1.6.1
15 | mkdocs-material==9.5.42
16 | mkdocs-material-extensions==1.3.1
17 | packaging==24.1
18 | paginate==0.5.7
19 | pathspec==0.12.1
20 | platformdirs==4.3.6
21 | Pygments==2.18.0
22 | pymdown-extensions==10.12
23 | python-dateutil==2.9.0.post0
24 | PyYAML==6.0.2
25 | pyyaml_env_tag==0.1
26 | regex==2024.9.11
27 | requests==2.32.3
28 | six==1.16.0
29 | urllib3==2.2.3
30 | watchdog==5.0.3
31 | 


--------------------------------------------------------------------------------
/scripts/404.html:
--------------------------------------------------------------------------------
  1 | <!DOCTYPE html>
  2 | <html lang='en' class=''>
  3 | 
  4 | <head>
  5 |   <meta charset='UTF-8'>
  6 |   <title>404</title>
  7 |   <meta http-equiv="X-UA-Compatible" content="IE=edge">
  8 |   <style>
  9 |     *,
 10 |     *::after,
 11 |     *::before {
 12 |       box-sizing: border-box;
 13 |     }
 14 | 
 15 |     html {
 16 |       background: #000;
 17 |       font-family: Arial, "Helvetica Neue", Helvetica, sans-serif;
 18 |     }
 19 | 
 20 |     head {
 21 |       display: block;
 22 |       position: relative;
 23 |       width: 200px;
 24 |       margin: 5% auto 0;
 25 |       -webkit-animation: shvr .2s infinite;
 26 |       animation: shvr .2s infinite;
 27 |     }
 28 | 
 29 |     head::after {
 30 |       content: '';
 31 |       width: 20px;
 32 |       height: 20px;
 33 |       background: #000;
 34 |       position: absolute;
 35 |       top: 20px;
 36 |       left: 25px;
 37 |       border-radius: 50%;
 38 |       box-shadow: 125px 0 0 #000;
 39 |       -webkit-animation: eye 2.5s infinite;
 40 |       animation: eye 2.5s infinite;
 41 |     }
 42 | 
 43 |     meta {
 44 |       position: relative;
 45 |       display: inline-block;
 46 |       background: #fff;
 47 |       width: 75px;
 48 |       height: 80px;
 49 |       border-radius: 50% 50% 50% 50% / 45px 45px 45% 45%;
 50 |       -webkit-transform: rotate(45deg);
 51 |       transform: rotate(45deg);
 52 |     }
 53 | 
 54 |     meta::after {
 55 |       content: '';
 56 |       position: absolute;
 57 |       border-bottom: 2px solid #fff;
 58 |       width: 70px;
 59 |       height: 50px;
 60 |       left: 0px;
 61 |       bottom: -10px;
 62 |       border-radius: 50%;
 63 |     }
 64 | 
 65 |     meta::before {
 66 |       bottom: auto;
 67 |       top: -100px;
 68 |       -webkit-transform: rotate(45deg);
 69 |       transform: rotate(45deg);
 70 |       left: 0;
 71 |     }
 72 | 
 73 |     meta:nth-of-type(2) {
 74 |       float: right;
 75 |       -webkit-transform: rotate(-45deg);
 76 |       transform: rotate(-45deg);
 77 |     }
 78 | 
 79 |     meta:nth-of-type(2)::after {
 80 |       left: 5px;
 81 |     }
 82 | 
 83 |     meta:nth-of-type(3) {
 84 |       display: none;
 85 |     }
 86 | 
 87 |     body {
 88 |       margin-top: 20px;
 89 |       text-align: center;
 90 |       color: #fff;
 91 |     }
 92 | 
 93 |     body::before {
 94 |       content: '404';
 95 |       font-size: 80px;
 96 |       font-weight: 800;
 97 |       display: block;
 98 |       margin-bottom: 10px;
 99 |     }
100 | 
101 |     body::after {
102 |       content: 'Got lost? How.....?  why.....?  Ahhhh....';
103 |       color: #1EA7AB;
104 |       width: 120px;
105 |       font-size: 30px;
106 |       overflow: hidden;
107 |       display: inline-block;
108 |       white-space: nowrap;
109 |       -webkit-animation: text-show 2s infinite steps(3);
110 |       animation: text-show 2s infinite steps(3);
111 |     }
112 | 
113 |     @-webkit-keyframes eye {
114 | 
115 |       0%,
116 |       30%,
117 |       55%,
118 |       90%,
119 |       100% {
120 |         -webkit-transform: translate(0, 0);
121 |         transform: translate(0, 0);
122 |       }
123 | 
124 |       10%,
125 |       25% {
126 |         -webkit-transform: translate(0, 20px);
127 |         transform: translate(0, 20px);
128 |       }
129 | 
130 |       65% {
131 |         -webkit-transform: translate(-20px, 0);
132 |         transform: translate(-20px, 0);
133 |       }
134 | 
135 |       80% {
136 |         -webkit-transform: translate(20px, 0);
137 |         transform: translate(20px, 0);
138 |       }
139 |     }
140 | 
141 |     @keyframes eye {
142 | 
143 |       0%,
144 |       30%,
145 |       55%,
146 |       90%,
147 |       100% {
148 |         -webkit-transform: translate(0, 0);
149 |         transform: translate(0, 0);
150 |       }
151 | 
152 |       10%,
153 |       25% {
154 |         -webkit-transform: translate(0, 20px);
155 |         transform: translate(0, 20px);
156 |       }
157 | 
158 |       65% {
159 |         -webkit-transform: translate(-20px, 0);
160 |         transform: translate(-20px, 0);
161 |       }
162 | 
163 |       80% {
164 |         -webkit-transform: translate(20px, 0);
165 |         transform: translate(20px, 0);
166 |       }
167 |     }
168 | 
169 |     @-webkit-keyframes shvr {
170 |       0% {
171 |         -webkit-transform: translate(1px);
172 |         transform: translate(1px);
173 |       }
174 | 
175 |       50% {
176 |         -webkit-transform: translate(0);
177 |         transform: translate(0);
178 |       }
179 | 
180 |       100% {
181 |         -webkit-transform: translate(-1px);
182 |         transform: translate(-1px);
183 |       }
184 |     }
185 | 
186 |     @keyframes shvr {
187 |       0% {
188 |         -webkit-transform: translate(1px);
189 |         transform: translate(1px);
190 |       }
191 | 
192 |       50% {
193 |         -webkit-transform: translate(0);
194 |         transform: translate(0);
195 |       }
196 | 
197 |       100% {
198 |         -webkit-transform: translate(-1px);
199 |         transform: translate(-1px);
200 |       }
201 |     }
202 | 
203 |     @-webkit-keyframes text-show {
204 |       to {
205 |         text-indent: -373px;
206 |       }
207 |     }
208 | 
209 |     @keyframes text-show {
210 |       to {
211 |         text-indent: -373px;
212 |       }
213 |     }
214 |   </style>
215 | </head>
216 | 
217 | <body>
218 | 
219 |   <div class="container">
220 |     <p><a href="/"><img src="https://owasp.org/assets/images/web/404-old-owasp.png"></a></p>
221 |     <h2>WHOA THAT PAGE CANNOT BE FOUND</h2>
222 |   </div>
223 | 
224 | </body>
225 | 
226 | </html>


--------------------------------------------------------------------------------
/scripts/Apply_Link_Check.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | # Script in charge of auditing the released cheatsheets MD files
 3 | # in order to detect dead links
 4 | cd ../cheatsheets
 5 | find . -name \*.md -exec markdown-link-check -c ../.markdownlinkcheck.json {} \; 1>../link-check-result.out 2>&1
 6 | errors=`grep -c "ERROR:" ../link-check-result.out`
 7 | content=`cat ../link-check-result.out`
 8 | if [[ $errors != "0" ]]
 9 | then
10 |     echo "[!] Error(s) found by the Links validator: $errors CS have dead links !"
11 |     exit $errors
12 | else
13 |     echo "[+] No error found by the Links validator."
14 | fi


--------------------------------------------------------------------------------
/scripts/Generate_CheatSheets_TOC.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | # -*- coding: utf-8 -*-
 3 | """
 4 | Python3 script to generate the summary markdown page that is used
 5 | by GitBook to generate the offline website.
 6 | 
 7 | The summary markdown page is named "TOC.md" and is generated in the
 8 | same location that the script in order to be moved later by the caller script.
 9 | """
10 | import os
11 | 
12 | # Define templates
13 | cs_md_link_template = "* [%s](cheatsheets/%s)"
14 | 
15 | # Scan all CS files
16 | cheatsheets = [f.name for f in os.scandir("../cheatsheets") if f.is_file()]
17 | cheatsheets.sort()
18 | 
19 | # Generate the summary file
20 | with open("TOC.md", "w") as index_file:
21 |     index_file.write("# Summary\n\n")
22 |     index_file.write("### Cheatsheets\n\n")
23 |     index_file.write(cs_md_link_template % ("Index Alphabetical", "Index.md"))
24 |     index_file.write("\n")
25 |     index_file.write(cs_md_link_template % ("Index ASVS", "IndexASVS.md"))
26 |     index_file.write("\n")
27 |     index_file.write(cs_md_link_template % ("Index ASVS", "IndexMASVS.md"))
28 |     index_file.write("\n")
29 |     index_file.write(cs_md_link_template % ("Index Proactive Controls", "IndexProactiveControls.md"))
30 |     index_file.write("\n")
31 |     for cheatsheet in cheatsheets:
32 |         if cheatsheet != "Index.md" and cheatsheet != "IndexASVS.md" and cheatsheet != "IndexMASVS.md" and cheatsheet != "IndexProactiveControls.md" and cheatsheet != "TOC.md":
33 |             cs_name = cheatsheet.replace("_"," ").replace(".md", "").replace("Cheat Sheet", "")
34 |             index_file.write(cs_md_link_template % (cs_name, cheatsheet))
35 |             index_file.write("\n")
36 | print("Summary markdown page generated.")


--------------------------------------------------------------------------------
/scripts/Generate_RSS_Feed.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | # -*- coding: utf-8 -*-
 3 | """
 4 | Python3 script to generate an RSS feed XML file based on merged pull requests:
 5 | See https://github.com/OWASP/CheatSheetSeries/issues/186
 6 | Do not require to have a local copy of the GitHub repository.
 7 | Dependencies: pip install requests feedgen
 8 | """
 9 | import sys
10 | import json
11 | from datetime import datetime, timezone
12 | 
13 | import requests
14 | from feedgen.feed import FeedGenerator
15 | 
16 | # Define constants
17 | # API to retrieve the list of PR
18 | # See https://developer.github.com/v3/pulls/#list-pull-requests for explanation
19 | PR_API = "https://api.github.com/repos/OWASP/CheatSheetSeries/pulls?page=1&per_page=1000&state=closed"
20 | 
21 | # Grab the list of open PR
22 | print("[+] Grab the list of closed PR via the GitHub API...")
23 | response = requests.get(PR_API)
24 | if response.status_code != 200:
25 |     print("Cannot load the list of PR content: HTTP %s received!" %  response.status_code)
26 |     sys.exit(1)
27 | pull_requests = response.json()
28 | 
29 | # Process the obtained list and generate the feed in memory
30 | print("[+] Process the obtained list and generate the feed in memory (%s) items)..." % len(pull_requests))
31 | feed_generator = FeedGenerator()
32 | current_date = datetime.now(timezone.utc).strftime("%a, %d %B %Y %H:%M:%S GMT")  # Sun, 19 May 2002 15:21:36 GMT
33 | feed_generator.id("https://cheatsheetseries.owasp.org/")
34 | feed_generator.title("OWASP Cheat Sheet Series update")
35 | feed_generator.description("List of the last updates on the content")
36 | feed_generator.author({"name": "Core team", "email": "dominique.righetto@owasp.org"})
37 | feed_generator.link({"href": "https://cheatsheetseries.owasp.org", "rel": "self"})
38 | feed_generator.link({"href": "https://github.com/OWASP/CheatSheetSeries", "rel": "alternate"})
39 | feed_generator.language("en")
40 | feed_generator.icon("https://cheatsheetseries.owasp.org/gitbook/images/favicon.ico")
41 | feed_generator.pubDate(current_date)
42 | feed_generator.lastBuildDate(current_date)
43 | for pull_request in pull_requests:
44 |     # Take only merged PR
45 |     if pull_request["merged_at"] is None:
46 |         continue
47 |     # Convert merge date from 2019-08-25T06:36:35Z To Sun, 19 May 2002 15:21:36 GMT
48 |     merge_date_src = pull_request["merged_at"]
49 |     merge_date_dst = datetime.strptime(merge_date_src, "%Y-%m-%dT%H:%M:%SZ").strftime("%a, %d %B %Y %H:%M:%S GMT")
50 |     feed_entry = feed_generator.add_entry()
51 |     feed_entry.id(pull_request["html_url"])
52 |     feed_entry.title(pull_request["title"])
53 |     feed_entry.link({"href": pull_request["html_url"], "rel": "self"})
54 |     feed_entry.link({"href": pull_request["html_url"], "rel": "alternate"})
55 |     feed_entry.pubDate(merge_date_dst)
56 |     feed_entry.updated(merge_date_dst)
57 |     contributors = []
58 |     for assignee in pull_request["assignees"]:
59 |         contributors.append({"name": assignee["login"], "uri": "https://github.com/%s" % assignee['login']})
60 |     feed_entry.contributor(contributors)
61 | 
62 | # Save the feed to a XML file
63 | print("[+] Save the feed to a XML file...")
64 | feed_generator.atom_file("News.xml")
65 | print("[+] Feed saved to 'News.xml'.")
66 | 


--------------------------------------------------------------------------------
/scripts/Generate_Site.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | # Dependencies:
 3 | #  sudo apt install -y nodejs
 4 | #  sudo npm install gitbook-cli -g
 5 | # Note:
 6 | #   PDF generation is not possible because the content is cut in
 7 | #   some CS like for example the abuse case one
 8 | GENERATED_SITE=site
 9 | WORK=../generated
10 | echo "Generate a offline portable website with all the cheat sheets..."
11 | echo "Step 1/5: Init work folder."
12 | rm -rf $WORK 1>/dev/null 2>&1
13 | mkdir $WORK
14 | mkdir $WORK/cheatsheets
15 | echo "Step 2/5: Generate the summary markdown page and the RSS News feed."
16 | python Update_CheatSheets_Index.py
17 | python Generate_CheatSheets_TOC.py
18 | python Generate_RSS_Feed.py
19 | echo "Step 3/5: Create the expected GitBook folder structure."
20 | cp ../book.json $WORK/.
21 | cp ../Preface.md $WORK/cheatsheets/.
22 | mv TOC.md $WORK/cheatsheets/.
23 | mv News.xml $WORK/.
24 | cp -r ../cheatsheets $WORK/cheatsheets/cheatsheets
25 | cp -r ../assets $WORK/cheatsheets/assets
26 | cp ../Index.md $WORK/cheatsheets/cheatsheets/Index.md
27 | cp ../IndexASVS.md $WORK/cheatsheets/cheatsheets/IndexASVS.md
28 | cp ../IndexMASVS.md $WORK/cheatsheets/cheatsheets/IndexMASVS.md
29 | cp ../IndexProactiveControls.md $WORK/cheatsheets/cheatsheets/IndexProactiveControls.md
30 | cp ../IndexTopTen.md $WORK/cheatsheets/cheatsheets/IndexTopTen.md
31 | sed -i 's/assets\//..\/assets\//g' $WORK/cheatsheets/cheatsheets/Index.md
32 | sed -i 's/assets\//..\/assets\//g' $WORK/cheatsheets/cheatsheets/IndexASVS.md
33 | sed -i 's/assets\//..\/assets\//g' $WORK/cheatsheets/cheatsheets/IndexMASVS.md
34 | sed -i 's/assets\//..\/assets\//g' $WORK/cheatsheets/cheatsheets/IndexTopTen.md
35 | sed -i 's/cheatsheets\///g' $WORK/cheatsheets/cheatsheets/Index.md
36 | sed -i 's/cheatsheets\///g' $WORK/cheatsheets/cheatsheets/IndexASVS.md
37 | sed -i 's/cheatsheets\///g' $WORK/cheatsheets/cheatsheets/IndexMASVS.md
38 | sed -i 's/cheatsheets\///g' $WORK/cheatsheets/cheatsheets/IndexProactiveControls.md
39 | sed -i 's/cheatsheets\///g' $WORK/cheatsheets/cheatsheets/IndexTopTen.md
40 | echo "Step 4/5: Generate the site."
41 | cd $WORK
42 | gitbook install --log=error
43 | gitbook build . $WORK/$GENERATED_SITE --log=info
44 | if [[ $? != 0 ]]
45 | then
46 |     echo "Error detected during the generation of the site, generation failed!"
47 |     exit 1
48 | fi
49 | # Move the generated RSS feed
50 | mv News.xml site/.
51 | # Replace the default favicon by the OWASP one
52 | # I did not achieve to find a stable and "trustable" gitbook plugin to do that
53 | # So I only replace the default images: https://www.npmjs.com/search?q=gitbook%20favicon
54 | cp ../assets/WebSite_Favicon.png site/gitbook/images/apple-touch-icon-precomposed-152.png
55 | cp ../assets/WebSite_Favicon.ico site/gitbook/images/favicon.ico
56 | echo "Step 5/5: Cleanup."
57 | rm -rf cheatsheets
58 | rm -rf node_modules
59 | rm book.json
60 | echo "Generation finished to the folder: $WORK/$GENERATED_SITE"
61 | 


--------------------------------------------------------------------------------
/scripts/Generate_Technologies_JSON.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | # -*- coding: utf-8 -*-
 3 | """
 4 | Python3 script to generate a JSON structure with the list of
 5 | all cheatsheets classified by the technology used in the samples
 6 | of code provided using the alphabetical index as source:
 7 | https://raw.githubusercontent.com/OWASP/CheatSheetSeries/master/Index.md
 8 | 
 9 | Do not require to have a local copy of the GitHub repository.
10 | 
11 | Dependencies: pip install requests
12 | """
13 | import sys
14 | import requests
15 | import json
16 | from collections import OrderedDict
17 | 
18 | # Define templates
19 | CS_BASE_URL = "https://cheatsheetseries.owasp.org/cheatsheets/%s.html"
20 | 
21 | # Grab the index MD source from the GitHub repository
22 | response = requests.get(
23 |     "https://raw.githubusercontent.com/OWASP/CheatSheetSeries/master/Index.md")
24 | if response.status_code != 200:
25 |     print("Cannot load the INDEX content: HTTP %s received!" %
26 |           response.status_code)
27 |     sys.exit(1)
28 | else:
29 |     data = OrderedDict({})
30 |     for line in response.text.split("\n"):
31 |         if "(assets/Index_" in line:
32 |             work = line.strip()
33 |             # Extract the name of the CS
34 |             cs_name = work[1:work.index("]")]
35 |             # Extract technologies and map the CS to them
36 |             technologies = work.split("!")[1:]
37 |             for technology in technologies:
38 |                 technology_name = technology[1:technology.index("]")].upper()
39 |                 if technology_name not in data:
40 |                     data[technology_name] = []
41 |                 data[technology_name].append(
42 |                     {"CS_NAME": cs_name, "CS_URL": CS_BASE_URL % cs_name.replace(" ", "_")})
43 |     # Display the built structure and formatted JSON
44 |     print(json.dumps(data, sort_keys=True, indent=1))
45 |     sys.exit(0)
46 | 


--------------------------------------------------------------------------------
/scripts/Identify_Old_Issue_And_PR.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | # -*- coding: utf-8 -*-
 3 | """
 4 | Python3 script to identify any Issue or PR meeting the following criteria:
 5 | - For Issue (Comments of the issue do not contain the info when a PR is referenced):
 6 |     - Has assignees
 7 |     - Has not the label HELP_WANTED or INTERNAL
 8 |     - Has not been updated since more than 1 month
 9 | - For PR:
10 |     - Has the label WAITING_UPDATE
11 |     - Has not been updated since more than 1 month
12 | 
13 | Do not require to have a local copy of the GitHub repository.
14 | 
15 | Dependencies: pip install requests
16 | """
17 | import sys
18 | import requests
19 | import json
20 | from datetime import datetime
21 | 
22 | # Define constants
23 | ## API to retrieve the list of Issues/PR (GitHub REST API v3 considers every pull request an issue, but not every issue is a pull request)
24 | ## Ask to the API to sort the list by the updated date in order to have the oldest on the top on the list
25 | ## See https://developer.github.com/v3/issues/#list-issues-for-a-repository for explanation
26 | ISSUE_API = "https://api.github.com/repos/OWASP/CheatSheetSeries/issues?page=1&per_page=1000&sort=updated&direction=asc"
27 | ## Expiration delay
28 | MAX_MONTHS_ALLOWED = 1
29 | 
30 | # Define utility function: Cf criteria in the comment of the script for the criteria
31 | def is_old_issue(issue):
32 |     has_assignees = (len(issue["assignees"]) > 0)
33 |     has_help_wanted_label = False
34 |     has_internal_label = False
35 |     labels = issue["labels"]
36 |     for label in labels:
37 |         if label["name"] == "HELP_WANTED":
38 |             has_help_wanted_label = True
39 |         elif label["name"] == "INTERNAL":
40 |             has_internal_label = True
41 |     return has_assignees and (not has_help_wanted_label and not has_internal_label)
42 | 
43 | def is_old_pull_request(issue):
44 |     has_waiting_for_update_label = False
45 |     labels = issue["labels"]
46 |     for label in labels:
47 |         if label["name"] == "WAITING_UPDATE":
48 |             has_waiting_for_update_label = True
49 |             break
50 |     return has_waiting_for_update_label
51 | 
52 | # Grab the list of open Issues/PR
53 | buffer = "Grab the list of open Issues/PR via the GitHub API...\n"
54 | response = requests.get(ISSUE_API)
55 | if response.status_code != 200:
56 |     print("Cannot load the list of Issues/PR content: HTTP %s received!" % response.status_code)
57 |     sys.exit(1)
58 | issues = response.json()
59 | 
60 | # Process the obtained list
61 | buffer += "Process the obtained list (%s items)...\n" % len(issues)
62 | issues = response.json()
63 | old_issues = {"PR":[], "ISSUE":[]}
64 | for issue in issues:
65 |     # Date format is 2019-08-24T15:29:55Z
66 |     last_update = datetime.strptime(issue["updated_at"], "%Y-%m-%dT%H:%M:%SZ")
67 |     diff_in_months = round(abs((datetime.today() - last_update).days / 30))
68 |     if diff_in_months > MAX_MONTHS_ALLOWED:
69 |         id = str(issue["number"])
70 |         if "pull_request" in issue and is_old_pull_request(issue):
71 |             old_issues["PR"].append(id)
72 |         elif is_old_issue(issue):
73 |             old_issues["ISSUE"].append(id)
74 | 
75 | # Render the result
76 | if (len(old_issues["PR"]) + len(old_issues["ISSUE"])) != 0:
77 |     buffer += "State:\n"
78 |     if len(old_issues["PR"]) > 0:
79 |         buffer += "Old pull request identified (%s items): %s\n" % (len(old_issues["PR"]), " / ".join(old_issues["PR"]))
80 |     if len(old_issues["ISSUE"]) > 0:
81 |         buffer += "Old issue identified (%s items): %s\n" % (len(old_issues["ISSUE"]), " / ".join(old_issues["ISSUE"]))
82 | else:
83 |     buffer += "State: Nothing identified!"
84 | print(buffer)
85 | 
86 | # Send notification the project management channel on Slack if the url of the webhook is passed as unique first parameter
87 | if len(sys.argv) == 2:
88 |     if (len(old_issues["PR"]) + len(old_issues["ISSUE"])) == 0:
89 |         color = "good"
90 |     else:
91 |         color = "warning"
92 |     message = "{\"text\": \"Old PR and Issue identification watchdog\",\"attachments\": [ {\"fallback\": \"%s\",\"color\":\"%s\",\"title\": \"Status\",\"text\": \"%s\"}]}" % (color, buffer, buffer)
93 |     request_headers = {"Content-Type": "application/json"}
94 |     response = requests.post(sys.argv[1], headers=request_headers, data=message)
95 |     if response.status_code != 200:
96 |         print("Cannot send notification to slack: HTTP %s received!" % response.status_code)
97 |         sys.exit(2)


--------------------------------------------------------------------------------
/scripts/Update_CheatSheets_Index.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | # -*- coding: utf-8 -*-
 3 | """
 4 | Python3 script to generate the index markdown page that
 5 | reference all cheat sheets grouped by the first letter.
 6 | 
 7 | The index markdown page is located on the root folder
 8 | and is named "Index.md".
 9 | """
10 | import os
11 | from collections import OrderedDict
12 | 
13 | # Define utility functions
14 | def extract_languages_snippet_provided(cheatsheet):
15 |     languages = []
16 |     markers = ["javascript", "java", "csharp", "c", "cpp", "html", "xml", "python",
17 |                "ruby", "php", "json", "sql", "bash", "shell", "coldfusion", "perl",
18 |                "vbnet"]
19 |     with open("../cheatsheets/" + cheatsheet, encoding="utf8") as cs_file:
20 |         cs_content = cs_file.read().lower().replace(" ","")
21 |     for marker in markers:
22 |         if "```" + marker + "\n" in cs_content:
23 |             languages.append(marker.capitalize())
24 |     return languages
25 | 
26 | # Define templates
27 | cs_md_link_template = "[%s](cheatsheets/%s)"
28 | language_md_link_template = "![%s](assets/Index_%s.svg)"
29 | header_template = "## %s\n\n"
30 | top_menu_template = "[%s](Index.md#%s)"
31 | cs_count_template = "**%s** cheat sheets available."
32 | cs_index_title_template = "# Index Alphabetical\n\n"
33 | 
34 | # Scan all CS files
35 | index = {}
36 | cs_count = 0
37 | cheatsheets = [f.name for f in os.scandir("../cheatsheets") if f.is_file()]
38 | for cheatsheet in cheatsheets:
39 |     letter = cheatsheet[0].upper()
40 |     if letter not in index:
41 |         index[letter] = [cheatsheet]
42 |     else:
43 |         index[letter].append(cheatsheet)
44 |     cs_count += 1
45 | index = OrderedDict(sorted(index.items()))
46 | 
47 | # Generate the index file
48 | with open("../Index.md", "w", encoding="utf-8") as index_file:
49 |     index_file.write(cs_index_title_template)
50 |     index_count = len(index)
51 |     index_file.write(cs_count_template % cs_count)
52 |     index_file.write("\n\n*Icons beside the cheat sheet name indicate in which language(s) code snippet(s) are provided.*")
53 |     index_file.write("\n\n")
54 |     # Generate the top menu
55 |     for letter in index:
56 |         index_file.write(top_menu_template % (letter, letter.lower()))
57 |         index_file.write(" ")
58 |     index_file.write("\n\n")
59 |     # Generate letter sections
60 |     j = 0
61 |     for letter in index:
62 |         cs_count =  len(index[letter])
63 |         index_file.write(header_template % letter)
64 |         i = 0
65 |         for cs_file in index[letter]:
66 |             cs_name = cs_file.replace("_", " ").replace(".md", "").strip()
67 |             index_file.write(cs_md_link_template % (cs_name, cs_file))
68 |             languages = extract_languages_snippet_provided(cs_file)
69 |             if len(languages) > 0:
70 |                 index_file.write(" ")
71 |                 for language in languages:
72 |                     index_file.write(language_md_link_template % (language, language))
73 |                     index_file.write(" ")
74 |             i += 1
75 |             index_file.write("\n")
76 |             if i != cs_count:
77 |                 index_file.write("\n")
78 |         j += 1
79 |         if j != index_count:
80 |             index_file.write("\n")
81 | 
82 | # Clean trailing whitespaces
83 | with open("../Index.md", "r", encoding="utf-8") as file:
84 |     cleaned_lines = [line.rstrip() + "\n" for line in file]
85 | 
86 | with open("../Index.md", "w", encoding="utf-8") as file:
87 |     file.writelines(cleaned_lines)
88 | 
89 | print("Index updated.")
90 | 


--------------------------------------------------------------------------------
/templates/New_CheatSheet.md:
--------------------------------------------------------------------------------
 1 | # `Topic` Cheat Sheet
 2 | 
 3 | **Replace `Topic` with the topic you're tackling, such as `Authentication` and remove this line**
 4 | 
 5 | ```markdown
 6 | # Mandatory Markdown Format Rules
 7 | 
 8 | **!!! REMOVE THIS BLOCK BEFORE TO SUBMIT YOUR CHEAT SHEET VIA PULL REQUEST !!!**
 9 | 
10 | - Use this [editor and validation policy](https://github.com/OWASP/CheatSheetSeries#editor--validation-policy).
11 | - Use these [format rules](https://github.com/OWASP/CheatSheetSeries#conversion-rules).
12 | ```
13 | 
14 | ## Introduction
15 | 
16 | Provide high level information about the topic in order to introduce it to people that do not know it.
17 | 
18 | You can add pointer to external sources if needed but at least give an overview allowing a reader to continue on the CS.
19 | 
20 | You can also add schema or diagram in any part of the CS but be sure to respect the copyright of the source file.
21 | 
22 | ## Main Sections
23 | 
24 | The main sections will vary based on the content of the cheat sheet. Generally there should be no more than half a dozen level 2 sections in the cheat sheet, with subsections created for these as required.
25 | 
26 | ## References
27 | 
28 | Any useful references to other useful resources that aren't linked inline elsewhere in the cheat sheet.
29 | 


--------------------------------------------------------------------------------