├── README.md ├── ReleaseNotes.md └── manuscript ├── Book.txt ├── LICENSE ├── Subset.txt ├── images ├── 10000Cloud.png ├── 10000Network.png ├── 10000VPS.png ├── 10000WebApp.png ├── AuthArchitecture.png ├── AuthArchitecture.xml ├── BinaryMistDeploymentTool.png ├── ChosenAuthTechnologies.png ├── ChosenAuthTechnologies.xml ├── CryptSupportInOperatingSystems.png ├── CryptSupportInOperatingSystems.xml ├── DNSResolution.png ├── DNSResolution.xml ├── DefenceInDepth.png ├── DefenceInDepth.xml ├── DockerArchitecture.png ├── DockerArchitecture.xml ├── EncryptedPartOfCryptStringInShadowFile.png ├── EncryptedPartOfCryptStringInShadowFile.xml ├── HandsOnHack.png ├── HypervisorVsContainers.png ├── HypervisorVsContainers.xml ├── KeyStretching.png ├── LSMFrameworkDesign.png ├── LSMFrameworkDesign.xml ├── LeanneCarter.png ├── MItMARPSpoof.png ├── MItMARPSpoof.xml ├── MItMMACFlod.png ├── MItMMACFlod.xml ├── NetstatAfterEximDisabled.png ├── NetstatAfterEximDisabled.xml ├── NetstatBeforeEximDisabled.png ├── NetstatBeforeEximDisabled.xml ├── NetworkSysloging.png ├── NetworkSysloging.xml ├── OWASPTop10OverTime.png ├── OWASPTop10OverTime.xml ├── PartitioningDisk.png ├── PersistentPowerShell.png ├── PersistentPowerShell.xml ├── RelevantAuthStandards.png ├── RelevantAuthStandards.xml ├── RemoveRpcBind.png ├── RemoveRpcBind.xml ├── RussMcRee.png ├── SecuringSessions.png ├── SecuringSessions.xml ├── Spoof.png ├── Spoof.xml ├── ThreatTags │ ├── PreventionAVERAGE.png │ ├── PreventionDIFFICULT.png │ ├── PreventionEASY.png │ ├── PreventionVERYEASY.png │ ├── average-common-average-moderate.png │ ├── average-common-average-severe.png │ ├── average-common-difficult-moderate.png │ ├── average-common-difficult-severe.png │ ├── average-common-easy-low.png │ ├── average-common-easy-moderate.png │ ├── average-uncommon-average-moderate.png │ ├── average-uncommon-difficult-moderate.png │ ├── average-uncommon-easy-moderate.png │ ├── average-uncommon-easy-severe.png │ ├── average-uncommon-veryeasy-moderate.png │ ├── average-verywidespread-average-moderage.png │ ├── average-verywidespread-easy-moderate.png │ ├── average-widespread-average-moderage.png │ ├── average-widespread-average-severe.png │ ├── average-widespread-difficult-moderate.png │ ├── average-widespread-easy-moderate.png │ ├── average-widespread-veryeasy-moderate.png │ ├── difficult-common-average-moderate.png │ ├── difficult-common-average-severe.png │ ├── difficult-common-veryeasy-moderate.png │ ├── difficult-uncommon-average-moderate.png │ ├── difficult-uncommon-average-severe.png │ ├── difficult-uncommon-difficult-moderate.png │ ├── difficult-uncommon-difficult-severe.png │ ├── difficult-widespread-average-moderate.png │ ├── easy-common-average-moderate.png │ ├── easy-common-average-severe.png │ ├── easy-common-difficult-low.png │ ├── easy-common-difficult-moderate.png │ ├── easy-common-easy-moderate.png │ ├── easy-common-easy-severe.png │ ├── easy-common-veryeasy-moderate.png │ ├── easy-uncommon-average-moderate.png │ ├── easy-verywidespread-average-severe.png │ ├── easy-verywidespread-difficult-moderate.png │ ├── easy-verywidespread-easy-low.png │ ├── easy-widespread-average-low.png │ ├── easy-widespread-average-moderate.png │ ├── easy-widespread-average-severe.png │ ├── easy-widespread-difficult-low.png │ ├── easy-widespread-easy-low.png │ ├── easy-widespread-easy-moderate.png │ └── easy-widespread-easy-severe.png ├── WebCryptoAPIBrowserSupport.png ├── WebCryptoAPIBrowserSupport.xml ├── WebCryptoApi.png ├── accountsgoogle-available0.jpg ├── accountsgoogle-available1.jpg ├── collectd-graphite.png ├── collectd-graphite.xml ├── reCaptcha.jpg ├── statsd-graphite.png ├── statsd-graphite.xml ├── sweetcaptcha.jpg └── title_page.png └── markdown ├── back ├── additional-resources.md └── attributions.md ├── front ├── foreword.md ├── introduction.md └── preface.md └── main ├── chapter10.md ├── chapter7.md ├── chapter8.md └── chapter9.md /README.md: -------------------------------------------------------------------------------- 1 | # Holistic InfoSec For Web Developers 2 | ## Fascicle 1 3 | 4 | [f1.holisticinfosecforwebdevelopers.com](https://f1.holisticinfosecforwebdevelopers.com/) 5 | 6 | The contents of Fascicle 1 which is content complete and in technical review, can be found at the books [landing page](https://f1.holisticinfosecforwebdevelopers.com/). 7 | 8 | [![Complete](https://img.shields.io/badge/complete-100%25-brightgreen.svg)](https://f1.holisticinfosecforwebdevelopers.com/)   [![Read online](https://img.shields.io/badge/read%20free-book%20landing%20page-green.svg)](https://f1.holisticinfosecforwebdevelopers.com/)   [![Buy on Leanpub](https://img.shields.io/badge/buy-leanpub-green.svg)](https://leanpub.com/holistic-infosec-for-web-developers-fascicle1-vps-network-cloud-webapplications)   [![Authors other books](https://img.shields.io/badge/author%27s-other%20books-blue.svg)](https://binarymist.io/publication/kims-selected-publications/) 9 | 10 | The entire book series can be found [here](https://holisticinfosecforwebdevelopers.com/) at [www.holisticinfosecforwebdevelopers.com](https://holisticinfosecforwebdevelopers.com/) 11 | 12 |
13 | 14 | [![Holistic Info-Sec For Web Developers](manuscript/images/title_page.png)](https://f1.holisticinfosecforwebdevelopers.com) 15 | 16 |
17 | 18 | ## Table of Contents (in source) 19 | 20 | * [Foreward](manuscript/markdown/front/foreword.md) 21 | * [Preface](manuscript/markdown/front/preface.md) 22 | * [Introduction](manuscript/markdown/front/introduction.md) 23 | * [Chapter 7: VPS](manuscript/markdown/main/chapter7.md) 24 | * [Chapter 8: Network](manuscript/markdown/main/chapter8.md) 25 | * [Chapter 9: Cloud](manuscript/markdown/main/chapter9.md) 26 | * [Chapter 10: Web App](manuscript/markdown/main/chapter10.md) 27 | * [Additional Resources](manuscript/markdown/back/additional-resources.md) 28 | * [Attributions](manuscript/markdown/back/attributions.md) 29 | 30 | 31 | -------------------------------------------------------------------------------- /ReleaseNotes.md: -------------------------------------------------------------------------------- 1 | # Holistic InfoSec For Web Developers - F1 - Release Notes 2 | 3 | ## 2019-03-10 4 | 5 | Fascicle complete! 6 | 7 | ### Network 8 | 9 | Status: [Done](https://github.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/pull/5) 10 | 11 | ## 2018-09-02 12 | 13 | ### VPS 14 | 15 | Status: [Done](https://github.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/pull/4) 16 | 17 | ### Network 18 | 19 | Status: Technical edited, WIP general edit -> Kim's acceptance and merge 20 | 21 | ## 2018-04-22 22 | 23 | ### VPS 24 | 25 | Status: Technical edited, WIP general review 26 | 27 | ### Web Applications 28 | 29 | Status: Done 30 | 31 | ### What's Left? 32 | 33 | * VPS general review -> Kim's acceptance and merge 34 | * Network general review -> Kim's acceptance and merge 35 | 36 | ## 2018-04-01 37 | 38 | ### Cloud 39 | 40 | Status: Done 41 | 42 | ### Web Applications 43 | 44 | Status: General edited, technical edited, ready for final review/merge 45 | 46 | ## 2018-01-11 47 | 48 | ### VPS 49 | 50 | Status: Technical edited, ready for general edit. 51 | 52 | ### Network 53 | 54 | Status: Technical edited, ready for general edit. 55 | 56 | ### Cloud 57 | 58 | Status: Technical edited, ready for general edit. 59 | 60 | ### Web Applications 61 | 62 | Status: WIP general review. After that, it goes to technical edit. 63 | 64 | ## 2017-09-11 65 | 66 | Fascicle 1 is now content complete 67 | Weighing in at aprox 550 pages incl Additional Resources and Attributions 68 | 69 | * Added links to Network Security Interview between Kim Carter and Haroon Meer on Software Engineering Radio ... to be released in a day or two 70 | * Updated threat tags 71 | * Code formatting changes 72 | * Punctuation modifications 73 | 74 | ### Cloud 75 | 76 | Ready for technical review 77 | Strong focus on AWS, although other CSPs discussed 78 | 50 Pages of content added 79 | 80 | * Shared Responsibility Model: CSP Responsibility, CSP Customer Responsibility 81 | * CSP Evaluation 82 | * Cloud Service Provider vs In-house 83 | * Skills 84 | * EULA 85 | * Giving up Secrets 86 | * Location of Data 87 | * Vendor lock-in 88 | * Possible Single Points of Failure 89 | * People Sec 90 | * App Sec 91 | * Net Sec 92 | * Violations of Least Privilege 93 | * Storage of Secrets 94 | * Private Key Abuse: SSH, TLS 95 | * Credentials and Other Secrets 96 | * Entered by People 97 | * Entered by Software: HashiCorp Vault, Docker secrets, Ansible Vault, AWS Key Management Service and Parameter Store 98 | * Serverless 99 | * Third Party Services 100 | * Perimeterless 101 | * Functions 102 | * DoS of Lambda Functions 103 | * Infrastructure and Configuration Management 104 | 105 | ### Web Applications 106 | 107 | * Updated OWASP Top 10 resources to 2017 108 | * Added AWS WAF 109 | 110 | ### Additional Resources 111 | 112 | * Getting Secrets out of Docker images 113 | * Password Managers For Business Use 114 | * Many tooling options covered 115 | 116 | ### Attributions 117 | 118 | * Thinkst tools (Canary tools and tokens) 119 | * DropboxC2C for Data Exfiltration, Infiltration 120 | * Hosting providers forced to give up customer secrets 121 | * Software Engineering Radio show on Network Security with host: Kim Carter, guest: Haroon Meer 122 | * Docker Image layers 123 | * AWS Lambda 124 | 125 | Many other attributions added 126 | 127 | [Diff from release 2017-07-24](https://github.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/compare/5f31901f1f9be1318127325a984494c9728eb5e5...293ad92523908dd83be45e183ad85a96a0a904aa) 128 | 129 | ## 2017-07-24 130 | 131 | Typos and grammatical tweaks 132 | Added anchors 133 | Added threat tags 134 | 135 | ### Network 136 | 137 | Ready for technical review 138 | 139 | * Finished Asset Identification 140 | * Fortress Mentality 141 | * Lack of Segmentation 142 | * Lack of Visibility 143 | * Insufficient Logging 144 | * Lack of Network Intrusion Detection Systems (NIDS) 145 | * Refactored Spoofing: IP, ARP, DNS, Referrer, EMail Address, Website 146 | * Added Data Exfiltration, Infiltration 147 | * Ingress and Egress Techniques 148 | * Dropbox 149 | * Physical 150 | * Mobile Phone Data 151 | * DNS, SSH including primer on how DNS works 152 | * Added DNS resolution sequence diagram 153 | * Doppelganger Domains: Web-sites, SMTP, SSH 154 | * Finished off "Wrongfully Trusting the Loading of Untrusted Web Resources" 155 | * TLS Downgrade 156 | * HTTP Strict Transport Security (HSTS) + Preload 157 | * Refactored NTP 158 | * NIDS: Signature-based, Anomaly-based 159 | * Snort, Bro, Suricata, Security Onion 160 | 161 | ### Additional Resources 162 | 163 | * Top 10 Network Security Mistakes 164 | * Database security 165 | * Lack of segmentation 166 | * Data Exfiltration, Infiltration 167 | * TCP over WebSockets 168 | * File sync tools such as Dropbox 169 | * DNS (`dig +trace`) 170 | * Differences between authoritative and recursive nameservers 171 | * DNS steps in detail 172 | * Tunneling Data and Commands Over DNS to Bypass Firewalls 173 | * DNSCat 174 | * The ELK stack 175 | * IDS 176 | * Suricata-vs-snort 177 | * Spoofing 178 | * Defence and mitigations for ARP Spoofing 179 | * Open Sender Policy Framework: SPF, DKIM 180 | 181 | ### Attributions 182 | 183 | * IBM X-Force Threat Intelligence Index 184 | * Hackers use fridge to send spam 185 | * Spoofing EMail address 186 | * DNS tunnelling 187 | * NIDS 188 | * Blocking cell phone signals 189 | * hapijs 190 | * helmetjs for HSTS 191 | 192 | Many other attributions added 193 | 194 | [Diff from release 2017-05-19](https://github.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/compare/359fe9b8dcbcb83e4c5354d09263bb5639a22905...13b1f44e0ac421ff65ffbfd6666f79663860508c) 195 | 196 | ## 2017-05-19 197 | 198 | ### VPS 199 | 200 | * Added links to Interview with Docker Security Team Lead Diogo Monica on Docker Security 201 | * Fixed typo 202 | * Fixed ordered list sequence 203 | 204 | ### Web Applications 205 | 206 | Ready for technical review 207 | 208 | * Updated the OWASP Top 10 over time diagram to reflect the new 2017 list 209 | * Added additional threat tags 210 | * Added Sensible Security Model sections for the following: 211 | * Cross-Site Request Forgery (CSRF) 212 | * Generic Injection 213 | * NoSQL Injection 214 | * Command Injection 215 | * XML Injection 216 | * XSLT Injection 217 | * XPath Injection 218 | * XQuery Injection 219 | * LDAP Injection 220 | * Insufficient Attack Protection 221 | * Active Automated Prevention 222 | * Finished SQL Injection 223 | * Finished Cracking 224 | * Finished WAFs 225 | * Removed Physical Access 226 | * Removed Console Access 227 | * Removed Network Access 228 | * Removed Caching of Sensitive Data 229 | 230 | ### Additional Resources 231 | 232 | * Interview with Docker Security Team Lead Diogo Monica on Docker Security 233 | * Injections 234 | * NoSQL 235 | * Command 236 | * XPath 237 | * CSRF 238 | * Application Intrusion Detection and Response 239 | 240 | ### Attributions 241 | 242 | Large number of attributions added 243 | 244 | [Diff from release 2017-05-03](https://github.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/compare/ca8e3feed499db0851c5f4af428b61051f08d5c2...a3520fb6a2f74581bdcfc2d7528b7e011aad9fc9) 245 | 246 | ## 2017-05-03 247 | 248 | ### VPS 249 | 250 | Ready for technical review 251 | 252 | * Threat tags finished being added 253 | * Statistics Graphing (collectd, graphite) finished 254 | * SSM Risks that Solution Causes finished 255 | * SSM Costs and Trade-offs finished 256 | 257 | ### Web Applications 258 | 259 | * Statistics Graphing (statsd, graphite) finished 260 | 261 | ### Attributions 262 | 263 | Large number of attributions added 264 | 265 | [Diff from release 2017-04-16](https://github.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/compare/9e9af15c3ff79b7776a3f058553173f9c8bf888b...79abd6432d1a332114452ec660ec7f580de21e5d) 266 | 267 | ## 2017-04-16 268 | 269 | Docker Security: 51 pages added 270 | 271 | ### VPS 272 | 273 | #### Docker Risks and Countermeasures 274 | 275 | * Docker registries and consumption of 276 | * Image provenance, identification, integrity 277 | * copy-on-write filesystem 278 | * Doppelganger images 279 | * Default user root 280 | * Hardening Docker Host, Engine and Containers 281 | * tools, tips, 282 | * Namespaces 283 | 1. `mnt` 284 | 2. `PID` 285 | 3. `net` 286 | 4. `UTS` 287 | 5. `IPC` 288 | 6. `user` 289 | * Control Groups (Cgroups) 290 | * Linux Capabilities 291 | * Linux Security Modules (LSM) 292 | * Secure Computing Mode (SecComp) 293 | * Read-only Containers 294 | * runC and Docker architecture 295 | * Application Security 296 | * Diagrams added: 297 | 1. Type-2 Hypervisor vs Containers 298 | 2. Docker architecture 299 | 3. Linux Security Module architecture 300 | 301 | #### Other 302 | 303 | * PowerShell exploitation mitigations 304 | 305 | ### Web Applications 306 | 307 | * Sobering statistics, on how many defective libraries we are depending on 308 | 309 | ### Additional Resources 310 | 311 | * Software Engineering Radio interview with Docker Security Lead Diogo Monica 312 | * Linux namespaces and their use in Docker 313 | * Dockerscan 314 | * Increasing Attacker Cost using Immutable Infrastructure 315 | * Diogo Monica on Mutual TLS 316 | * Diogo Monica on Orchestrating Least Privilege 317 | * Image signing, and why it is important 318 | * Docker security scanning (content integrity) 319 | * The Secure Developer podcast on Understanding Container Security 320 | * Many more 321 | 322 | [Diff from release 2017-01-23](https://github.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/compare/9c9cdc1e5151700b45510cb4e06675f6865b7b70...fc6248fce0c550ab006565e26692f54f3f1734ec) 323 | 324 | ## 2017-01-23 325 | 326 | Updated links to hands on hack demos on [YouTube](https://www.youtube.com/playlist?list=PLfv6teOacMIuh3VheioAXXe70IwwQySIp). 327 | 328 | ### VPS 329 | 330 | 1. Added Windows exploitation using PowerShell with Psmsf generated payload and c virus, that pulls down payload that overwrites PowerShell with reverse shell. Includes: 331 | * Detailed hands-on-hack 332 | * Tutorial video 333 | 2. Added Windows exploitation using PowerShell leveraging previous Psmsf generated payload and office document virus C/- Nishang, that pulls down payload that overwrites PowerShell with reverse shell. Includes: 334 | * Detailed hands-on-hack 335 | 3. Added atomic persistent exploit C/- PowerSploit, leveraging previous Psmsf generated payload and office document virus C/- Nishang, that pulls down payload that overwrites PowerShell with reverse shell. Includes: 336 | * Sequence diagram 337 | * Detailed hands-on-hack 338 | * Tutorial video 339 | 340 | * Updated PsExec section 341 | * Added Pass The Hash (PTH) section, including details around Metasploit modules and potential countermeasures: 342 | 1. `current_user_psexec` 343 | 2. `psexec_command` 344 | 3. `psexec_loggedin_users` 345 | 4. `psexec_psh` 346 | 5. `psexec_ntdsgrab` 347 | 6. `wmi` 348 | * Finished FTP risks, countermeasures, alternatives and assumptions 349 | * Added telnet risks 350 | * Added to NIS & NFS 351 | * Added Exim risks 352 | * Added risks to portmap & rpcbind such as reflected & amplified DoS 353 | * Added Using Components with Known Vulnerabilities to VPS chapter 354 | * Added Lack of Backup risk to VPS chapter 355 | * Added countermeasures for port mapper DoS 356 | * Removal of boot options, thus reducing root-kit installation opportunities 357 | * Updated Password Strategies, which KDFs are best based on the types of hardware your attackers are likely to be using 358 | 359 | ### Web Applications 360 | 361 | * Updated details around credential hashes and how attackers obtain them. 362 | * Added details around whitelisting npm packages with npm Enterprise 363 | * Updated PBKDF2 details 364 | 365 | ### Additional Resources 366 | 367 | * Bypassing PowerShell Execution Policy 368 | * PowerSploit and Nishang resources 369 | * Many more 370 | 371 | [Diff from release 2016-11-04](https://github.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/compare/83f96fe53cc67cd784d68d6e4320a7d37668fd57...a623c10babd1fa6d8c60288c8076b42382d145a5) 372 | 373 | ## 2016-11-04 374 | 375 | Updated links to hands on hack demos on [YouTube](https://www.youtube.com/playlist?list=PLfv6teOacMIuh3VheioAXXe70IwwQySIp). 376 | 377 | ### VPS 378 | 379 | * Finished Identify Risks -> Unnecessary and Vulnerable Services -> Overly Permissive File Permissions, Ownership and Lack of Segmentation. Discussed tools useful for enumerating local Privilege Escalation and walked through how to use them 380 | * Detailed how Privileges are usually escalated and how 381 | * Created a hands-on hack to demonstrate how an attacker may perform reconnaissance, initial vulnerability scanning, then breaking into the machine, further reconnaissance, PrivEsc vulnerability searching and discovery, followed with finding a suitable exploit and executing it, through to full ownership via reverse root shell 382 | * Created video of attack and compromise to go with hands-on directions 383 | * A little more work on privilege escalation Countermeasures. 384 | * Added more details around coercing your server to produce SSH key fingerprints in a consumable manner to help mitigate MItM attacks. 385 | * Added a little more to Partitioning on OS Installation & Lock Down the Mounting of Partitions 386 | 387 | ### Web Applications 388 | 389 | * Update to Countermeasures -> Lack of Input Validation, Filtering and Sanitisation. Around how WebComponents can help constraining input types in terms of validation and filtering 390 | * Update to Countermeasures -> Management of Application Secrets -> Data-store Compromise -> Which KDF to use. Discussed different types of processors for using to brute-force passwords. Discussed the best of breed KDFs and how they were designed to mitigate the specified advances in the hardware technology (CPU, GPU, FPGAs, etc) 391 | 392 | ### Additional Resources 393 | 394 | * Added local Privilege Escalation Cheatsheet to Additional Resources 395 | * Podcast on WebComponents 396 | * Various links to hashing functions and KDFs 397 | * Bcrypt brute-forcing and feasibility 398 | * Hardware that suits brute-forcing passwords: Xeon Phi and others 399 | 400 | ## 2016-10-07 401 | 402 | Large number of image updates due to finding that many were not up to scratch when Fascicle 0 went to print. 403 | Swapped text images for real images. 404 | 405 | Many large additions to the VPS chapter and fewer to the Network chapter, such as: 406 | 407 | * The pitfalls of logging within networks and some ideas and implementations on how to overcome 408 | * Disabling, removing and hardening the services of a VPS 409 | * Granular OS partitioning and locking down the mounting of partitions 410 | * Caching apt packages for all VPS 411 | * Reviewing VPS password strategies and making the most suitable modifications to achieve enough security for you 412 | * Disabling root logins on as many of the consoles as possible 413 | * SSH, Symmetric and Asymmetric crypto-systems and their place in SSH 414 | * The ciphers used in SSH, pros, cons, some history 415 | * Hashing and its application in SSH 416 | * How the SSH connection procedure works 417 | * Hardening SSH 418 | * Configuring which hosts may access your server 419 | * SSH Key-pair authentication 420 | * Techniques for tunnelling SSH 421 | * Understanding enough about NFS to produce exports that will suite your environmental security concerns 422 | * Some quick commands to provide visibility as to who is doing what and when on your servers 423 | * VPS logging and alerting: We look at a large number of options available and the merits of them 424 | * Managing your logs effectively, so that they will be around when you need them and not tampered with. We work through transferring them off-site in real-time. We address reliability, resilience, integrity, connectivity of the proposed solutions. Verifying that the logs being transferred are in-fact encrypted 425 | * Proactive server monitoring, discuss goals, and the evaluation criteria for the offerings that were evaluated 426 | * Implementation of proactive server monitoring, what works well, what does not 427 | * Keeping your (NodeJS) applications not just running, but healthy 428 | * We discuss the best of bread HIDS/HIPS, then go on to implement the chosen solution 429 | * Made a start with Docker insecurities and mitigation’s 430 | * Quick discussion around host firewalls 431 | * Preparing DMZ and your VPS for the DMZ 432 | * Additional Web Server preparation 433 | * Deployment options 434 | * Post DMZ deployment considerations 435 | -------------------------------------------------------------------------------- /manuscript/Book.txt: -------------------------------------------------------------------------------- 1 | frontmatter: 2 | 3 | markdown/front/foreword.md 4 | 5 | markdown/front/preface.md 6 | 7 | markdown/front/introduction.md 8 | 9 | mainmatter: 10 | 11 | markdown/main/chapter7.md 12 | 13 | markdown/main/chapter8.md 14 | 15 | markdown/main/chapter9.md 16 | 17 | markdown/main/chapter10.md 18 | 19 | backmatter: 20 | 21 | markdown/back/additional-resources.md 22 | 23 | markdown/back/attributions.md 24 | 25 | 26 | -------------------------------------------------------------------------------- /manuscript/LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/LICENSE -------------------------------------------------------------------------------- /manuscript/Subset.txt: -------------------------------------------------------------------------------- 1 | mainmatter: 2 | 3 | markdown/main/chapter8.md 4 | 5 | backmatter: 6 | 7 | markdown/back/attributions.md 8 | 9 | 10 | -------------------------------------------------------------------------------- /manuscript/images/10000Cloud.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/10000Cloud.png -------------------------------------------------------------------------------- /manuscript/images/10000Network.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/10000Network.png -------------------------------------------------------------------------------- /manuscript/images/10000VPS.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/10000VPS.png -------------------------------------------------------------------------------- /manuscript/images/10000WebApp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/10000WebApp.png -------------------------------------------------------------------------------- /manuscript/images/AuthArchitecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/AuthArchitecture.png -------------------------------------------------------------------------------- /manuscript/images/AuthArchitecture.xml: -------------------------------------------------------------------------------- 1 | zVpbk6I6EP41Vu15GCsXAuRRHWfPVp2t2qo5l91HRjJKLRI34Kj760+AhEsEBx1QfVDS6dz6+zrdrY7wbL3/LLzN6iv3WThCwN+P8OMIIYyJJT9SySGXQIeSXLIUga9kpeA5+M2UECjpNvBZXFNMOA+TYFMXLngUsUVSk3lC8F1d7ZWH9VU33lKtCErB88IL9T7GpJT/F/jJKpe7yC7lf7JgudJrQ5vmPS/e4udS8G2kVox4xPKetaenUYvGK8/nu4oIz0d4JjhP8qf1fsbC1LLaZnpcctAbHeHpKlmHsgHlY9b91DIYdhksDyZYlFSXa52P4nzImxdu9YzmEpX5N6EXRA8vme50KTw/kAvNeMhFpooJxdilsu81CMOKfDqb0EdLyuNE8J+s0mNNJLOmRY/GCTceRh3/jYmE7SsidbjPjK9ZIg5SRfUiosytSExc1d6VfEBYY7KqkMHWmp6i4bKYvLSnfFAmbTYvAvQC8x7kJCmlTCM+Za9mwz9OZ/P5Y6MZ200+gIEh6GpgqxcDI6vBwHaYpNbj8lTp9aIPbv/apl45TU3gSRO8VEUVRLQwneAhzu61iVSw7c2+OsJepp9/i22cMF/2f5rKW+OBRf4fegdy9/kmctUj5HerIGHPG2+RtnfyGq47c5sPvYbB5l8pA6k6F8FvuYYXKkG6YGXQnM7xE+gHa+i870zuYK6EyI2R/idKNNZDwFsgdRLeAWBsctkmGHtxWHihw75mr/NgJI0wfg0WgsdMvAUSFwRgVzSzdID5zeAVV+rJWHw2VBSaUDW4HKYNYEEL9wAWvsznBgML3DNYiN4YrKZc45pgTbbylAg8a7juGCpo3RYrAhuwMgzDfFnOqCYLX/huXgqmmUB2VANE1UhsHyTfVcxIn3+kz7Igki0Zxg7f680fSrOX5DHmW7Fg2tDKhIknlkzr6WslPWEXuIjhWQ7ER2AVUawGFjgRstRy33iQOYe+cgExmIENwPPzqWHV2sqYyW7btZ4ot8nRRBMhvENFbZMqxO07ttz6jikBJ/dlEdc4oVkkmiY5chZVNZZsz/dccr/AsJs72HZP7pBeAcGizRngXToDvV9nMNdyTQp39QVIoTWmldd7TtaTb0BqGydQ7t26UQeZZMf9kr1gwRUKGddqitNFgAZ/eQcm5Ofk25fLwvWFFWwPIRwC41ay0XEEd+wGP8BOD3WMLGRujOKTSLXmkf8p7vyFw0fA6/WbBBM8SMg1wUNN8eaGdU10z8kyJEdX4lWTZcmEq2QHKgVQ+QE8MwM4lUl0zA7QcXZQBIvO2UENqQeJy2DJgWPknVhnzucmBy6o8wu7zjDJgGUQmVinE1/HNTZWT5Q/ngogd1hmn+BkyXr0Edp3pHZT4qu/CXyX2sr6CICxOyCbjbSaGlN0ZbM5kQuLbb/D54sY1OEHpsEZ5NyGQUUY73o52sD0fzwgoyBxW0qJ88sn7NAxceQF5mbvtD4vtPG46JPvA9VSZjX40dJINsvfyXP18q8IeP4/ -------------------------------------------------------------------------------- /manuscript/images/BinaryMistDeploymentTool.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/BinaryMistDeploymentTool.png -------------------------------------------------------------------------------- /manuscript/images/ChosenAuthTechnologies.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ChosenAuthTechnologies.png -------------------------------------------------------------------------------- /manuscript/images/ChosenAuthTechnologies.xml: -------------------------------------------------------------------------------- 1 | 7Vpvc7I4EP80zjz3ojdIBOVl/2jbmad9Omdn7nWACJlG4gWsep++G9goKrY+J9j2Bt8Iu5tk2d+PzW60Q66ny1tFZ/GDDJno2Fa47JCbjm0T4vTgS0tWhaTb95xCEikeomwjGPN/GQotlM55yNItw0xKkfHZtjCQScKCbEtGlZKLbbOJFNurzmhkVtwIxgEV+9K/eZjFhdTuWeifVtwxHsW49ADlPg1eIiXnCS7Xsckk/xTqKTVToX0a01AuSiIyhLgqKWFefTVdXjOhY2uiVowbHdCu3VYsQc8+GOAhUq9UzPHZO7YrYPDVRMIc4GK2wqi4/8y1X7niIs0xuwQDx5otN0q4ivT3mAVzxUB99/z89CsRqxwt+cJBVszvK2MLKGaUJzyJwEixCQP3Az02ky8sMfbwFIVLxSAM4No7exHzjI1nFEaSmwUQE4zibCrgrguXOSpMP7cFd+vA65tI0FQTRl8HcsoDY5QpcOBaCqnyJUiPApX9tcZQQ08/4UKULIfekIzyuRUNOaBhdIlMwL88hiVz1+s5Xh/l+Dp03fVTlgFFjF+Zyhi+cLkIAb5lcsoypcONWhtfPXwX7T5yb7Ehdn+ANnGJ011DUoovU7SeesMouEBSVRPMtoy/dRPsEZYG7TfkxsgdEXD9WG44HiED7yzc6Drn5AYxq1dwI51R/eIjmnXw5T6EMPFsNWYK4kMOMmct3nahTTZHEarreMiMT0k3xHYbSjewNPnzcfjcZpyaCXLmnEMO70dtzvm0nLPHnwqWHaTUwHQN76YclDXAKLBtJOX8lNCQjDOpdLOimxgomHV5rFgaf+vi+DfTUZPc2SmAiElOZ0pGkBLOlowe2NRnKo357C/m6w7zf5SNvhCj9ja4c3PqcEdfP6cONuub5v5U2u3O1xLxP26L1Txsbls83Ny1lXhNlfhp/LC8IwpxnLb+g6E+rl7BD7/eJDVS2ool4Y/0j4+zT2nxL0Mksk+kIPR9puW7RALdwHMn9DwnRqSKM1jV1M8Zw8bmOXMFB/maMmDwwAMlL1Jo4XgAv0m0BDr5AAD58R6FsKdqgEJVB0Q7OAme5+KQK/hticsEpKmca+dqh+sS4Lo6Bi7mMTL5oN8uI7Wzkdie3bMhIrWkAGIa7Hd2DlN8lBEkbi0IDloET0XwE/Ej5jfUI/BrsQKsMGEhVo6FG3AJK6gTq8r4Wqr4KrAa2XH1GSlssKAXdMX0Udfl032729Zc5DdZr8Ht5p8Lua709xAyfAM= -------------------------------------------------------------------------------- /manuscript/images/CryptSupportInOperatingSystems.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/CryptSupportInOperatingSystems.png -------------------------------------------------------------------------------- /manuscript/images/CryptSupportInOperatingSystems.xml: -------------------------------------------------------------------------------- 1 | 7V1bb6M4FP41kWYfWoENJDzm0kyl3c6slJH2cUSIm6AhkCVk2u6vX5NAE+DQpK2PYxJXlRIM4fZ95+LPB9Ohw+Xz18RbLR7iGQs7xJg9d+ioQwiltsU/spaXXYvZde1dyzwJZnnbvmES/MfyRiNv3QQzti5tmMZxmAarcqMfRxHz01KblyTxU3mzxzgsH3XlzVmtYeJ7Yb31n2CWLnatxDKM/Yp7FswXxaGLFVPP/zVP4k2UH69D6OP2b7d66RX7yrdfL7xZ/HTQRO86dJjEcbr7tnwesjC7ucVt2/1u3LD29bwTFqUn/cDNofrthRtWnLMT8h8PZsHv7AzTl/yuOP9ustMapOw5vfHCYB51aJ9vEbLHdL+Wf5vnn9u9rFdeBO7mMY7Sm/UW+mwvtrF65h/bXxphELGbRX6Ds7XmLakf4mdxDH59u8OUD82bt9dQtJLSeZCnRZCyycrzs+UnzmS+0SJdhnzJ5F+3KLLsPmUn9QpUtjAPvfU6/+7Hy8AvNkqT+BcbxmGcbA9BLY9zf/q6puBStvvHIAwPtrxz7+h4u+/EmwUcvWJdFEcsv1sHmzuuZbvdvD23H9Phyzkuoy0oxUUf8iGnyG+WcBwPmnJ+fGXxkqXJC98kX0ty081tmXRz6j7tDYOa+TaLQ5soOO7lxjh/3fWekPxLzkmYnxx5gJ8qAzl2xnTcPxlI26W0554DSNOWCSQtjt4aIEVZpADketQ4boOOgQad0xgjsos93btXHfjLgafe7akNrlqUhSMQA7RpPGJQyDkfhv1yPP4cWQaTUdDIl4Y8QGUaqRvxqWUedTcWpzQWqwiSuzGvwd2cLzOkLpRQdNFoQiU6n+ZI1ULPI4pRCAEM5BBiAGvu/Yrn0MPIfi+Lds3T5Lp4hRHRjtPMcvFoBvV9RFBqdDe5hpgmsZNcZQqUUWMypYvEFL4bfnSDePnnc/7Zzi6YurkzsUr0sU0oJ3LQ6NMD6HMNQCKkIiB0iKmIKzEVmfrJyyq9pJxWXY9QjSgQrxAjSjEy9ZZLyIZbEMDrc/AGNfBoHTzmMvp4BLxDkCpgEpdY5E6Q/3bK4Z907RpaPCGB4BKAlmU0d2o/Z/HNXQ9t1QJ40gUHUywko7aM5n7r52hCW0kTdbsTFZo4VC5NmvudYoblHbivcct7MdedRiDko6CLQctHLQMa9FMZOoWH5UCzR4SuWUQQ35WY3PdviO3ovsQ5+hKQT8DrS1gGJC+IIFEzfVTmibp6d0WF6oE1W1gqlGXIlDJqyUbr3Y/Cw3MgkfACmQlpF5iBzDbJe5mkh+hEhTbzKNXwik4s81gpE05X6duP+/7k/hrclNQxvDKVoPQbk0oEKUtazrSKh1rB5IIVTFgl0ZYJib3XACRCZgJCh5iZyCwcmsShlwRrvv4DJUTXwCf8EALRCzOEYBUMcUR1FSyqxG+aYMkHmsZvXrhOKzOIwNghRhGZQu3fgz9HY3N7bfzSiMH7u82uQHd25VYZQsRDFHIJVplBO8sJFRo6Mk23Qg1A4idg/YkYZhxLbHF0kJerzl8xeAM9tIXJm2OlBvppHPXzoRqJoOckMEnU/KCxdj5tcj5QjSsmb47l0Ti86d1SXecknjxQUQMmebCKGnQuLJoZ0EAOJjNk1jHUnIlObBCZBI0uIzKp4G1rRDqV4wOkxWNid+EzUEnFDhS6EMGzIMPTPQr1jd6qKKSgnEHweNNcDqSTwvMmhVVmgAIpIjOIxKRQC12SSAQKXYgkOjZ3kQ5L7QhLoNCFyBtodEZj9zHsQJ0JEbu2TYCqctAHlSBE7HSRjTjsQO0FETtocEBl7FT2maD2gohdszavk+3WOgBYBEJkEaTjqwyeSh7APWHucUTsihxNCzHK5WRVZkgWYmyZk4/r2CCJRJKFGPuYmqeFmHaEJclCjK0FvMvgjWQRyG6bgKdywiFZBLJ1ifMFJhyS1ShblzhfRuCQrITZbVMxVbZ52QKUfUzG1EavpNHvJY03xS+KxpvmAmQtfp01F60xAxa/0JhRPJOuw4EA7GDNCQ+7thUUq+yRYd0HDztIL9TYfQw7WHvBw65t022pHO9g7QUPuwvXzaTaHSx54GHXtsI3lX0mLDvgYacL3wT2EWDZAQ28AqsTXv00CxLmp0GcTXO0jjfZyYnGcDDsuyOrhqFVx1Cl10GZVnmKUKifZ0LCkdETYn/nmdlAK0eflRwd5wTlqAsRR4zf1pMaKJpJ15gBKkeIzJA5qYEexZREIlDCwiNRsWcdlloelkD5DJE3WvoUhx0onyFi1zbpU+WgD8pniNhduPQp1e5A+QwRu7ZJnyr7TFA+Q8SubdKnynYHy2do4FH3BMPT8tmbGFJ6TvWMuieYn0bwbSs0e2cVQE1IyNIQvustF+S8CJ7w9K1G8G0jtM7qR60inGoIP5HN2OeF8ATlRUP4NoTueR1pt3ksMFfp/dcL3yunha5x0HRcnLUa3kO3Sfx8i0Wartbbr2P+z6Lbp+BXsGKzwLuNkzlvypb5xzB5WaU/vwz/OHXciIORVgjH+Il50+0GGRNWcRCl2xtpDzr2iLd4mzRe5yTo7N/X43OsGb8fgwzjwPfCfr4ijbNO1pr3uYJo/iNbGN1YZTJtlekKmfqk1xtSMWTq9sovmDMJoAj1LIBNVACXSO+Eug557sDq8/7poOYOqNLugNBupX96qjswhUDYbR7Im4odxZv4C7Zku2MfHc+bKjgoAxDJn02njAJE4ut6rvPoYRVSlkMIYPR4L5wlPSgJQKHMX0G0yYb3vszDYOo3O39Nm4+9qRDiDdp7Cik4fT3+cG+Nm4Ujglij+sCwQmSqvn0Qej062rsHqdv8BLRgJzROGBtMRtr5CH8tGKDDo83hT11pic43lmq+iJCrjjsYxKetjeZoJZgv31cs0oQRIY5Vy9mkjtIa0tLiSRx6SbDWhBE+bZxcD0NkEebB879PNF2EP/EN0QWv263UGGY7xbZzSm1W93QANVgcLKcM1qtpHZobBTsM70eLLyZx5jNf133lXm7xEM9YtsX/ -------------------------------------------------------------------------------- /manuscript/images/DNSResolution.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/DNSResolution.png -------------------------------------------------------------------------------- /manuscript/images/DNSResolution.xml: -------------------------------------------------------------------------------- 1 | 7Vtdc6M2FP01ntk+JCMhPsxj7CTtw7az3exM20diyzZdjFwQSdxf3yuQbCTAVmzI7jbOgwNX6APOOVdX4jIi0/XLz1m0Wf3K5jQZOWj+MiK3I8chjkfgn7BsKwsOfK+yLLN4Lm17w0P8L5VGJK1FPKe5diFnLOHxRjfOWJrSGddsUZaxZ/2yBUv0XjfRkjYMD7MoaVr/iOd8VVnHjr+3/0Lj5Ur1jP2wKnmMZl+XGStS2d/IIYvyrypeR6oteaP5Kpqz55qJ3I3INGOMV0frlylNxMNVj62qd99Ruht3RlNuU8F1qxpPUVJQNWQ/gbqTefwEh0txqEwLBq3CoPlWPij/n4Kpgqu8hPEGLnDR5mVfqFr5gH+Cst8Lmm3h/2c6K7I8fqLlcc6SJ5qpfmC8VVd692DWBuVoY3FWfJ3AEYYyaIvHAOdNEi9TsD0yztkaCmg6vxH8ELaEzb5WJklA7MFpzqOM64aMfd3RYG+ZsoRlZc/EvQGKT+RzaLMn0SNNJjtuqEtSllJZ60HeB97dGZ0bHIWBLemOcU2k8Y4/IEzK1pSXD1qq8gpdI+xKYT7XSC2ZmNEk4gIOTUtSR8tdc7sePrG4JINs3g9kO1t17utN5KzIZlTWqjPSaAhjHOgthUhvqXoOjZYA12hbu2wjLsjb+1LXsMUip1orcFB7entTqZt2DTmdEjpTL35dL1EKPzcFX7Es5hVSDnqg2SHZ9COQ4QVwTIKmQOhLzP8Ux9fIl6d/wSm69kMizz/RLAYMqegFlV0AnqKO0IGjDFUtB3nKYFazkWLYIUV49iXn64rtlKdQ59jViH+FBxOrr0sMu9jQmK1anTFBRlPITq4DidEbVIwwaVF47LmQYpo/DyY9S128/dRUDqHpIMB4HyfqDmHY8uxcCTXl0iIGe95j4uMjbLUmfuAZxCde2Ps8JTtz9YZ7EUowlFBIJZSFEAdE7fDz5ePtkciu91izfaLM3zTA/D+JuDbjOtqMS1DXjGuje3LW1HmmL0C6LwixoV/riDV09Ok0JP1HrKov3el4xtTfi2cYt3gGQwmwbN2Iw2KdfIwXNIlLngGMIIp4E5VYQtldymO+FSU1biSyQo0vk+dVzOnDJioRf86iDdhqaoNlPo+gSrY7T5Jok8eP5XgE2TK1moSlZKUt1KJSzkTDOfQTp8sv4uSW+N3y2S/eyYQVXAx6uttwEO3LrhyEWnW8AP3U2roL78g9Oknfyyyax1Qrm0xvwlu3oe4KOrhvqhhjPbXKCp7naRxz1ERXkxtQvrKt6rsgxDugQo2QB9gXHmdfjRlSMmD2JiPv1qAay2AWWLI0SupkO+wsu8GxB/gYXF3Qvw7G8UEYjfU4CZsoKrjqIIZODxgqL3VxIe/ThWCgm4UPaaFfPz5E7Y5dnMhxINFBJL+pF2nbWLt4kffjRYLx8UjEQcN5EXLxIrZAOoe9iI6jh+28iGNuzpyEYtsbrosXeTdeRCxovmks0rYjffEirUC6r4lFghYch/Mil02R9+1FAk/f43vrWOSyLWIN5JF9EX02CC1XNL14EdK2ovkWrzsM5sDj5LpzyYTHiPaupEmoqOBMSl1UiKQ3SeiC2zmZq55hP6xf39dnD7dFv6QtCjD38k/CvW0l0Qfu5Zu1jqyQM9B/M1SwY6Dies3YbDwUKt25b+eh8lmk7/1AMODAJ0dhcEKvCYPbBwzdKRvgL9J+3wuflnWoj+PdOU+MPT0zqdV5+kPJ1H9Dftz+9gBl00SEKSPhnO6FkHnxeOGLPV9c06u3rtSGoktbpDwUXT54jWSXkzNPDpLmtNST7y9zs7/8MXs6itRK328wsKdcSkyMyBJj36CxdU4ZcdwjTb1tMqU7VNz6wdFSm4WG6jHTwAnN319GVmd6FYRmox81vUqXxfjUFGNsZis3WuovverKkH8/KhosJ9k1VXRoPfjuRGWjEM96Muk58RipOOX1k4SZcY/UC47+9RAMIYfuAO1MOQRCDtNotioT9KN0XsZmvMjSS8L+AAFX2xdpB1KCkPHNybi5KHi9sPzAaNUzM0+spxkU+npTtl+ynDLPkAGEpVZZNRYLEBUb9rv+d3vrpOQQnUvoa6xXIQm6DrxaSFLRRX5LpcrUp1T4KD2t6NiQTavQ6tnpuuz+ppxvpUGsnMG0v/mPrFwQ44Paa3mnIXRVNemipjrvy79XiacegqkN4rqgKltTUNbrlY4VM5zuvy+uaLb/ipvc/Qc= -------------------------------------------------------------------------------- /manuscript/images/DefenceInDepth.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/DefenceInDepth.png -------------------------------------------------------------------------------- /manuscript/images/DefenceInDepth.xml: -------------------------------------------------------------------------------- 1 | 1ZnLjpswFIafJlK7iASY6zIhZNpF25GiqmsPOGANYGqcIenT95gYhwwzUhcdI9hg/8c3jj/sg1mhuDo/cNwU31hGypVjZecV2q0cxw4sH25SuSjF9ZSSc5op7SYc6B+iREupJ5qR9q6gYKwUtLkXU1bXJBV3GuacdffFjqy877XBOZkIhxSXU/UXzUShVM+yboYvhOaF6jqKlOEJp885Z6da9bdy0LG/ruYKD22p8m2BM9aNJJSsUMwZE9dUdY5JKZ07uO1ab/+OVY+bk1r8U4XwWuMFlycyDNkvoe72yKAJGKG4KK/4v09sMKzbfs42UMC3mvPNCKlc3h+LS0vBoUNrMIRrg1ezenrdttP7jMhR2WDuCirIocGptHYAGWiFqEpl1l6zZEZw9qynyQUlL3HbKmvKKpqqdFNiWq9zTkgtS3GcUXBTzErG+0GgJErQXpY80rIc6fv+0n2NLC4G3J+UUxTHtq8fcDwRam5eCBfkPJLUxDwQVhHBL1BksA5vw/AWqWw3ItIOlViMaAyUhtVbkOumbyRAQsHwNhjoo8A4sJRKLKykzmlNCKd1DrlNJ11FYN6WBMzOjt3EmQKjQTIKjDMBxigx0QcR87MlHIxfa0H4Uc7wkgjZxpuob+EVIZoco4Qg6xUhkUlCXOu/EwIRwOC4m4gc17bQ05SkuJSzs5J7oo8rSUDf+VpnFUjWgfCXHrqYVdWylqSNE4YxmgKnQTS7JN3z5oRGebMN8aY8ON3rBowOEM7C7VO/htVEdr3HKex8nxfFVmQHzjaYsqWZmzU+QoFRuJyZ4fpORMf483WRalgNjlzWShXsvO0mnNKkKZs1eHJ9ozQhQzSRiKCjNaVpCx+uawKfrRKnbFkxlh+5XvTGsqQBmzXG8jyjILkzg7TDAssdTzC+LIq8CKEwmlKk6ZozcPJdoxB5M0P04wA1HrFIi/50YEEUuRtgYjulSNM1a4gUIKMY+YYwGo5YX2O0p7yS50qLIgjin8hLpgRpsmYNi0LHKEHBzAQlIl0UPP3JxxvLj4Zq1lAo+sgjbMje/pv0ttHfKZT8BQ== -------------------------------------------------------------------------------- /manuscript/images/DockerArchitecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/DockerArchitecture.png -------------------------------------------------------------------------------- /manuscript/images/DockerArchitecture.xml: -------------------------------------------------------------------------------- 1 | 7V1dc5s4FP01mdk+pIMQn4+J47Q7s7uzM33Y7VMHG8VmisHFOE72168AiQ8hiuwoiDTKS4wAIXTO1T33SrKv4GL39CkL9ts/0xDFV6YRPl3BuyvTNKHt439FyTMpAR4p2WRRWJWBpuBL9B8ihQYpPUYhOnQuzNM0zqN9t3CdJgla552yIMvSU/eyhzTuPnUfbMgTjabgyzqIaTs+2k35P1GYb6tyz3Sa8s8o2mzps4FD3nAVrL9vsvSYkCcmaYKqM7uAVkMeetgGYXpqFcHlFVxkaZpXn3ZPCxQXPUv7jN6XP9OGXsHbbb6L8QHAH8vT9wM3A5Gb8YtlKMnbjxusz4fVLY9BfKQ1so9o1b+Pgyi5XpXX3m6yIIzwgxZpnGblpfDOvwNLA597iOK4Vf5Q/uHyQ56l31HrjHVjAve2PkNxgkUdcbT/PPhipCseUZajp1YRedFPKN2hPHvGl1BKW6TrTw0XTEjx2LaJ4DqkNCAc3NS1NZ2JP5D+5PctNiFO3zpxXrxail/DdDZ5+WpV2WEfJJ2Od34cU3rx9aG0rxt8gWPsn5qTtJa7dP0dZfj0MtlEBVsNWi9uZ1V193FVE8YfZ3Ef9xtTzUOw7taySI9ZVDboL3Tq3x+S5tZNbPfIh4HywWKGsKXlopBQ57SNcvRlXzXwhAe7rsnUBmxwSbiJg8OBnF2nu2hNPleWsMkQSvim4PnOQ+D3TWEdrlYIck0hwMxbkT4l4ylw5BuCZxN2k5EdOn3DAIBrGKYUu3AmtAvsXXKMFMrCt2ES1+0Ga+tQbx0OnNY6LHfcI6MkvCkUEj4qpUkHsjhYofi2VjC0C8mFog7Y7va0ZZDj1p335R8uR09R/m+B/EebHH0lbcEwZM+tU8XhV8IR/BL3UdEP5dEgcgdsNcSQGpeaB9kG5cx4gkIqCAcQbiFoc/CjZRmKgzx6RJ1m8DAlT/g7jUqDp/SyHIZBLsOL6pXIbW11NlaTC5iaqn7o1VSSrH5xMd5Rvd/iXa0pFn/83uPg4RTt4qDk1MgYIoeQsD9Y1FeyAwypWpS/B9yN9YVt5dkQszd+cLg6OKQAkxlT3P6QwhWipiFhRIEA9JBlXNW67pTGKUGj/GsXjXtGj+sZ8f9gV5CiPPom6qhwh+eMN+pwhaLcIgUpCuJogx3P3RoDhAkMbwv4Ihwa3pATuygM4yHq/pyvoqQS4g2xukHmQGYk4UQwgOeJoAxP5JiDvHmJehrTadeHbbQb1zi8JoTR46WtgvYkmq58ubMVXF3cecFfXNdJGHih0bUfYBh9C7K5FmRJsSBrbOS9MNaIo1XNqfeq+1+DHzyxz+WHJ4UevAQRK7O2wb74GKcxFiXpvhzlMrTOo7RwZFhKFu2cRG7Vro2Dq+/f3y8W4+6xflqW5gF5h2tfks6yaexUwwnMvsO0ONYuBU1eWmMAzQz9OGIUDwyaSZppNGs0abBH0bRdt2+cXNUsAU0q0QXD8HRfjni4hA5RRWY+DA7besRVG6L/LBAfDN+veHG1QJROLKETpVdq8qdBOXDkROCO1x3WPTadLxqAe9ZIRRLjb5eX99FqW6vtN6OmPIcZsCdW266nLUhb0Fu2IGBBtQGr208CaxPSJvSWTMj31ZoQHPZCLzOX7JgsRujCMQbR2fMqz1SFbkZ57iHYRfFzdbbO4GP0oFUyhBpBUhpB9yzHqohZ4JdYfxgx6XdJ+hfNWffyWBYQ5byUlU7e2EonneeclzKfNs/pnZEZ03lOAR8HaF5TSaLTE1ihohOd58DJDt+TZjo9LVi0YFHtkCYWLL6emJ01P/qJkGkVi69nZuW6OMdVOTXr66lZyXCy4/ekisUfnirTikUrlok80rSSBRq8nXpassyHIL3E86SSBRo8Sasly8V44i5VKFmgcYYC1ZJFBE5ToWSBxtieRy1ZtGR5dY80sWShNb/LrYxnr5qkG/C6exttPsRTbWU0uwyyfIYX4lsZmZocdrJd3lJKSP30ebyb/2JdMEjQF9COrlc4d7HuK9IOMut3gcnuZxOlXS9oA6zWlrmDViDLpGqr7NJfwnuD77XuwMJammfwU4JvsjxGjZkc1wR4HAPsEHSZaxL43pu3vq1ZAkw2zTr0LLEDEwclWwpKAjGtRsl0DKAUJYFQVaNk2nRbjCKUZuyd5oSS4ylF6aJvf3mn0tXjSdcqq6MsYgKAsXKLzR8Jh0y9qnoUkxkz8VYBaeLxiUcnILvE85QSrzfDfjnxelW9KvF4W0408bjEq9PIXeINfIfMNMTDz2diBOvSaL1fVS8PKTFc92YcAs4tXAeGzaZkJo3XTV8gpafBouM3UJtcoeGoBmscLNxutWBRlTBHsGYUFwJDbWBoztim5gQTcJRmWSgqGqYRmNSmLM0Za79ZwQSV5v9Nnf8XE3yKYdITAEIwuVDtoKdnAMSsSbGEEJgC0DBhmHy1glwgYa5hMpufGFIEk0B6WcNUZNiU+iaosxBiMJlKfRPUWQgxmGylvgkKZCH0l9fy53a5X14rsKhA1pfXYgr4He64tt2tQ3get94T1nwVGlOVxHlcKJBS0Zw7h3Pj6wlkca63udW99CeLbHY2w2BXIciknEB66BehnDixzl0aII9DgOEQ68qEOcSuDTfYBQUXcwgfNj/NWl3e/PotXP4P -------------------------------------------------------------------------------- /manuscript/images/EncryptedPartOfCryptStringInShadowFile.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/EncryptedPartOfCryptStringInShadowFile.png -------------------------------------------------------------------------------- /manuscript/images/EncryptedPartOfCryptStringInShadowFile.xml: -------------------------------------------------------------------------------- 1 | 7ZlPc6MgGMY/jcfOKKiJxzR/2ktPOeyZKFGmRLJImmQ//aKCxkjTdqN2O2MuwvMiwvt7VIgWnO9OTxztkxcWYWoBOzpZcGEBAKHnykOunEvFmQReqcScREqrhTX5g5VoK/VAIpw1GgrGqCD7phiyNMWhaGiIc3ZsNtsy2rzqHsW4JaxDRNvqLxKJRI/OrvVnTOJEXAU2KHyNOTuk6nIWgNviV4Z3SHel2mcJitjxQoJLC845Y6Is7U5zTPPc6qyV563eiVbD5jgVnzkBONPylDdED1iPuRiZOOtkHBMi8HqPwrx+lMQt+JiIHZU1RxaL6eK8Q1vWqhnllZiiLFPlkO1IqBsJzl7xnFHGpZKyFFeiTnfe85ZQetUo5igicnJX8palQrnI8WW9nQeVmjfMBT5dSCovT5jtsOBn2URFNSJlYRio+rH2A4C+EpOGGZQPlQfjqusahCwoFmYuELgGLj4Vaq4NQP7vA9OBh6zIwkw28Oz9qQ7KUpwfXxae7kgOouyrjLS412BzGB+4oMG9iRLecMKeIpI+xBzj1EBX3j7TwN+i4MoMUg+jzQbDlpdkxEXyebMZxBTAa3nCc02WAJ14wuvJE+vn2QPw/NEXXfnCcYc1ht+jMTwHjMbo7IHhD2uMSefGkEsunbha1ClsGahcpCWIo1Bgnn3WSH2vOC6h3152yJYrfwVXs0HXHr794XvGqRzSg21Mi8IhbePCn2+bZbCEK/tbbWN6DfXqm+CbfTP1f75v/ofHjeEt1advbNPC9ooRJcXsu8Yyk1gejQuQKyw4wHD7hds5r1+cDgLggmVft3l7a/oOri5o6U5GWv92cw0Lyxlh3QELTgelBcFI66731pC0wNS07TbTigjHoSBM7lkXGTvkgxsJyoinvwvc2OgY8FX/u97FLzDtjkd+X+HnTJzBAMpq/WGkiF18fYLLvw== -------------------------------------------------------------------------------- /manuscript/images/HandsOnHack.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/HandsOnHack.png -------------------------------------------------------------------------------- /manuscript/images/HypervisorVsContainers.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/HypervisorVsContainers.png -------------------------------------------------------------------------------- /manuscript/images/HypervisorVsContainers.xml: -------------------------------------------------------------------------------- 1 | 7Z1bc6s4Esc/TR59CkmIy2PiJOdUbZ3aqcrs7swjsRWHGmI8QG776VeYiw1qZ8FIip3TeYktMLffX61WqyUu2Pzp7XsWbR5/pkuRXFBn+XbBri8opZ4TyH9lyXtTErCqZJXFy6qM7Aru4v+KutCpS5/jpcg7OxZpmhTxplu4SNdrsSg6ZVGWpa/d3R7SpHvWTbQSSsHdIkrU0v/Ey+KxLuWOs9vwQ8Srx/rUYVhvuI8Wf62y9Hldn++CsoftX7X5KWqOVe+fP0bL9HWviN1csHmWpkX16eltLpLy4TaPrfrd7YGt7XVnYl0M+UGN5SVKnkVzxdvrKt6bZ7G9G1HuTy7Y1etjXIi7TbQot75K/LLssXhK6s3t/TjllyJL/2ofoCtLVkmU5/XWRfoUL+rPmySK17NVJsS63CuLlrG8gXmapNn2Iph7SYl/Jbc9xEmyV85DxoKwPdf+LyL5i/vyF+m6qBVGPPk9S4uoiFN5outZWJ5cfWb1Y3wRWSHe9orqZ/hdpE+iyN7lLvVW1+XVT2rBzwISVgWvO/n4Xr3T455yCPdrBlGt2VV79B03+aFGdwCjb48jm8LRv+ZXl4HKMSQ+vfIVjut0LT5GuCXYnOg6zqQ1qDaIKC/0wOWNOWvg+h5T4HpuAMFlznS4rgr37j0vxJMsm0dJkiuoxXp5WVpB+W1Rkir57NNNonuRXLWmqve01arUVL6uEHhNBtpTvMXFH/XZys9/lgL5Vv5Ccsje/6j1sv1SbaO8C9rdVU2xVKy1gjNPn7NFvVdVGQ/ydL4RpzF8TQPlKkC5o/JsyjKRSP29dC8KQlxfw29pLC93Zy0Y6QpKGoHuMaq7qX+2b757R/J42DuS17MmRZStRPHBkZod04eHXHT22eqyfXyDpOp7Z2KHLmkQzJlqh67J3L2ho9qTZZQ/trdzwLYAkj0oz8aVaJC2qtsTJ3F8SJ5cg7XxoabES4r6zjssvb+f02bDLN8+k0u5A3M2b7uNWzeteYy7wuaB7hV5q/L/b1m6EJJqfVJ5vdV5q62nKaeb8IbdOqqcbrd/o+SkQUGEd70REgAKCgEBMa5BPwHq54vphzberQ39NFoF9LOMX0D5yDstZlESr9aVfhbyPkWmKqM5Tr6J1uCBkngtZs0NlUci3+jhwwyVc9CTc/co903B7+8bMSvv/If8kL3EeZrtafi+/ztF121xdXtK8fbpHagE5RPsKj0T8gai++0OWwmX7sIWK7+64NeyJHou0rwWXvm1ev7XiXgoD1UKMJYd6su6uEg31ZNfxOvV7+WX65kLyLfnUNKQuvRGj6zdoOfHc6raxcABdE0cDQ1rQD9P2Mcpci5/JQ2XyPL/I0RUHKw4z/E6inMdVXAuAwTn6tAb5IuPs1ycD2mImwBXX08/omz5Kp/V0JZYlUS/O3iot6kDFe8ZB5eorChkHDwdrKY7TRys0/+UTYnsqq5Xco8maHAGNHjfVDOquiDMJWZoEItRUSNuY10jj4yK6guK+r32FoibMQ4FRdv4zKSgaHgmGNugQw9ji3es9z8JG2Hd2NiMOr6CzQ8gN8n9IBQ2ONrpngm1Ew4hkf5wBAk9teY5UM2jOgLWfHJrhiGAzw4BeD0FNXEdGzEA4mjwXUF/6N8/j/d/4KGpPVp1UdMvqXtras/kKV4uy9OAUuvYgo8Hamw6ZKwXlSau2ii4gBx02BPinMvw5tX8MtwOdOtqyadV4n5LDsTxzDXkxDkX/+ucWnKmjlSaa8gJ2BNCO3w6dpiofp0xK2yzP+VOqc/mk4WmxaF7dZo4qmtlMFeIuNAIyyly/KRkoWkV1OnB9VSDfSBXiOrwnJuWG5OFoMwgwtlYoKxXW32uOr4f5QqNSQvq2vbWBozPCgp6lxx2D2Q3KYi45xJPPWFHsJcV5PnAkLy5pCACRuUwpHNeIZ1ey0Qci2kdBIOCX1BBvjpGalBB0zMTf+EBbU7U2m5sPJu4OKD94YC2B2SCmBvP5hZ7fKc1Eqo1fuoToKNuLn7KpwffsMU8rRbTb2JoVhpMjk77VxNQ4KjhJIMCMjUM22aW4ijAUd6E1zMrvmpWjA0D8HMZjD1tZyIAJuUYdCY8yAXEtuCc24LQIRbbAk8dWEABnbmAPHX02KCATOUSoDOh1ZkIXdWsGHMmPDUqrE5/25tHpBqBcZOMfmXQxOlNR5r5NklriN6C1f9feVnznQrBr2cBlntpDHn6XHLUYhV4L9EoVGNfFEpS0RKw9EyFj1EsVsRCmj6hFbX4FFBLD6L08DblxyRNkniznRoKPQzteS9ANkHr/AEOYxje3s7nI4juZTeVyzzoGTrq5w2TQJ24xYHBCqKF5oBsEaQ5hSaQkmaO5oDpXEhzCk3XZt2EkjiQpkaaQMNpjuaA1bqQ5hSajk2aA+LySHMKTXWQxRxMqAOEMKfDtAJvwEQZhHd8TaRq2MoYS3A5MmSpjaVrsYUMoCEsZKmNpWeTJcZ8tLIkzOnG8GbAkiHmaGLMxzBNH5i1ZowmxnwM0+Q26ybGfAzTZOrMDHM0MeZjmCYwz8YcTYz5mKXZjkZZoYlBH8M0Q5s0MQpkliYlFscxQ4wDGabJLPq0IUaCDNPkarqYOZojYkGZ+PtZUsx7NNdphjR3S94oi38Ca6GHQDqXlkzRcEQwCHEOwakkGajBIBr6ZnC60+cQ4rwRRWufOm9ECsjmNGYHMu8jFUQxGdhWMjALlIDIsEUqteQChzjn/euZG5tz3sMR4W70PoZ4Hz2aqjEw6EqOiHYjzCEwaQcmgxxJYHFTPTDxzaRfzbQDI18GLbuGN5OiH2nPj2zSKJsFMyw6kVDofpqlqWRw954vqkWYT1slJzNnuV0Ue5eEDSycZ8h9aJdHRB1M0oHanBlRBjDwbmo2OwVfUIQDCBqHap3QXsYaHfKCIcQ5BScB1s40hxMTKUzjBBaJMYcTMylM4wTezGoMJ8FUCtM4La7XIM+GTrIGJ/mjBSxNuMvQC7VN9aMIRYmcZn+aW+xND3mtOgbjj0/ToVy1+qEHmH09NEdM8kGa42m22eB2aOp/Ow9a6KN0EHo9Zw5YpNWcidafrIUy0CIDytQOtzkZjAiHoW0fb9t94OXpBm37iGgY0hxPM2i6N3ZojgiGIc3xNMMm2miFJh0RC0OaR9D01dxBgzRHTCtCmkf0iQix2cVt6CFOUzh9m31ciqOCZscdfK46QsaGHegIPwhpHkPT4tIHlOGYoGGaob3J8m2sAmkaohkQi8lRbIQbhDSPoQm8FdYcTVxqzyzN0OICUPLekKZZmsxi3iLDpfYM0+Q2LS3miBumCbxC1xxNTBE3nfEPvM/WHE4cFNOLs/9+61mzQvf+3M4mGq89tsdGRIMQ5zE4XdXWmsPpQuEgzEP5lJfGkr6ZtjkD04UiSSiEkxBCO5nfihD0r+uDQtAjBJ+qoWVzOsAMxZPVQaB2rs3pQP9iMKgDPToIAosZy66GRV1QB0Z0EHK1P29KB+CLaStw+SZa76hNe4n8uPWi/iGytSiv8uOVgdpi6Ervs9NeX+pSVvc50MNt5y4OX19qrx+rLcZEu5KcQRPe2rJ9UbavtJ+0kJB32GtFWaIs2xfn+WqszJwqXWgEeJwAXRsC/OK60iAkr1llf7c6FrC6JrQIEtGyIiO4zgoq6Ssoial9em1Ckl+ztOTYbvsuH/vjz3Qpyj3+Bw== -------------------------------------------------------------------------------- /manuscript/images/KeyStretching.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/KeyStretching.png -------------------------------------------------------------------------------- /manuscript/images/LSMFrameworkDesign.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/LSMFrameworkDesign.png -------------------------------------------------------------------------------- /manuscript/images/LSMFrameworkDesign.xml: -------------------------------------------------------------------------------- 1 | 7Ztbc6M2FIB/jR+zw93waGNnt9PdNtPMTjePGBSsCUaskBO7v74SSFxkEbMuxPbUeUjgSOhyzqdzdMvE9De7zzjI1t9QBJKJoUW7ibmYGIZhaw79wyR7LtFdrZTEGEalTK8Fj/AfwIUi2xZGIG9lJAglBGZtYYjSFISkJQswRm/tbM8oadeaBTGvUasFj2GQiHZ8smv53zAi61LuGk4t/wJgvBZ1645XpqyC8CXGaJvyGlOUgjJlE4hieKX5OojQW0NkLiemjxEi5dNm54OEaVboTHxH9qKhE3O+JpuEvuj0sUi+7/hY7/Mx7RgGKWlW11meZ5afvAbJVpQoV9EoP0sCmN6tirzzGAcRpBX5KEG4yGranmm6Hk17hknSkM/9mbewqDwnGL2ARoo1M/TpvEoRdjKVneHdfwWYgF1DxDv3GaANIHhPs9QYl59wiE2h/reah1q4bsJgWVwacA7jqvRaofSB61StX0PzTtDvnhbCmJK1eF/8qDW/mPvL5UKpx26dj6DhO6uvhk1nCAWbmkLBTkKY9hDtFfMvouPOzy0blnOmgoCqYNUUNSwihKyAu7xwbDOaYaplu+YXTsz/FrWthOB7DjDN/ZgFIRCJtBsr+QMqK1soxBIW1ACkPbpZdu5nqZbLdxUeHTZUWLrTrLqnt+3qHZrV0lTjRhvEqvqlWfV3gNMiQl65XV2vbVfLVhjWGc+wxjHDHjWYozQYH3VfwWthpQyjEOR5X5sUsR5E3B5va0hAaWdz8UanR21zVSFfU7rbOAnynKeGaAND/lz69hgDkKpduOs5z4EieIbRagXUjrzkvUWQ7gxDijltg+IecqLryshpDAKKamIyBCh/ZlT/dBjvcwI29MEPWMU3TAbCxFLE/1E5sUbi5CtCLzTxe0Z//ZbS5dENksEgcfQPhsQeCZIlXaeysOOvQfhyizbDETL96HDjjETIYubf+BieD08xbR2Vj+lYYebxG037UgSbK6JjofvW0jikY+ktzXvt3HTUJHwUHu5IePhokyWA0MmH9hf4uQU5uSpMLtuJ6KpdjVExUe0GDoHJbYI6MBn2By9jRHXv7RODNJqxcxH6VhxItOyUBCuQzKtzC6E3nrHvtrvdVu+7u1FgB8kPZu5PNn974m2hSsf7RhJ7fSpeDdcRggeAIdUTwJwY2rt7yBRUvJWdB5E44umyKFUQ2uIQSH6YBDgGROjWUNu+YVpbYVghwyAJCHxtN0RlbF7DA4LFUN5JM5UKLXkjrewB/6xm5qAk9wBSVyqp7PZBSQV9Vcd7AqlaMnUDGTI/wEb/1TH5H2CbKmArCTwbbI4c4ewTYfMc55PT+LHb5VYOcwz0VGuxG3ot9BwVetOzoufKc/BT/dxhSfJR7JCwqRZ2N9hasNkq2JxLgs072c3JBXkjoqZaJN5Qa6FmqVCzLwk1dyi35o7p1XpcO/m/o2aqULPOitrUaxHiyIT0Rk0uaMSFguj7DbVu1AwVauYleTVLJuRUr2bL2yFDomYoUBvkGG8XbCC74qn5NDu7n9O1lVaKI/gqi/o2wOi6bhRs2M5busqzRqkd9a/wgC2ylS2CObNhSCBityUygDeQEBAVwhDhCKYxIxqxX2umuRyEWwwJQzhDCQypUe+PdIOKFe2WpZe4e3lZxx/6VF4xaTqfsze8SRUEWpcwTa3bdfTevbSPXtYZ7rqe3eu6Xnms9lCCaGjLNC7G97Xe2pMN7IlJ6DH76vog9lVdsrn8GC8ieRXWn1oR/wcf7SL6lyk5DVjksCeFmG9Q1zftf3kqIELYBW3c6I68Q23IN7P7Tgb0qSYXJfM35HTg6K2ewbyOOkY+ARYkiwtAf6D3wt1F+ZJqhlZtrylOQZXAyXu+p510HZ3EDWY19WRvFv7KzeCz2so1JVNZpsJUqmv4g5jKvs6N+HcWcN3LvhP9uaC57c+9c/pzT4bGln1w77WdJeM32KkPfa3/R67MXv8born8Fw== -------------------------------------------------------------------------------- /manuscript/images/LeanneCarter.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/LeanneCarter.png -------------------------------------------------------------------------------- /manuscript/images/MItMARPSpoof.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/MItMARPSpoof.png -------------------------------------------------------------------------------- /manuscript/images/MItMARPSpoof.xml: -------------------------------------------------------------------------------- 1 | 7VtZc6M4EP41fnQKxGF49BFPpmpSldpM1ew+Tckg26pgxAr5yD7sb18JBAYhYvCRyWwlDwk0Olrqr1tfN2RgTTeHLxQm60cSomgAjPAwsGYDACzTsfkfIXnNJabvO7lkRXEoZUfBM/4HSaEhpVscorTWkBESMZzUhQGJYxSwmgxSSvb1ZksS1WdN4Ao1BM8BjJrSHzhk60I74yh/QHi1ZsqDBQxeVpRsYzndAFjL7Cd/vIHFULJ9uoYh2VdE1v3AmlJCWH61OUxRJPa22LW837zlaak2RTHr0sGyvLzLDkZbVOjsRrzzJE1gzK9X4rqQLQkfV2x7RGjW2v17S/IGlg2BOVpURUbKXuWOFkIxwDDN7D3mDVwjOVR75LN9gQzt4WsxKVc/n7euCxfXVQS1GQFDByFfs03EBSa/pIjPDBdZA4PfJwTHLEOKMxk4My6BW0Zy7bIOMMKrmF9HaCmG2iHKMAfJWIoZSfJ9CnC8+i5uZkNbLlJiGhjyflpumTUGnje1SpWr1pIGFBOhQ0UkrfcFkQ1ilO+MUfqaRJL0tKFpScH+iFvgSNm6gllbyqB0lVU59hEv/EJCpgU+NtDAR7GDsnrDcN3ptHU3C+k3uEDREzcGw0Q8XRDGyIY3iJQHAd88RCvGKgUVyy9xFFV0mM4mk3thgZRR8oIqT1zPMyfiyYrCEKOa5p7vzsd+5dkMUx58cjVSshXbLUcsggYQkjVMxFZsDisRLe9ixPaEvqR3PE7kimYBA4USlWVMEDerCKapvA7IBgfy+grQASMFOpbTQI5la5BjgqtAx/6EztnQ2aPFzxTR3S+Ej+k7Cn5sTeQZafBTnvKX4cf5xM/Z+Ilgkq/5F2HHUGKPbXvN2OPqsGM418CO28p6QrzTEhfBJobSzoK5ZJSgwVyKURZUw1ayoVvISgUwKjhL+KE4HAtuK2QRCV50ILLHnIRNGmBwm0CUvLTOVgr2omMrKYOUNRXgwjmOSrTzznO4wZEw7IbERLAjVPjOpKTHxQQxidFbmEJhjai3Impo3Lmecpx5zfPMk5CiKIIM7+psXwcpOeGTYIqVo9MYmbXJTFcJadwnaYBktyoBV0YyHSWKmiNFG77BK8QaI3FDCIZcNpNctrvKxV501kzpwC9yHfTdh6ZXn28EFM8ly2WK2ED129K2HV159AETmB+ID2M85wf0ZxbTgUt0SWMs62ZpjH+aS3yQCP2WJTpFaHTA7E8BnTvX8eX9X9k9cDx5/4Qo5rsoqMzbR34e5opdBB1jtiYgd4+9pj2qB3oe2c6LvSqBNUf2TUKv7du9Iq+qV7/AaymOpBwn14m6hYaaqHvtCGtrI+zjV/bYGll/P889OqVTdckWd+zm5zE3Z2VMcfuXfNbRn+WBnbtBYfmexMwEXgsiL4oCPIVw6s4LzowCJlDPHrW80TsMNOe6svcVB+ztvU/Pb+oMSzNKhGM0LI5pMc4I6MZ53mMWrFup0JvEqZZNnbf44rVDIbNvt9I3E8Meq1bTyFN70WeNWt0+lfj/KNG7KnGsDolTY7/GDD3n+fxsT6FIGypna614VD8is6pWSzkpiSCOhyuKUDxoq30tod88ZINwsUDaSpr09drxa7pvnXvdUxXPVzMV0MxURkBXuvKvkaoUr1Z/81Sl1RLnJA8XVnNMoFayVQbQnUs0UopuXOIsFtChAN4TCbIa1wDCaOZMxt5tmG8cStIqWoUwXZfx5nyMlKmi0WLYCzPQtmF740Ud6aZ40RW9P/FSxYt5G7y0DtsbL+pIt8SLq8vxf7+TplOyfDF0HOAqJvbdK0DHd4Bib/NM5LzXewZV46Hp9lNM6fARql1u+0dSBa8/lUdbSh7dNUmV7xMwRc9rSF+6lryabw3qLicDd9W3pKjxKlv16w0OQzGNNh0443Xye75mAFYda47RjO+6L16u8sGLq3vJ0JqrBSREF9Y3ljCoY/IBRTskjNlE2CvZDmyD/6bldyXjfwfAFgtI+K9Y7MaCPz6di+o075yivvOy+V+4EcDNJsqLysaCcFc1vj6VD2VTI0Ti2wDE1hwORhTBMOTbYShj4MoYj+NpY5A/7sfTh/Hk2/01d/LyV50nLaNMUVmy/I7t7C0r+3fdrpZ6WTeE6Tr3qcr1xzEK1uSEVasys7pBXSBRl80TSgKh/is/peexOP3mONnZ2Z+fS0L3kIYnRjxdKOrlwNrhrhYmIE3ShJAl37Yha4DrNYtZhgxqWox2RvN7rOZ9ZznR7JxT4Zo6Xjs2fz0Rm5+/j2uB5kZruTRgnlyHLmh2X8sHhHPXj2eu9WqoD4eof+xjxJzxAoOtcfySZhdQTCxN9vBDGhSnGZ1MSYAh44RZUFDOQIFR/u9DDo4+df+TOcCv+HKouK9Q+nv/3pofPytp8HcNy3+jxOfU3wOXVfZqOd7XcHrrjHI8vz3+b06eSR7/Acq6/w8= -------------------------------------------------------------------------------- /manuscript/images/MItMMACFlod.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/MItMMACFlod.png -------------------------------------------------------------------------------- /manuscript/images/MItMMACFlod.xml: -------------------------------------------------------------------------------- 1 | 7Vpbb6M4FP41kXYfUoG5JDw2aTuz0o40UleanaeRAw6xanDWOE1mf/3aYBNsIIU0mdu2L8UHXw7258/fOc7EW2aHdwxuNx9ogsgEOMlh4t1NAPDcwBf/pOVrZXGjKKgsKcOJsh0Nj/hfpIyOsu5wggqjIqeUcLw1jTHNcxRzwwYZo3uz2poSc9QtTFHL8BhD0rZ+wgnfaO+co/09wumGWy9WMH5KGd3largJ8NblX/U6g7orVb/YwITuGybvfuItGaW8esoOS0Tk3OpZq9o99Lyt3WYo50MaeN68avIMyQ5pn0MiGi+KLczFcyqftW1NRb9y2gllZe3wnx2tKng+BO5s1TQ5Bf+qZlQbZQfTolzvW1EhdLaHZotqtHeQoz38qgcV7lfjmr4Is+kiMEYEHB2kfcMzIgyueGRIjAxXZQVHlLcU57xESrCYBHfCAnecVt6VDSDBaS6eCVrLrp4R41iA5FaZOd1W8xTjPP1LFu6mvvpIhWngqPKynjLvFsznS692ublaagHlQOjQMKnVe4dohjgTM+PUe00hSe20qespw/6IWxAo26aBWV/ZoNoqad33ES/iQUGmBz4+6ICPtQ7W1ztOGC6XvbOprX/CFSIfxWJwTOXbFeWcZqICsV7EYvIQayxWbWis/BoT0vBhebdY3MsVKDijT6jxJpzP3YV8kzKYYGR4Po/Ch9uo8e4OM0E+lRsF3cnpVj1q0gDSsoFbORXZIZVseZMjvqfsqbgRPFE5WhIGShQqa06QhZTAolDPMc1wrJ4vAB0ws6DjBS3keH4HclxwEej4b9A5Gzp7tPpSIPb8HeHjRoGFH7+DeWYd+KlP+dfhJ3jDz9n4IXBbffN3wo5jcY/vz9vcE3ZhxwkugZ2wV/Uk+LlTuEg1MVXrLJVLKQlaykX3smIdaqXsukesNABjg7OGH8qTW6ltpY3Q+KkLRP6tEGGLFhjCNhCVLjXUindKrRQcMt52QBgfMKnRLho/wAwTubAZzalUR0jvnUUtj/UAOc3RKUyhxBDqvYhyboADZgam3Hmbj7SJIQI5fjbVfhek1IAfpVJsHJ3OzDXHCi1KE3uSxUg1awpwqyc3sFjUnVneiAlOEW/1JBZCKuS6mtKyw13WczHYM6uBeKh8sJprh+h6XSA+sbdlvXQDd+rsB4xPPiHRjfNYnb9vQcoAqTAkSvG8q0Up0ctS4ccg4JMrMYiA0QHzvyV0bsIgUuXPZRkEc1X+iBgWsyiVyukTvWIxPYtgICV38O1wanX92dykHWd2HrXa+tSd+VdhVj/yRxGr7ddAXtUBv7WRrNPiMqyrPexg3UszrF8ybIXCRvpsqgaQVVi6+g0EgawFhO+O9fx7m6A//ME/9BLzz7fxj3s6aO7ont08jCZygYZGn7L4Wb07U6qZZKFkerXHNKxGijoXzHvg/iqKEeFHYDIDOJNiXGAfbHZqZDTHtMe68NbWp/f1t3a3eDLlW0cvBOdoqjWA7GcGuvp53GMeb3p11klVZkRi5328vrLQNv96X3oyqBzx1XYI+tJcjPnGTt/enPh1nBid0ThmluSZst9gjh6rXMDdnkEZkzROXiPxZB6gZUasJxW1JRDn05QhlE/68mZrGLWP4DhZrVBnFk7tdeNwdsNT597wOGge2WEQaIdBM9CV9oouEQfpa9mfPA7qXYlzIpNXZoJcYGfBbQUwXEu04pVhWuIsFTAgeT4SCUoeflNdnCdK0p6MYgfLTd/pWctXRrR93Y6GiN3TVSHSlSP/30PEvQ5EersdDRG7p2tCJOxKE/x858mggPnV0AlAaC1xFF4AOlEArPV2z0TOt7qJsD2euuE4x6wGP0LCLOz/GZVW7y9Fy54VLQ8NRdWVBGbocQPZ09C0V/viwdxyiqube0uZWpfd9r7OcJLIYTpF/xkXzt/ypgJ4JtYCp83vXb+JuchPYsKue4px19JqUXoDw5FpjjWMzfHeI/KM5GqPSwV54akUjoOL0qd8vSsENMQs5kk5OCHyhcwKT+QPQEsbllNGt0imVDKaoPMD3F9tOjMEc5yncqo2ULpVzy+MJSE7BD8hWZLY3a1GTtyL/PE9Li51uUEH99G993AUe62938EQ/XTgWUdPXW6e2V33lrbqGsAHonj84W91CB1/Xe3d/wc= -------------------------------------------------------------------------------- /manuscript/images/NetstatAfterEximDisabled.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/NetstatAfterEximDisabled.png -------------------------------------------------------------------------------- /manuscript/images/NetstatAfterEximDisabled.xml: -------------------------------------------------------------------------------- 1 | 7V1rj6M2FP01kdqRpgIbCHzMzCbbkbZV21TqZwJOQpfgFMg8+utrEkgCvpkwDZeYDLsrbbDNy+f4+lxf2wzo4+r1a+yul79wn4UDovmvA/plQAilpib+y1Ledim67Zi7lEUc+HnaIWEa/MvyxPzExSbwWVIqmHIepsG6nOjxKGJeWkpz45i/lIvNeVi+69pdMClh6rmhnPpX4KfLXSoxNO2Q8TMLFsvi1kXGzPW+L2K+ifL7DQidb//sslduca28fLJ0ff5ylETHA/oYc57ufq1eH1mYVW5RbbvzJidy988dsyitcwLR8lOe3XCTv3zqrfOHS9+KCnlZBimbrl0vO34RqA/owzJdheJIFz+3b8yya2riaP9S2cEidJMk/+3xVeAVhdKYf2ePPOTx9hbUcIk+nO1zinrPLj8PwvCo5MSa0Mkou3bs+oF40yIv4hHLivNDkihuOpTaTp6ec83MHsENg0UkDkI2F5X1INddUTcsTtnrUVJel18ZX7E0fhNF8lyS07zgfdEQXo5IpOdllsf8Kfjg5sRd7C99AE/8yPGDsaTEkrAcECtM81cvIWr9s+FFxn2yrZSRKGBq69dDpvi1yP7XisuIR9hdaZd+8zTRLRSaGJZ2nidUw+IJJUg82VqO22eK5RimM2zHoFglopBhqwaF0pNESdZudAAX18jsk8s37Rn1/2yPfp5SiLbHUJlSu+RZ3JPsQrNl1CAZwSOZ2QuhTggh4VGdF0KIPBniGaPtaR/QRzdhkcbOmE40JS1S2TOjDiSkLDSi2RLRtB7JZgQMCCWigHFUFjA9pZqQKyCl0LohQzutiS/2x63Pqlja6UdMvU2H3NDkET7F+xF1kaz2IyCUaP2IocmSYNdcbwjN6+k7i7ap7wytFwU3x6iqfQAphWcfCmukJqW65ZaqS7LqAAhIsuKyCCSTo79lktUllLatDi0MInZfPGaWa52l282aqjZFaYVFoJRBZBHp/ZfOuLrlgOKw1RkKhi4HFBX3X9RFsqpPQCgR9YnSgbyeUk30IyCl8PoRcnq6wWX0uROZySaK114nexN143eWUyYMFL/bezIIhJHjvCH33HDJk0x/ElsnvavSHNbnY/qYWANDnz9t/2ZIa50DWt1eoAo0FA3BBFoeGG2mF8jytv8+d1fQEmsgHxSTNcAIbIG3oWla18xDd/oBaMgKEejibhDQ225AZVS7Y/Qh6Y+IqnF6IPIyo//tafrn+NfPauuRZL9u1lnA4OCxRR5wPGjBu97UN4azrtXQ/BYezsBwYXdxVtf4SziDkh8RZ2C+dtGn36kNqrqCXAIVVOSIoAKrEW8T1Gu2VFB9I4IKzJjvCKgdMr+g+MYD1QRcqkbEt244trh7vPZmQeT3IrxZ1tjmeRFuErRYrim7bETPZsdPVjwK0q6pM4Vtvm2eV+GYQMveFtENI4u5Jku/azgr3A1UcYZUOCbOckS/asBVBlZhJV4FFlLiJkGbnWzK7pVAVlx5EnGf/Z10rQl3yFRD8hwTadnn6k11GzhDih0RZwsrRnp3PLDWC/Wm3Lsas2Tw3DtLDo2WoyJdsQcK232zzq4qeAGRoezBdxNihU1+FWJwkTAixLIXVkCsMqAKq/IqoOCqCURAodmuNwTlNdsmuIwKEUpoLrzKUHbIzIJz0PGg3D/xO1Bmq9zE2/pBzLw04FkFJHyTPVzTiD48jpwvhoQolRFlDqPzM4gey9wKwsQRrz5G8pWMyq6ohowoNLNoSBtpm5CrBAPadHMcieb40G3wKsvqbcuUG+N+u+dSa2wEu9PL6i9zc0ei3T4zkf0UpSyOWHapfC9p0Z4TcfQDj8KsHhIWi9pKflTFJ84Z8b6FzwvVZNMJTgDMqbuq8B7ckslwsIy2XUNKfTqjfRGg+zHjd4YsQJvdDJ419FSP50fwtOwKnoBABvE0GsET2o+zx/MCPHXNuSqg0E7zPaCXAGpWLW6bgJJ3lBa48Uuzy7t/i3nKzy/xlu7apW1pADZ6/mzGKMBGkWc71tyF4hPNi3pwqyy0PeWd0x+paIFp37LlwSJ35PsxS5Kec21xrrpSvNVFY9S5qnmb8Jhl/UVPu9ZpJ8Ve250uXdwc4F3DHJumbso+xKueLjUWtrUbRwA+xoWluJ7EGROhu0QFr0SpyF317LmYPdUZ2eDkL7yv9Zw2Ni10cn8w7/n+975na03EG+ctFdqW5cQ+t3EkKtemLPJ7rrXHter36lrdCZeoNdh0E1E9OiwD2urwPrHrh2R7QOsBekU4qdOP7jfePtuLvmXLe/afG97mHX3UmY7/Aw== -------------------------------------------------------------------------------- /manuscript/images/NetstatBeforeEximDisabled.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/NetstatBeforeEximDisabled.png -------------------------------------------------------------------------------- /manuscript/images/NetstatBeforeEximDisabled.xml: -------------------------------------------------------------------------------- 1 | 7Z1rk5s2FIZ/jWfazGwGJMDwcXezTjOTdNpuZ/qZNbJNg5EL7CX99ZVs8Bp0HDs1B0teNZ1ZW+JmnlfnIgkxorfLl49FvFp84QnLRsRJXkb0w4gQSn1H/JEl3zYlbhj5m5J5kSZ12WvBffovqwvrHeePacLK1oYV51mVrtqFU57nbFq1yuKi4M/tzWY8a591Fc+ZUnA/jTO19K80qRabUuI5zmvFLyydL5pTNxUP8fTrvOCPeX2+EaGz9X+b6mXcHKvevlzECX/eKaJ3I3pbcF5tPi1fblkmb25z2zb7TfbUbq+7YHl11A6Rt9nlKc4eWXPNQSZ2vknSJ3mF1bf6rgT/PMrLuqnYS3UVZ+k8H9FrsUXGZtVrrfg0r/+uj1Ku4hw8zIzn1VW5Ri+P4jurF/FnvaeTpTm7WtQ3WNa674l6imq6as4ifuHmRO2Ti+L1r2hKSetKyPMirdj9Kp7K789Cy2KjRbXMxDdXfFxzZPJOycvaopJf5llclvXnKV+m02ajquBf2S3PeLE+BfVi4o4ftjWNmuThZ2mW7Wx5F93RyfrYRZykgl9Tl/Oc1fdrZ/Mg8vxoXJfXLciXu9dkPqyxND96VxG1SJ5YIUjuFNUK+cj4klXFN7FJXUvqxlu3ZjKuxfu80zTcepvFbqtoVB7XzXG+PfSrJMWHWpWwQgV7RaFr8DqznAQTOrk+mqUfURpG52Dp+kOypM3Zd1g6epPUt1V6gXO4WVIHDWWw13HI3368ye9adWfHeG+OZIL17qHFu8EgOgGbPJ5OqGq+26FB22NjaWdPmKCzpPQ1PcRzj4gIIjRJESTT0w4oL9b4nC90pNGg4Qal1vZcmqK67gyUFKI7258vayCpTfFDYUV2qoM7QmQET2RqmmRjax1j665OwNgaUSdjPGO03u0H4qOLsEg6h9wtofkuFEgFaEILFaHZfpueAhgQJWIAE+kcwFhJ9eGGQEmhuSHP2Z9mnZyPB0ZGLBpLJWgpZQz2/3toStmfPb1RpWg8UtRWSkCHVcr+FKifEeXgoMOynqn/YAe0N2jBjueog1Sax6362oMuStAgIKJEzHVt3KpH3ApaB8S4Vc1qN3GEzjR17jRtwQzBQUGsLgrPsXntxSmq63JASeG5nCaL1lNSZvWs6iuy7mQG2G5hTWbw3EPzY2yiY0J03FURnC7jqYjsVdEb7VjROOptz4mJBp0T47lqZ63mKbG+JLvxCYgSMT7Rei6KlVQffgS2Dmh+hGAN5bwTleVjXqymRnoTfaegBFHbBkFTULaZDIJgVBuU8WmcLXgp489yWa1MS1X0NQ5d1tC8a0zW6pjMLmsSusQ01vqmpV3W0BRETNbAyMn79T9J2jEOtDmNGpq8gQlaHVexBnwo1tCAByZrdcCjn+hO1q3/f9sh3kCqgfqWMFUDjKw0vD3HcUwzD+b4fKgrGhF0IysI9Nrl60zVHKMPpfSIVD2VqkzG35nWbPUF7G6Xf/leXhbgEd4/hHSaW//86f7Pu1/fqjdH6rBx/WMeyI/w1EIUtbxmdsZZBX2duWIVwAwe0SoAAz3mcjbI+oMJPCJnYBSoidreWag9QQUzdUSowPR3Q6Dqm0crUMFEGhEqsGTSZUI9Z0sFk2ZEqMC8dEOgGmR+wZwZEara5UWonKk3YS/p0rNY/yfW0D+cKPsEbY54c/beE2XXi0Jx9mI1fUjzxCbMuKqBEmafoM2Y89XuFeLKx+gnS56nlWmZlMauvAsaypgxQas9I8SV6dWkLBeJaZwNcgNQxozJWe0ZaXt3CxoJNJRFY/p7tWuk66l1BqtxJt0FC2XSmGDV7hFBVhx5kvOE/V2a1oQN8slQeo1JWu0zsT55CM5Qxo3IOVC7UdqjjxbxyYi7A4/gss14A48B1uyz1nQGm3Tj9MCBzxXg9cAFag+cmfZAY9fetQfgKrd49qCxPsYjNsjkgysDIiJWu84axBZoL0DBJXMQgapdZCYA1TiT7gIFFw5ABAo98HlBKM/ZNsGVRBBRQo+D64zSIDMLPoaNhpJG0OqXHZRyoZeRfEtjwaZVyuUNKPmjvLi+id7cXkcfPIWopxJlEaOzA0R385YOYRIRj9yhECX08IvvoDn4UdBH0yRqHGR5nthf5XWAekcCHfcAlITQ2+/OBtS7Fib3RgFKTQJK6LhtcgdtoSSEOqcs0FOAnhGnNz4ep0V3aCVP121W426ta+RD4U8v8PYv5XlaR/G1aLZPTFR/yitW5Eweqn6FuGjOpfj2E88zeSNKVojbVf6sS69yLYnvh9T1RkfKaY8oAOns10l7ifgrcPmrZi5l/wlPeETu+uaiqpOAbgfWz2K0wyMSWMvzR3gGYYcn0LkE8gx74Wmz2J55uk50VqBaZT0XAdTvWtwhgZLvRFrgYtP9Lin5W8ErfnhZSeWsJi2FDcT90+ThgVFAjaIujIJZDI3w9xHVd97FDARreK9ijiDTMZjSPssVrUTtdZIUrCyt5obSnLKK3ZBLn9DorOZtwgsm/YWV3eCyU9deGHTyUnNyQHc9a+y+iiv2Q7qycjlmJtSgA7fO/vV7+o64Pok9JiLuEjd4KbbK46VVz8nqUR5bG/JpJgqt2jack/uDTZ+ufreebbAg3jtsqdDemEbCQy+rQdXaPcsTq7XhtNZ9vQXmCx/lM3lc0t7WfRR3ffGFJ0xu8R8= -------------------------------------------------------------------------------- /manuscript/images/NetworkSysloging.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/NetworkSysloging.png -------------------------------------------------------------------------------- /manuscript/images/NetworkSysloging.xml: -------------------------------------------------------------------------------- 1 | 7Vpbr5s4EP41kU4fThVwQsJjLqcXaXd1pNPVPhvigFXHpsa57a/fGTAJtzRJlzStlLyAB9uM5/u+YQzpkdlq91HTJP5TLZjouf3FrkfmPdclZDiAA1r2ucUZ+cPcEmm+sLaj4Y3/y6yxb61rvmBppaNRShieVI2hkpKFpmKjWqtttdtSiepdExqxhuEtpKJp/YcvTFx41z/aPzEexaZ2IaDh10irtbS367lkmf3yyytaTGX7pzFdqG3JRF56ZKaVMvnZajdjAmNbRC0f9+HE1YPbmklzyQDXGedDNlSsWeFz5pnZF8HYxtywt4SG2N4C4j0yjc1KQMuB02y5DCfsQ+uwImxEgqapPQ/ViodFJ6PVVzZTQmmwSCXZwViEG2deciFqnSJNFxwWVzMvlTSWRY4H7WYcbGg2TBu2K5lsXD4ytWJG76GLvVpAtC9IbdvbIx9c4lljXCGD5aHlYHSY+ggEnFgs2nEh7qAFF08Yu9aM+nkEwPxtjXyBRZMBBa0FZVMJyMKIEzynWbQm0MHrJ7vyCC/C48vOMC0pOvW2T4WK4GQSRZpF1MB9rS+wjtydfFDNxbO3HtZufemiirv1O/KDXOQH8xlZ9pt+PL3s8mleacL0F025eHfSsZq2juJBwp9RWkVbVbmQ76gtEZTLZ4COyRYFwcLGvrekfk1wYA8XQcBIQ69HSH6G8By3KbyR26I71+9EeMM7C++zbAoPIi/gMYe661N4tsAlBrRBGdIVkkQGaVLi/a8hhw/AuL8mb6CF2WWOdRbZ+gKuzBc3RjiDMcd2kiSCUwl6/91idGMSmXidwhjNVmrDJWpAMrbISjmMXunpdMFD6ZFzz+Xc8eC+Sdc7mXTThMpWulk6IdV0FDyNBhl1Z8g8cjh1XPIOGxkBr02/c7bhIUMampgi55UUGLN0nSRKZyIoErTaYDLu/z1/RaZSwzcMux74mK+iKqRAXyPxU0L5v7K0OftGoi9qyfxqsoTHVprnOtgLSQwmiBECnua2dMtNGGchzx9zk9f0dCn1UPsPqt3xvLvKnbjnN52ARIKnmn1bc43vAqYLOIaGK5nt+zQ62uk+FKM+gahPG9iPexdtRmGC6WzizwdV2LL8g+1Sv4k7Hs8QeCp4hAsKGSaejrK5U4XXHQ4b8JI2dDsBlzzAvSW4jkfuiW7b9ugEugJ2LTxRSQ3dFDL+A90T6I5qhZjrNTPz+FYvnUhbGfYAtzvpDr17ojs6U2Tf4x3ek3NBfVd1r0ZIiL2pEY6BdzTIOmTVmeLSZJEbTnvDOYK7Niq1NVUJa8GWOBUCykMqJtZsMpaDEyHsRL9gY/58DZU6YA6ppQXiX8SbQSe8aftEcHfeuA/eXJJxnNEdieP/isQhD+JcQhx/fD/iFJN8rw4pYvYHDZh4heDaAiRQxqjVyaCW9/qVUsLNa5OstlntIvyu/T7/kuzmRyx0MBb997gLz751DxAEqUwYW+B/oNSpvRDw/MHQH7XUMM0PndeVL1oZakP07IxxqEJ+mX2xji5IM6i/Rhw165v2b6a+0wVvnAdvfkfeeM5PpA00j/+vyK6V/sRCXv4D -------------------------------------------------------------------------------- /manuscript/images/OWASPTop10OverTime.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/OWASPTop10OverTime.png -------------------------------------------------------------------------------- /manuscript/images/OWASPTop10OverTime.xml: -------------------------------------------------------------------------------- 1 | 7Z1dc+I4FoZ/TapmL7rKkgzYlwlJZlI7qelqtnf31hhBPG0sRjb52F+/srEdPkRwg84J7J7cBGRjg89j+dWrI+lKDOevv+po8fSoJjK94t7k9UrcXnEuPCbMv7LkrSkRvVXJTCeTVRl7Lxgl/5F1oVeXLpOJzDd2LJRKi2SxWRirLJNxsVEWaa1eNnebqnTzrItoJncKRnGU7pb+K5kUT6tS7g+C9w2/yWT2VJ9a9LzBass4in/MtFpm9QmvuJhWf6vN86g5WP1L86dool7WisTdlRhqpYrVq/nrUKbl1W2u2+pz93u2tl9cy6zo8gHRROY5Spey+c791Hz4ZqrMMcqLnCpdben/tSy/183aj3ov8vLirb5+TWF5gC95Fd1rs0PPW7yuf6I/K/9fl0FfndB8zdU5V1vqK9Qelr88JYUcLaK4fP9i2DM7PRXz1Lxj5mV12WX5wzzzrr2y5ZtZGuV5/TpW8yRudiq0+iGH7S8UfsTZYNxuaaJfHn6apOn6ntdmz5vy2DqaJOZyN9sylcn6x9dks377a56lLuTr3mCxFgFzc0k1l4V+M7vUH+BiUGNT31g8bO6Yl3VM67KnNUJZA1xU3xqz9ujvdJgXNSD7YGGHYDkWgsFFMjCY9MZR8DEDa7vzkPv8DouNQYjLhg/FRniRbPRCIYKwMxsylGLqYbHR6+GyIaDYCC6SjX7o98JBZzZu2dC/41hs+AKXDQ+Kjf5FshGyAR93Z8O/Fqx/g8UGw32m8BCKjd5FshHxIIhFZzbaagaFDW+Ay0YAxYZ/kWyM4yic+OfJRg+3mcIHUGiIi0RjwmJf8vNEgwW4coP3odjgF8lG2+7oxkbbqkFhY4Bcbxz0wo72uC6Sjfvq72M2wBnooUpOFnBi4HQGdgJuwWI/A0x8MgMH7QryxB164m5h4X3UdggLoHzP75k5ZDKJChM+7n2NdGS+nNR5VzLeQ19G6gAnG2Rsxll8wMoijZLsy0xLmVmibogIwv40CndJiSfjsRQf0gYBy3a9sksKa6kAQAVKX9wsp1OpzeY/zLWYpmX/J0HiCBJuqU5AIYFqoNzKLInKUynzjPJGUj8nJs7EiSNOhEWjgHICZXLclNcwM5uv41iaQHFvaD6mVUqsuGLF5oeBsgLllT5kuYyX2lQj3vdcNnXLUL8tCjUrk4PeCBpX0Ayw1QpU58tDNlV6HhWJKmuZ32X0o0zHMt82K4Xuw3yh1aJSM3daq/L/b2ZLmmQzYskVS32L6QrJUvNshKyARoXSFUgEiRtIAmTlG0Jll61BYqTMNJktdVP7PEaZYWYuK1CIGyfchMhKOISybL/JuSpKaq4n8yRLzDVtsLlPI2pjOzRiGLIgDqES0h6jNIkTtSybTfdJWsJz92oqnxU3xIsjXji2fgFLbqWMAue9RbgZBSwE6zWmRCTnbISoic8sBMs2oQRG5x2HuAmMLATLUqPEZ+ds4CY+sxAsuZUGWjlnQ6BmqbEQLCmeBtM4ZwN3MA33wAbT0CA852zgDsLjHtjgXX6RbLjNfHbcTsHNfOYelIW6Yb3P58ssiSsPlcxTd2aYwO0Y5h6UeWpgWU6nSZxU3THeP3SU5Quly9e/R29Vl/BXrQoZk5vqFCAft6OPe1Bu6kP2J8HhOkcWtzfPhBYIjqFWef5llFQ9eqNYJ4uiyinxfvn3aPQ3IsYZMTb/HZQYKJN1VEqXpCh/6mOSx5upA4SLG1ystisoLlC+65rWvU10OS8Z9/4Y/7l68U1OpblosSTl666msfXmgKIDZcuOZJYnRfJcsRMV0VWZNrBQeUUT4eKoprGZ+KC4QDm15mmUr7TL/TKL20Ta52oeRkrbBwPI5vRDAtScDlYLf5N/LWVeHu1e6ZmsLsAvw9G3exLF7tCxdQSAogPl9n6va56hmi9UZi5QXv0o85u49/dMvZRV0T+XaSZ1NE5S81AjxeMQI1ufAShGUMbw5ujmb3JSKeaSpdUwEFMVvUR6Quy4Y8c2MB6UHSif+H2E4rJ4Mten7lNo2RkZ/UPp/WCtLlvfFChHYEl0NCVLRwRYv7cFAW6SrTkfMfDZDAThFgO40/KY5jsUA/wiGTijBAbGPnXGx/YRRWicHxo++1w0KO3pbNHYURXITxQO1bolNtyrDWTFycHWLKAhf67VBna6JKfhoGfLxrbcQGcDbDgoseFcb9jGkUOyAeZkERvO9QZ2vQE2HJSGkTvXG9halNY6OVs2dvQGNhtgriix4Vxv4E4/weHWViM2nOsNbDbAfFGamsS13rDNQQ6JBpgtSmi4lhvYaIC5ooSGa7WBPfkE3ArQxIZrtYHOBpgrSpNdOXc3kHthBZgrSmw4dzew2aBJ8s6WjW29YVtUABINMFOU0HAuN3Dn1jQXA4oNmj/RtdxArjaaIxMa54fGttrARgPMEiU0nHelIHfP+2CeKLHhWm3YFi6CRAPME6UJeV2LDdsiepBogFmihIZrsYFda4A5ooSGa7GBjQaYIUpoOHc2cGf/5z6YIUozvDvvSLEtawfJBpgjSmy4Vhu25eIh0QAzRAkN59aGbUJ3QDaasxEb58fGTpaoba52SDYOWqJxeyXewy+m1d960fHzs3gXCZF/bfa8+RgiaP1hW4gZkpWDFimxcjasbOsRbFYOeqbEytmwspNYitzm7R10UQmWs4FlxyCxTTsJCMtgf0tn/B41F/KWe97+Yddt8fgMURG7qLRTS344HSWCaMHt8g/2t33c07J/0BzRcqyNgkvL/taQe1r25wUQLUcKF2Ra9reHnNPC6El0Ki07i3Ai07K/ReSelv1ylmg5Uuci02LrIt6KU5pUIn81s345H7q4zdWy/HLOw9W0Mw6Gq8sMg+uR2pdG5uJ+F/3eRgSZbW0FSwR533cSQltPrj2EFC7roPigtxsv33rPOYmXrXeVbrmfi+Gxt1wQuAhheNCh/h+eRd6CxmfMIr872hT1wRmCJesSAscPKsVFwGYnU0X+cyH0PrcityXPUgh/zhzxPzeE1II5vQ0abIXQtyhiewh7LkLYvQVDIdxnOvHPvQu7N2ooXLZGaB+1DRraOjcpXJ3DJVAtA+HZehcpXJ3D1fNww2Xr3qNwdQ5Xn+OGy+bmULg6h2tgU4uA4bI5LxSuzuEKUKWG8Lq7JBQuW/I1stTo7ohQuGw2NMPVGoyk4Wnx4rhig5E2PC1eAldtMBKHp8XLx5UbjNThid2ouHqDkTw8cclKZL1B+vDEJb+Q9Ub37jGKly1eIbLeoGy+0zpSPGS9QR1fp8WLIesN6vk6LV4CV29w8jdOi5ePqzc4+RunxauHqzea8FC8jk3cwNUbHHN4Fw0dtcFhQeiDwUGfOSxdcEpRPjmC/WNTlJ0M7xJgi2g+ZPlyOk3i8vKana6LIop/mBdftSpqEjoORHhnoyTlwH2/gc4uCPtgWqRRkn2ZaSmzQ3fxnjt/f+0Bcd9vjzGzTIvE2nvc/Y0PthbadxNpvVghYkJuuPn6kBMozkAJLVMigYLyf+c3nRQuyzQz1vZVs06lc/1nXa2M4tVdr4eQ/oV5q1VZX7bbfjX12tOjmshyj/8C -------------------------------------------------------------------------------- /manuscript/images/PartitioningDisk.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/PartitioningDisk.png -------------------------------------------------------------------------------- /manuscript/images/PersistentPowerShell.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/PersistentPowerShell.png -------------------------------------------------------------------------------- /manuscript/images/PersistentPowerShell.xml: -------------------------------------------------------------------------------- 1 | 7V1bk6O6Ef41rkoe7OJu8zjjmc2m6mxlar1bJ3nUgGyoxYgIeS759ZG4I4TBWJpkx+zDDhbQCPrrr9Ut1CzM7fHtbxgkwTfkw2hhaP7bwnxYGIZprHX6h7W85y36erPOWw449Iu2umEX/gcWjVrRegp9mLYOJAhFJEzajR6KY+iRVhvAGL22D9ujqH3VBBxgp2Hngajb+mfokyBv3RhO3f4VhoegvLLuuPmeZ+D9OmB0iovrLQxzn/3Ldx9BKau40TQAPnptNJmPC3OLESL51vFtCyP2cMvHlp/3pWdv1W8MYzLqBDs/4wVEJ1h22Ynoufd7REXQHpL34qk4/z6hcscyzXR2Rw+wtOSt3km3DuzvDpJTQvdGYUpgHMYHuv0NEpAmEQqZXAwBhQfTK9MjIF6QNb5AnMLswWQdzbtC+5/3JpddPLqqY0ZAjhHd0uk+ej4JqSLvovAQ07ZnRAg60h0w9u8YMlhbhLxftCklGP2qFGxXLVsUIZxJNq07Ct774qZF7RF4htF9pfXykBjFML9oAW49Fw8waTZQLeH3f9JfWvnjX+zHyjDNsuEJ4vAICcTFUawju+LWC3VDv4PmWv+l+QB8gEWTta6QRk0YIioeM1W8NqBe4BPDCJDwpS0eFNZ1qE6tpD2hMENNQQVL2ywElUxgWFpbSIpO2IPFeU2kcqJ00x0Sld9jRxTdaNxm3ZSZQo9ZrBWZxfdTnNKdf3kJ8Sn9K6NI5K284LgwtkwBQZiZAaWEOELAZ4cCSiW0Y/ELBSb7/Rh7lG99Cos0My2y83CYkFWS6orNZQjMH2FOhbnobXPRXEuhudjmaHO5xDJsDs4bXshYy1g7nCTXGGcYVMHgvXFYwg5I+/usW7wJln3uNVpb7+lbbZt5L8TnW1r79CV/Z2i/T+G11l4qXbq1b6mTI/BmvZiuuyrN0vgoL8YbGFP3RCemrYdEyXNihqqx3VeUkkw/78xJrcgb+fSe52NHXRe4EdPiCFbnKXL6AKsj6mI/0nuxpamCxzeKAP+NMVeCM/4qgpVsLAa6IctqtWLYoG3siQT02a8+Pf//XiGJyQ1JqCORZTFdUfLYXBW2H4/PMAs0kiqi+AIpwGmk8pQT/Kcn92r8sqShhMFF4irjcEeFR+AGK9Xg5eKwwhwQJM8b2CqcgcBeOMCmAUjY5ukY/RHuYRRmaKBKo9gNE5Bpju57jElI3tmeBgSi4oQGLO5p+E7gLgEeE/qKQULbGkbhUcQAegqufkcRSNLwOesPwxSG3oka4Qv8DnOzzVp5YyKICU7pdcL48IP9eDCdfpDXKUjzHp0I6/S2Spsy+cWlDE0TWts+jKKGrEf30fyiTbLCAwZ+CFv77rd37oMlNid237Ck2h6D6hpPZQaW0YJvaUkN46LBaN4WNHO5nbRS0+ZagDyDPtMdhl8DGoWN0Gb7fmE/cFhDmATogGIQNdF2ntP6tTNew0P66tP9ZXrsCeNKFmqTUJUQaKixTKQ0tbjRZChxppCbphCdA5+QQgTgk0MhJX/NFDKox54E7XUUYvJj+SlKdGYKuWUKMTeDDGJoQgYxZTDICAc2M0htp/0MYre0WEX5g4OQ63U4Yhw5E8jnJRDHnjYE6WaiJhHICPc1E0htp2OHII41jkAMGVFMme6cKeQ2KUQ3tWmDEEkcInqVZuYQoR61s4rkRiFVPnaARPS1DDXq1swiN80itjM1lJGSDJnzqaP1aF3CIhuBHlXFMvqcDblpDunMyeiiXFzPrIyUhH7/i35UdXE9sy1jYv1HPtNraD9T9tpIzxx61dzuAGcV9JmTNnAxQyOoYdplPHAiqIAROwEUSI3gnowD8FIyL53PsSzXLWgYAmRUqyZaaVoJuLBHDG5m7zJGi+XKnzLXbtmjvMvavl6Jxhzn3rR3cfnXF0XOpWeIKsO5lHCb8Xeb+OtESB8NQHsEAc5erGGrozMtI+d7DP4NuUk0MgdJN00jS0s3W+gTTvmYAvTJSdeKQqSZRIQkMjAU5mJdbeR7J64MVzBrUY0WheaobOpOOPuvKl/xFZ1wxO585wXQP0XQp9s/QPprwXilPPpn4oNsGUx9uobzRc1Pu0+X5bh4Udh1k/2b9rhDdwSUUU37yE6CmKLhoyqwJRhRs4dnV63/rqCRH1hwrw8IcSEMLKTgQhTXqsLFHSHU2hasUooXsGHtDI4BcBj84mTRxJzoFSEp2BC9YagKG/84keX267cZEoN8sRmGhL5RBQlRLl3KQsXrC590df9ROnHKV+lKlay7iXF1KlFVCKDShXfek//fqIF/FUqkBsO1u2qQsiZMlNlR5kh9f9lQz0yaly72EZFmtXRcuoX215uSD40nGNP+ARKimEV4MCXz/PQwPtbr9TA+LFX46F/9ryA2G1HXZYZFAQs+WyscfquiDXte4CNHjdUMT1XYzO2qUbhIUJegRv0jo6gnkLJk3c/vf9D/0X4xUFGQ3Vj2JEGOiOsI4bctcdNX4sw2qr0qCoT0rCpRUaiTtwBNM9pCRlfFcfianxqfC5dXFccWJadmBpyQNNCcdvLZGDtfJWWdtLDWggy6+xOHWQVGcGQDhfg5Tdp0JWKx667IZsthVvHmoovmvDn1ohmR91Zw4oLzz0nRMkpKnl+AY2nuipuhMQWvhlxes2nNx5761KJNusOngzuiJBaYVJXqE8xAFnOMY+aNPgug6zFHpyqZM7ayKj3oLSRZyeSVZhU/cxmbTbmbFzHeeHJYtl3xGIO6ylp0nVsUTYXoU83F7IgaZy5dG26fJqWGmaoq5GXNv7aDGus+PmcRQBnDdTWFwnvWjl+KdatvEbqCen6OAmNQ5WyKgHga+vNmP3yRO4a8NOhudWC2yNoijbMDOupYNbed1q3M7QNi7MmFZ5ebAUESTFmq7er9C++ufWmNlSJv+7Fb/kKGDJtRUaecj3Amf+zC5ao3mxtXmRdT4MSUDekeOp+M+Xv1yZjWhE7zOzOZm/HD1DulaRZsUUBlJc5JcGnO5Lr0Rd3yhF4h3uUff9KqAtSax76kkU9Y+pCAMEpbQsSZDVXO+RlRH5A9SLqBX1mGKS0fmkapIso/d9W6lTCmbJBNxFNDIkF1eOeLV0wsvY3XuCwwTwL2qaxKrUUgHJL+uvIqhwX/+7C4N8BtR7eOKze61bpMaZ9PqdLRheNYbUetbHChO/xLX+bUQKFbId8amcC/+INCaz6SN4tsVW/A3vkWS9m3gQ8KXcPi9Gf9Rb788Pq7h+bjfwE= -------------------------------------------------------------------------------- /manuscript/images/RelevantAuthStandards.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/RelevantAuthStandards.png -------------------------------------------------------------------------------- /manuscript/images/RelevantAuthStandards.xml: -------------------------------------------------------------------------------- 1 | 7VhNc9owEP01zKSHztiSbfCREEh76GSmHHoWtrA1ERaVTYD++qzslT8CSejUkHQGDiC9Xa/kfW/lxQM6We3uNVunP1TM5YA48W5A7waEUOp78GOQfYW4w9CvkESLGLEGmIs/HEEH0Y2Ied5xLJSShVh3wUhlGY+KDsa0Vtuu21LJ7qprltgVG2AeMXmI/hJxkVYo8RzcnzF84yJJ7dLWsGDRY6LVJsP1BoQuy09lXjEbC/3zlMVq24LoFBKrlYLAZrTaTbg0ybVpq66bvWKt9615hlt754IQqXpicoM3PyCBhItvlwpiwBaLPaYl+L0x+yoNX/OStDE4+M561xhhlJjfhzXPvsNFzgQ5Is7NYiMgMnFUBl8P4w0kgzjki10QtlmtWUXADNXLk20qCj5fs8jMtyA9cEqLlYSZC8My7dzcmAOzOrNmkkiWG0mYcaRWIrJOhVaPfKKk0uUS1GMg1kVtseSb8EshZctzGk7prIytWSwg3daWqQz2Vyap5R6Enh8OEUfBu0F9l23GkMQnrguOJVVCyOA9Vyte6D24oJVgcWG1eRTFtW2k67pDdErbsrUyZFgvSR270QwMUDbHJUQcu+FzSeg/VMcsmNHZ+GR1+CGlo/Ai6qD2jL2MOqhdvqOOa2GfRB0wgBR8TGlTEpyrtO3hf63uniVy4fp2R1jOvUvkJ5f8iZUR5gXLYqbj/LOoBXl+Wyjo9IZGznvSDw+FACIPz9UGDDHyESEsGqL6UIY5OyBLImKFKFvJG/i3APNi/3orWcOtvXyaI4YeHjFRvFhwg7+UD9hGYbBkl+kW3PCyveTo9V7yDCJSWuSooats+n0MXVw4xzqVF0xJUZ68sdDwf9SwTu9yZfqQ/gkbA2G3pxDGQ06X73Sbba5etBYkJB6BjPRS+tQ+Md5qJRBqMwjvRfpgcHRl8F8Z/ED+qD0ATuDvytXBg9b3cN7p1vwjbFkG/4IsmDavFEtb68UtnT4D -------------------------------------------------------------------------------- /manuscript/images/RemoveRpcBind.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/RemoveRpcBind.png -------------------------------------------------------------------------------- /manuscript/images/RemoveRpcBind.xml: -------------------------------------------------------------------------------- 1 | 7ZpNc5swEIZ/jY+ZERJgODqOnfbQaafOtGcBMmYiIwpy7PTXVxjxZeMJmQjFSfHFaFdIQu/DagVM0Hx7uE9xsvnGAkInEASHCbqbQIiQBcRfbnkuLMbUtQpLmEaBtNWGVfSXSKM8MdxFAclaFTljlEdJ2+izOCY+b9lwmrJ9u9qa0XavCQ7JmWHlY3pu/R0FfFNYoQlA7fhConAju3ak3cP+Y5iyXSy7m0C0Pv4K9xaXTcn62QYHbN8wocUEzVPGeHG0PcwJzee2nLXivOUFbzXslMS81wmuWZzyhOmOlGO2qTj5ds1EG2KI/FnOiv1nx0rHTXbUbCYqWCA51E5xFOb/hiEGs+R+UjYnSkWLhV9ef9U43G8iTlYJ9vPyXnAlKm34loqSIQ6Pk0ryYQNRquYtL4QUZ5k89tk28stKPGWPZM4oS49dIBMLEr3KUyqbN7+OKG3UXLgLtDy2neIgEpNZ+mIWEzkFjeq2a1ruVNolzYZdXWVTDynRE0k5OTRMUp97wraEp8+iivRCeefIWwlOJTr7msupI+tsGkgaJWNY3gth1XQNhDiQTHTzAYExEB8QfWA8lvYSLWe98bBchBxXCx6GpRMPVPbegUeW4LhWUwUyaeJ7kYisl4ipzO2urxmkK4ozhuWCd4w0CNoDRRpOaEz4GGcU46E50qDLC5H6SMMSEo9hZhCOHKNPlAGDYQSHymcA/H8SGo35LnL1hhmkMczgJKGEY/r4mWLNFaF0tmbphuny5rrQsy844DgfgEYxuSmHmXvtPqvXiI6CZaqbnOGWqcv7qreFHDHjnKTk8ibqE/ExZDrsALdHNmwMxsdQmyUT5I84P2weozbRPcOhA5q+eYxl6F16phrzGBFRsIcz8pnSmCsi6SyN0c2So5Glces9GEenOU03RkPlNNDpwuhEujzDFRcbRCnxecRiYc3YLh+ccgVnQsHbMwXRuYLEJWj9goJNpU4UhS404UJN1gFffgRndOhnOkr068o5Rv1epR+avqOCCLnXpODtfObemToVxDQK8wuiZF0vHG8LqeDk9Rvqp6cFVOhpglFPtXoalnMiKOwpqKEixE67btAi6fHUplk/vv98eDnN8q4wx+rgyQ88j6AOnoTPce011vPuvePeH/DLDOfyCzHFrKwWP399nS9GXJQ/jta7jetaLYYB5mH2MOKi/BG01ifQoH9uMWb2IhzbLa3scmloiAWrz2Jbar1eLFGsvxA9+hqf4aLFPw== -------------------------------------------------------------------------------- /manuscript/images/RussMcRee.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/RussMcRee.png -------------------------------------------------------------------------------- /manuscript/images/SecuringSessions.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/SecuringSessions.png -------------------------------------------------------------------------------- /manuscript/images/SecuringSessions.xml: -------------------------------------------------------------------------------- 1 | 7Zrfk6I4EMf/Gh+3ChNAeZxf7j7c7ctc1T1HiJpaIFxAnbm/fjvQUdC4OiXg/MAHhe6YhHw/dDqBEX1IXr4rlq3+lhGPR8SJXkb0cUQIpZ4LP9ryWlnGk8CrLEslIrTtDc/if45GB61rEfG8UbCQMi5E1jSGMk15WDRsTCm5bRZbyLjZasaWpsW94Tlk8bH1XxEVq8pKXAf7px0/uFiuTNPGMWfhr6WS6xTbGxG6KD+VO2GmLiyfr1gktzUTfYKBVVJCxfooeXngsR5cM2zV/2YnvLt+K55i1878IUCpNixe48WPiB/Dn+8XEuqALhavOCz+f2vdr9LxLS9Fu4MCnpO97J1wtNS/IGBaiOLV1AZ9qCqs3Hj5u7rJdiUK/pyxUJ9vgSsotCqSGM7GcFiOKde9duBsN2z6ZBmzXOutj0OZiNAUKpT8xR9kLFXZBHUZkDjfeYyyuvqFiONayafgic7KuhWLBFyI8aUyhf6VI1Ar7geuF0zQjjSP/d1V1uVAhTZcFRzvl9KE8nznMuGFglFz0EvwzsFbiUyQnO2ey8kUy6zqSBrEGN4Ly13Vex7gAJGw40Ec09+28WCZ+JBkzPwZnd1dTIYXUDoNeiFj7PVJBjWtW8jIM5ZeToYWBL5jkfJvppva61u5SXgNm6qhIaC8CZuxF6D+NwkplPgdhZQGGkNEaQONnmMKPT3bNG/1NnCJJeR7Bc81JnZqvnycOSLHwtdJmKYmmf9jmEFbByxB2W7CjAiVzLnaiJDDCHz+iNMlJIQ2GKEm/vQUb7D1XuLNH6anDxho3hFDR7NW3xSdXkK/o1mrMs/VgNdb5zEnuICu7uax0+usrkn6Ollzq4DYk2astgNAJj0kOrsqv/A23nWJDk4SyIhnkuOepqjpsFnzIbEZexC1bgkOtj6syD/DivxgorKz1FkmY33UdCCdDixwsZFQ8FhPyBSsuVzrzrWt4P3DXfDoHimoLQcK8oDTxRkF60odKEoC4hIYkXYUPL/nb0StC+gaVa8T0JaKDgK+MZ7j9vctFCRTWx5wMwXdOwii90cK0q4VvO6p2/kd8g71sz07GfR7k37U7EPfJIaaF0UuUHBQC9RqRkvfPHWuaQWLe1vK0sbtNjmd/c7bTX1/yEuy3lqj7ybltfATRvM51/ZDfsA3DfwF6+eFCGrLbnHHv/03ZcwGT/es/CMz8P3FN+Vbd48yYUKvhQZ2rnz0ffAoykYPxuoO1tm2aaH7DZojQg1Nzk/W2Lw5Qvj9rsHbhardRwcdRiQ43b82WvpqL+fSp98= -------------------------------------------------------------------------------- /manuscript/images/Spoof.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/Spoof.png -------------------------------------------------------------------------------- /manuscript/images/Spoof.xml: -------------------------------------------------------------------------------- 1 | 7Zpbb6M6EIB/TaTdh1YYEwKPaZrsPpxKK1U6+xg54BCrgDngXHp+/RmDIVycNuphk2aXSFHMjK8zn5kxZIRn0eFbSpLNE/dpODIN/zDCjyPTxNiy4UdKXgsJmjhuIQlS5ivZUfDM/qVKaCjplvk0a1QUnIeCJU2hx+OYeqIhI2nK981qax42R01IQDuCZ4+EXelP5otNOTvjKP9OWbARLcWKeC9ByrexGi7mMS00ESl7UVWzDfH5vibC8xGepZyLohQdZjSUZi0NVrRbnNBWM05pLM5pgC3VZEfCrVq2mpl4Le2wo6lgYJa/yIqGP3jGBOMxqFZcCB6N8ENZYRqyQCoET0C6EVEIFwiKmUj5S2VEU0o2JJHdR4dA0nNf+MssfkGfQ2Pc27IoibIMKMVceLIDWc7tS311VdlRXgQhyTJV9njEPFVeszCc8ZCn+bKw7VpjdyLrp8RnYLBSl/sLqvNYKChNQ13Xmk9Nx5lhkBO1ag+6oGk+NUGUie6QI5vyhHhMyCXZeU8hS74r03Q9VnoEjEoPNZHy4DfKIyrSV6iitJataFIbzcbqel+j1iqR29SQxeVuUTslqPo+MgMFhc0JhExLg5AdCmWyfIOWVrP/2Uq0YdXYInBHWNVFNeZKoezgLsudMIUKEyM51FvYgfwF7DxaDgnTLUYtdB2Yj9xI6+83TNBn8I7U7oHEFrd1rJoQ4zdAS0LC4rsgpTTW4AVrd1x7Tdwukp6/WlFcjVXTKGs1qER2P/yYTXwsp4uPhTT0mJbRBz72SXyyhMRaLBRQEok0WH2ZAIEwFRjLwLgqIhN/7cLSQvODyD3w1UngKnEx/YHDczlELroqiRZ+PxayKE8a6s4JZVh8qGJ+zVjr/ANVVKtHFgUwi5ABPAsPgsCSpADOIqE8gQHMxfOWieUTiZfIdA7wvU/ioBHrkNYnU/DJg5aMll+rCelZWEzdpmctTdxb5B9tFOu4WgPEG3chY9zwPtKEMVMXxcxxL97XhbHLe/8nj27E/z34HKHrunz8vstbqzcM257NTua876bKYUtRJY2dLLLGWMuLc3eOF8abJJxIaUvxI0vhwFTMIOapNPUZOXpMxZ6nL9n9NqPpck2j/KTUovPEflAT6IMZA7kNaMwuM7bdRQbZvSCjy1YGZM5D5krAYHP8HjBj65cBM7nB9Ha+O32eOpHeFmKf7dqiz7DKsXaVX35A2sx29OvH1grixnL/iAT/f+1E10CNjYgnmnDvaMJ9T1vRucGt+ERCmMHrn7AdpxBfht14sd2IqjbX2Y5lCj88er7So2e/ltJlfJundL0k6EbzMc64PFrXuCqfPNexmrh9UDW80Ph8VEn936PeHhUhY9wmzDyLMKeX+9ZwBPzQETDZQHdL1EH9AgdAw2weAF3NCzJDE+gmvfCiOwEOvHxiXtoB7MK86I4pQwT7DfIibDexMrpY/bq8yB2o+i2pwq2Xphelyh7OcJ+Pqr6zbdz6fxFy3QsSdsZr2YGwW7xv4fYZzj6PKqcPqs548ztQdev3Lediz6Hg8vin3VxX+1M0nv8H -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/PreventionAVERAGE.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/PreventionAVERAGE.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/PreventionDIFFICULT.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/PreventionDIFFICULT.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/PreventionEASY.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/PreventionEASY.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/PreventionVERYEASY.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/PreventionVERYEASY.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/average-common-average-moderate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/average-common-average-moderate.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/average-common-average-severe.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/average-common-average-severe.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/average-common-difficult-moderate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/average-common-difficult-moderate.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/average-common-difficult-severe.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/average-common-difficult-severe.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/average-common-easy-low.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/average-common-easy-low.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/average-common-easy-moderate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/average-common-easy-moderate.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/average-uncommon-average-moderate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/average-uncommon-average-moderate.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/average-uncommon-difficult-moderate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/average-uncommon-difficult-moderate.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/average-uncommon-easy-moderate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/average-uncommon-easy-moderate.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/average-uncommon-easy-severe.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/average-uncommon-easy-severe.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/average-uncommon-veryeasy-moderate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/average-uncommon-veryeasy-moderate.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/average-verywidespread-average-moderage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/average-verywidespread-average-moderage.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/average-verywidespread-easy-moderate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/average-verywidespread-easy-moderate.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/average-widespread-average-moderage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/average-widespread-average-moderage.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/average-widespread-average-severe.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/average-widespread-average-severe.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/average-widespread-difficult-moderate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/average-widespread-difficult-moderate.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/average-widespread-easy-moderate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/average-widespread-easy-moderate.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/average-widespread-veryeasy-moderate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/average-widespread-veryeasy-moderate.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/difficult-common-average-moderate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/difficult-common-average-moderate.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/difficult-common-average-severe.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/difficult-common-average-severe.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/difficult-common-veryeasy-moderate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/difficult-common-veryeasy-moderate.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/difficult-uncommon-average-moderate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/difficult-uncommon-average-moderate.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/difficult-uncommon-average-severe.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/difficult-uncommon-average-severe.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/difficult-uncommon-difficult-moderate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/difficult-uncommon-difficult-moderate.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/difficult-uncommon-difficult-severe.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/difficult-uncommon-difficult-severe.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/difficult-widespread-average-moderate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/difficult-widespread-average-moderate.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/easy-common-average-moderate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/easy-common-average-moderate.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/easy-common-average-severe.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/easy-common-average-severe.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/easy-common-difficult-low.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/easy-common-difficult-low.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/easy-common-difficult-moderate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/easy-common-difficult-moderate.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/easy-common-easy-moderate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/easy-common-easy-moderate.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/easy-common-easy-severe.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/easy-common-easy-severe.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/easy-common-veryeasy-moderate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/easy-common-veryeasy-moderate.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/easy-uncommon-average-moderate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/easy-uncommon-average-moderate.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/easy-verywidespread-average-severe.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/easy-verywidespread-average-severe.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/easy-verywidespread-difficult-moderate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/easy-verywidespread-difficult-moderate.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/easy-verywidespread-easy-low.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/easy-verywidespread-easy-low.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/easy-widespread-average-low.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/easy-widespread-average-low.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/easy-widespread-average-moderate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/easy-widespread-average-moderate.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/easy-widespread-average-severe.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/easy-widespread-average-severe.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/easy-widespread-difficult-low.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/easy-widespread-difficult-low.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/easy-widespread-easy-low.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/easy-widespread-easy-low.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/easy-widespread-easy-moderate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/easy-widespread-easy-moderate.png -------------------------------------------------------------------------------- /manuscript/images/ThreatTags/easy-widespread-easy-severe.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/ThreatTags/easy-widespread-easy-severe.png -------------------------------------------------------------------------------- /manuscript/images/WebCryptoAPIBrowserSupport.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/WebCryptoAPIBrowserSupport.png -------------------------------------------------------------------------------- /manuscript/images/WebCryptoAPIBrowserSupport.xml: -------------------------------------------------------------------------------- 1 | 7Z1db+o4EIZ/DZdIsZ3PS0ihlaruVs1KR3t1FCBAdALuhtCP8+vXgYSS2BZ0wY7NujcldkhC5mHe8Yxxeihcfdzn8evyCc+SrAet2UcP3fUgRMixyb+y5XPfArzA2bcs8nRWtX01ROnvpGq0qtZtOks2jR0LjLMifW02TvF6nUyLRluc5/i9udscZ82zvsaLhGqIpnFGt/5IZ8Vy3wpty/rqeEjSxbI6dVB3TOLpr0WOt+vqfD2I5ru/ffcqro9V7b9ZxjP8ftSERj0U5hgX+1erjzDJyptb37b9+8ac3sN158m6OOsNQWWqtzjbJvU1uxl583COyTHIJRaf1W1x/9niuqO/2RltQHZwrNePr07yalH+f4kG/ecoqg9GLmF/vH1v9ekPh4bvy7RIotd4Wm6/E6zITstilZEtQF7ubmlSXrRFtg53rdxYZPFmU72e4lU6rXcqcvwrCXGG890pkB0TECeHntqw5eHnaZYd7TkKRmi8O3Yez1JyK+u+NV4n1Q042t0NbCfwqvYKZuAePuWxNSoDvSV5kXwcNVXWuU/wKinyT7JL1QurL071TYJeBc77F5aeX+2zPCIS1ITF1VdhcTj0Fw7kRUUEmw5oAXF0RCUgj2EE+m/gp6MlJ2N3jMaDszlxAoT8QAonwJHJCarPzuBk8xqvz+fE2t0NK0vXSb++zLLXZVL0Bz7CZn8iHbBRyL0AJ7A6dDAIuoIczN8kfDAu5bpsSHYqiC8+ze+6aF6Mi7kEIx+c42EsYRRBgQHun4PR8//BzQiNcFEDDxTIdTLIOJkbgIjSKtkY8YfRSmC0b57kBqzvqpcVnMGVOPXiD6xMfNxxfNxGgx0eA0FoQC/gojG5rr8ZZAucp8VyddrrTBSkCNEUTWeTSYIYFJE+P3DnsZwsDWIBg0QB4/PHU1cG5gn/Jvc7NrhcHtWg08BAYeJjyQImXObEUlvjYK4ersj0MAh5gqKVUXgXDbSMVxRKxEC7gYYD5I6Q/BMjJDElgmacq8/YWiFugOMHnZLDD3SVGFsbjP6TNLEpEjaStvnBzMXa9KClNCmUZWlJk8sMW4Q5GNsUmm4BIkqnZGPErzSZCEdpctrSxAZHnDTxa1AXJu5GUT/860VLdVIocmll7Ty50yDsU6Ul41YU5YYqSsom59SsPBPX6IBRewINmyJx6iRqit5OnYahluqkUPDSUidf7gROm5/yNT5GH4iIVMFOMTLZYU3J8QE4Axxx6sRPDl9BnZ4GesqTQtFLPcO/wiOQOy/P4Wd9zQ9TVMaGCBLoFByZOeEGLtqHNQpR1BYnNkTCxMnhZ4QvF6f78ElLbVIodmlpEwByC9uO+e3BLVBESZV0jkyGWFN02vrEIUecQIn6ecFu9DQeailQCsUv0GviwZ7PKc6x8FO/ZvSkMjdUOk86OTLTwmb4JEyezqJInDzxs8KXy9PjDy3VSaHopT18QnLL246ZF3wLFFHT9mRz5HaTIzbDp+vrE5scYfrkiloe7cEUnq4+drLlVrRdfu7XeBWlwaEHT7LRMXnhW+CIUic2RuLUSdTSrnfpfJ4m/QdyvtWOC/10SqEgpq1TjtxCt2smCd8CRbRoyebI5Ir1JIeSKTY44mRK1KIR0cOgD7RUJ4WCmLY6eXJL224384J7aKylW1EIHOD4frfomPTwLXBEyRMbI2Hy5PGzw5fLEywr7BoKlELhS7sI5cstdHsy5wk3ZUl7L6MQRfTwSTZHJl2sKTqUQLHJESdQolaPKAUK+baWAqVQAANbYXAgt7rtdTM52IygBGiSbHRMavgWOKIEio2ROIEStYBEKVAOgFoKlEIBTCvFBy251W5P5lRhM4KS9iso6RyZJSQ0Rae9/B6HHHECJWoNiRCvp3H5/sc7vttRGRKFopjWY8JIFCPVu/j8NLApb6vMDTW9XDo5ZiWJG8CI0ig2RcI0qn7Ky/WnmuuqTQoFMO0RFJJb6fZlzhe+LQ+jEETUhAnpGJllJDRFp53h45AjTpxELSPxPCTqpGeCT6HYpVWBgrbc0rZvZgbryQ2tSLLJMYsL3wJHvnUWRuLkSdQyEi9RuZDE82MYgf4b+OloKVQKxTFtoXLk1rt9fh7YjKO0gYguREnGKDiVKu4Wo33zJDdgXSpjbK6EyVjAGp+3bFfGxuTTztI8mRYpXpPWDd6WF3dtEw7DQXBnUyZ0aBMmQYLmJyKRY1O1TAoDaMPRtUzYfFgGYFgQMAwInetYkDVONhb85pjE7dCEkBlLdmZCe0D86FAzE9Z24D+inGk/176K/VjJCGO/71XivQ4tiCxWeMW2oLEW9Whd6NYLPhxZ6+s5GY2o5fvWIps5LuPTQ989iR+XT3iWlHv8Cw== -------------------------------------------------------------------------------- /manuscript/images/WebCryptoApi.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/WebCryptoApi.png -------------------------------------------------------------------------------- /manuscript/images/accountsgoogle-available0.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/accountsgoogle-available0.jpg -------------------------------------------------------------------------------- /manuscript/images/accountsgoogle-available1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/accountsgoogle-available1.jpg -------------------------------------------------------------------------------- /manuscript/images/collectd-graphite.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/collectd-graphite.png -------------------------------------------------------------------------------- /manuscript/images/collectd-graphite.xml: -------------------------------------------------------------------------------- 1 | 7VtLc+I4EP41VO0e2LIsy49jYJKZy1RNVQ67c1SwYlQjLEYWCZlfv5ItGT9EcBhDkQwcEqv1dH+fuluNmMD5avtZ4PXyK08Jm/heup3ATxPf94PYV/+05MVIwsSrJJmgaSUDO8E9/UWM0Dbb0JQUrYaScybpui1c8DwnC9mSYSH4c7vZI2ftWdc4Iz3B/QKzvvRfmsqlkSLP21V8ITRbmqkT+34PePEjE3yTm/kmPnwsP1X1CtuxTPtiiVP+3BDB2wmcC85l9bTazgnTyrVqq/rd7amt1y1ILod0iFDV4wmzDbFLLhcmX6wyytchugOYwNnzkkpyv8YLXfus8FeypVwxU12/kKcLUvAftQahkmQMF4WpXfAVXZjnNcM0n2aCkFy3Ejil6g3mnHFRLgLGSXh3k6i6R8pYQz7/NJvdwnquRk2AfRA96B48l4ZiIFRlwSWWlOdm6r7KjBafiJBk2xAZFX4mfEWkeFFNbG2EDJ6G8NPAMvl5R5/IsmfZYA4IA2h4azib1cPvcFMPBro9MIZ/Howj4BbDw6gB4Ed92AK74X8HtdiFWsikednSvlk9hD832iaot4YogUqPTVEDZivUA0yLUl03qkHkrbfNHmGm/98ToZSlqoGdVy25mrpq0CORUqxsM6UBS+CZchO+GwXfbBy4EBiwy3wU9+EaAy2F+dngip1wld6W5plqYJE7FrX2Nst5Tjp70ogwo5k2lAuFmpoPzjRaVDnKG1Oxommqp3EaFIYfCJvVLrE73evMuSs/YxnoqEMdaD1fgzohchjoGI1AHQQc1DmRfQ5+xz7X27Vjnw2Jj3Sz02QsR5skcQtHEMR9C+ChPozIC8bA0b/ieBIcYxCdFUd4GEcFzVo/Ms4YXXMNXEqFOm1Uuij4Ri+0Cebr5q6vcYtRG3fUR602hQ6kk+Tubj5/gyNu4DkWnMphhS04kd+3rtYGtqLfMfwyioaDKcjPjQKx6ICZc3EFs96bHmiBGdnApwFmYHXcRNMfBU1XlHU1sW8PlqOkHfEg33G4gQ4TmwRj4Bi6XGUVrqb0yRkE6zB1aiJOHQWboLMXB9txijXOh0TTCOloutKrjdG1XGQPf/kQ6ipfvZDn65OefQ68v/szq85MGY20Uo76k5Ey7LZReLWi9iqVuHzhSzxRBaDthqdJnyNB5Njq8SgUcSWf3jtF5lg88HyqinilLVHj5CbJO6YKiG1W13AFhg6uhK4T1ChcGZDh+gMiNhCXvokIqlRIhPZ6OiEwXiYz9toHZeCFfe/vOiePEsqFwQe0CF2nUXRzN+/QFEQdkviOENGZTRmFJQMC/mu2+1C2Gzjs9wmT3X4Y793bZ852+5P3mO124XW6ZLfNl16PYeMew9BZD2E2dP/Q/vSjHcKC+JyHsGhAKvTqTPvOtJsjO68zjfYHymd2prDaqkQu3odX9eKDwJ3Qq57xnsbH9qrtA0gIz+tW94eyV7d6KTs9AO3vpIDnSlidzK8mrtCrox+Spzf6tuKkTjmdJjc18KIF2VL5n7YQ/yBT+m7WQtKM3Jt166/KeMZzzG530v2AFXwjFsQaVhMM6/FexfBAssnKBGHKtjyR1owu2MwM3zgtnaMlEOzeKIo60FerN9126PdH6t1NQp2RJBYZkb2RFP74pdFsrRsUryw5CNwT7V3ZgQ7qoVrDjtY1DgOZPiCCvDSm5+r1KqpHtvi9LCaJLX+zSdbJgexqhaxVRnBZDD/Iy6MZDsBAih/FKVd82+HUBX2nb+54Hzi3DCRnL90/gjPso+fZXHuDiNB1Q3mUb/WTAffML81GnMIbXopZAKAdQKMuykebhd5Ip3J8qPvThjd2GMHxDfge4gORuuE0Eep4zbh2o4PdZiswtAfji/alMOh6wLBzOXj4rvG7Q3kn2jYIBO6ZjtwGqrj7eVLVfPcjMHj7Pw== -------------------------------------------------------------------------------- /manuscript/images/reCaptcha.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/reCaptcha.jpg -------------------------------------------------------------------------------- /manuscript/images/statsd-graphite.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/statsd-graphite.png -------------------------------------------------------------------------------- /manuscript/images/statsd-graphite.xml: -------------------------------------------------------------------------------- 1 | 7Vxbc5s4GP01ntl98A5CiMtj4ibty850Jg+7fSRGxUwxcgHnsr9+JZAwSEqs2sIOrvPQGgldz/ku+iQxg4v1y+cy3qz+JgnOZ66TvMzgp5nrul7o0v9YyitP8SOnTUnLLGnTwC7hIfsP80Tx2jZLcDV4sSYkr7PNMHFJigIv60FaXJbkefjad5IPW93EKVYSHpZxrqb+kyX1iqcix9llfMFZuuJNR2J8j/HyR1qSbcHbm7nwe/PXZq9jURd/v1rFCXnuJcG7GVyUhNTtr/XLAudscsW0teXu38jt+l3iojYpEKC2xFOcb7HoctOx+lVMRjMczAqAGbx9XmU1ftjES5b7TPGnaat6nfPsbkAOe6hL8qObQUhT0jyuKp67JOtsyX9v8jgr5mmJccHeKuMkoyNYkJyUTSdgGPn3NxHN+57leS998en29g52bfVyvNgFwSMrQYqaUwz49LkkdVxnpOBNq1PGZ/EJlzV+6SXxKfyMyRrX5St9ReQGiOPJCT/3BJOfd/QJBHtWPeYA34Oct5yzaVf9Djf6g0P3Boz+7wejBdxCuB81ANxAhc0TAn8MaqEONT+v+WAb/Sbmwf+5ZTqBjhqiCNJ57Cf1YBaJrIJ51UzXDX0hcDYv/RJ+yv5/wCWdLJoNRLu0y23T7QsKiejE1kOm9GDxHP7ch++GwndrBy4EDKTMRaEKlw20KF77hYzKzYb9zEmeZxvCpCrJSmqiWn1TkS3rZ3/+8vgR57ed2RBTV5ACa8VBzOdQKJEqUtzuaMUwiu7vF4tfQK+nM0HYSDouMzqFuGQ6JCtSi8o0dCSYgRepYqlVpjZgFo2dQCpDrVQ2ThWbUtcRAnqocA7pwznV5wlPivMsZdguKWy0PXjL4MqoP3TDM9ZZkrBmtHbjfQrvodh989cNR+GJhk3v2OFAog4UDk6POj7SUCdEFqgjKj6FGfaOMcOdXEs6g5P4QG9qHjmWcIyiUMIx8lVN7yAVR+R4NoAEVyBHARJ44UlxdK84joJjCIKT4ggn5Xp1Ns2y62ULTup5+AM4kauaSaEDrTtYyLuCaVM4FTTdQF0WjYemQQRJoFnin1uKYiWhWZDyiuZO1fpggGakalroaNB0raAZXNG0qGhB5AzBDDRLWU/MsX00DSIWV/dnP4woiAYozrtQbj8iATVCGXlWcNSFJK44Ho8jcnU4atxYOzj6umVlG9tJsidtxIjFdOY8PMNCRjxCowSNRD3VJi5MQk8IsdBTO68ioMXSy/TxDxdCluXSATkui36L357zp9pyRXGqElZLztjQC1a1fRn2jyY3Qx0pvnwUPTxfoofOkYKeRsxDK+zQLVanzg5aOKeuQdJODv0nnThHgBSZilSKeIHGoNuhiG4dPHWKCAUyWU7Qgck7FqGn2hWx22ifFbol2NRZsYjLR1LM6WO8Zt5Lb2ukxhMmCwjF6RhOFuhrNIiv26KwwhWDkwK/QfDFYBPzSJSlTUzg+OrKT7cRZSUo4+tCbFPXCLIrUcmboxNUBYFEElcTHtBuV1phiUGw5zJPDR0Fm3RqCGj094iHhlxfF9Q5y6khd3aiU0PHLfqlU0M6vMY7NORfQzfjhG4APGkITkQCrjjaxRHpUBwtABdcA3Af2SGSA3BQE2YfL/4mojYXRY5Lj795oWb1PFr8LTA4h3L1mFWPWd4EPa3HHLy9Gj6xxwxbUcX1chqusxPuBW481/mUd5Mu2+UaRhk8rc81nud8wrtJvxOMvnYBNJ7rrAsWTd07uiTXeciOUOMXjeg6vx2Tmi45Ls91Hh4TBY5u52k03zk0iDbjIrlh17dn3d7ROJtMhleS8EtW/8vMx1+IP33jfWl7jhPlGrly8a0i23KJB76SitCePSGRVuKcmpWnYZs6UHgLX0nWuLeCMZ58TdkVGIhK2t7ycjtwNVV5clVQIkkdlymulaoannRDN6SOwTnGS6dOGxo5G3W6cKu8a300c6DsntgkjkH0/dKJ0y6jzkaczniI4+wy3AcTJ5LPSFskjljATog4pvQ4n/XZazI+JhUM7oJ+oCsR713730UFDTmlnJiZHe+GqjwASD0tBwMNE61ciojcyYn22zaBifsD7zcjGUlJEed3u9SDPdXzuhtQ/tRHcKiqUD4agsxUBcU/fu29tmEvVO+pN/kQKHLe75lSINhXwD+2wLBL9Ec7ysN1o8F+yEeTpYIOrxWmQDx+ax6jSDx/FecCZ/0DgSYy1JJJzI53Vhnay/yDZQgAQyE6iFO/cD34am8N7K2CnuNr7K3uezp27K3BNs5H0xEnsLfnW8mDYaQYySgfrBaUmsYyraIhY9MqPtxobCl/vYBr27ReUrh0v9j0zDJCkl0OO0N9uGEehkT8j2etoSfbWF/6JJW5XLpyVc5IgomAp2/pQDGgj7tvn7av774wC+/+Bw== -------------------------------------------------------------------------------- /manuscript/images/sweetcaptcha.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/sweetcaptcha.jpg -------------------------------------------------------------------------------- /manuscript/images/title_page.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1/54873c732ec9e1e2061d0400c344309c32392ecb/manuscript/images/title_page.png -------------------------------------------------------------------------------- /manuscript/markdown/back/additional-resources.md: -------------------------------------------------------------------------------- 1 | # Additional Resources {#additional-resources} 2 | 3 | ## [VPS](#vps) 4 | 5 | 6 | 7 | 8 | 9 | **Details on the Metasploit PSExec module** 10 | [https://community.rapid7.com/community/metasploit/blog/2013/03/09/psexec-demystified](https://community.rapid7.com/community/metasploit/blog/2013/03/09/psexec-demystified) 11 | 12 | 13 | 14 | 15 | 16 | 17 | **15 Ways to bypass PowerShell Execution Policy** 18 | [https://blog.netspi.com/15-ways-to-bypass-the-powershell-execution-policy/](https://blog.netspi.com/15-ways-to-bypass-the-powershell-execution-policy/) 19 | 20 | **`Out-CHM` blog post** from `nishang` author "Nikhil SamratAshok Mittal" 21 | [http://www.labofapenetrationtester.com/2014_11_01_archive.html](http://www.labofapenetrationtester.com/2014_11_01_archive.html) 22 | 23 | 24 | 25 | 26 | 27 | **Useful details around the Windows scheduled tasks** used in [`Persistence.ps1`](#Persistence-ps1) 28 | [https://msdn.microsoft.com/en-us/library/windows/desktop/bb736357(v=vs.85).aspx](https://msdn.microsoft.com/en-us/library/windows/desktop/bb736357(v=vs.85).aspx) 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | **Local Linux Enumeration & Privilege Escalation Cheatsheet** 38 | [https://www.rebootuser.com/?p=1623](https://www.rebootuser.com/?p=1623) 39 | 40 | {#additional-resources-vps-identify-risks-unnecessary-and-vulnerable-services-overly-permissive-file-permissions-ownership-and-lack-of-segmentation} 41 | **Linux\_Exploit\_Suggester** uses the Operating System release version, or fine tune by manually providing the Kernel version 42 | [https://github.com/PenturaLabs/Linux_Exploit_Suggester](https://github.com/PenturaLabs/Linux_Exploit_Suggester) 43 | 44 | **Windows-Exploit-Suggester** compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins. 45 | [https://github.com/GDSSecurity/Windows-Exploit-Suggester](https://github.com/GDSSecurity/Windows-Exploit-Suggester) 46 | 47 | **Network Information Service** wiki 48 | [https://en.wikipedia.org/wiki/Network_Information_Service](https://en.wikipedia.org/wiki/Network_Information_Service) 49 | 50 | **Linux NIS(YP)/NIS+ HowTo** 51 | [http://www.linux-nis.org/nis-howto/HOWTO/NIS-HOWTO.html](http://www.linux-nis.org/nis-howto/HOWTO/NIS-HOWTO.html) 52 | 53 | **FreeBSD NIS** 54 | [https://www.freebsd.org/doc/handbook/network-nis.html](https://www.freebsd.org/doc/handbook/network-nis.html) 55 | 56 | 57 | 58 | 59 | 60 | **Distributed Computing Environment / Remote Procedure Call** 61 | [https://en.wikipedia.org/wiki/DCE/RPC](https://en.wikipedia.org/wiki/DCE/RPC). 62 | 63 | 64 | 65 | **In most cases you will want to shadow your passwords** 66 | [http://www.tldp.org/HOWTO/Shadow-Password-HOWTO-2.html#ss2.2](http://www.tldp.org/HOWTO/Shadow-Password-HOWTO-2.html#ss2.2) 67 | 68 | **SHA scheme for crypt** 69 | [https://www.akkadia.org/drepper/SHA-crypt.txt](https://www.akkadia.org/drepper/SHA-crypt.txt) 70 | 71 | **SHA-2** 72 | [https://en.wikipedia.org/wiki/SHA-2](https://en.wikipedia.org/wiki/SHA-2) 73 | 74 | **Some details around** `/etc/passwd` and `/etc/shadow` 75 | 76 | 77 | 78 | **For a plethora of information on hardening and using SSH** in creative ways 79 | [https://blog.binarymist.net/?s=ssh](https://blog.binarymist.net/?s=ssh) 80 | 81 | **SSH Connection and Encryption Process** 82 | [https://www.digitalocean.com/community/tutorials/understanding-the-ssh-encryption-and-connection-process](https://www.digitalocean.com/community/tutorials/understanding-the-ssh-encryption-and-connection-process) 83 | 84 | **SSH, The Secure Shell: The Definitive Guide, 2nd Edition** 85 | 86 | **SSH Specification** 87 | [https://tools.ietf.org/html/rfc4253](https://tools.ietf.org/html/rfc4253) 88 | 89 | **Notes on Cryptography Ciphers** 90 | [http://rakhesh.com/infrastructure/notes-on-cryptography-ciphers-rsa-dsa-aes-rc4-ecc-ecdsa-sha-and-so-on/](http://rakhesh.com/infrastructure/notes-on-cryptography-ciphers-rsa-dsa-aes-rc4-ecc-ecdsa-sha-and-so-on/) 91 | 92 | **An Overview of Cryptography** 93 | [http://www.garykessler.net/library/crypto.html](http://www.garykessler.net/library/crypto.html) 94 | 95 | {#additional-resources-vps-locking-down-the-mounting-of-partitions} 96 | **Mounting partitions the right way** 97 | [http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s4.10](http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s4.10) 98 | 99 | **mount man page** 100 | [http://man.he.net/man8/mount](http://man.he.net/man8/mount) 101 | 102 | **Securing the mail service** 103 | [http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html#s5.6](http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html#s5.6) 104 | 105 | **Disabling daemon services** 106 | [http://www.debian.org/doc/manuals/securing-debian-howto/ch3.en.html#s-disableserv](http://www.debian.org/doc/manuals/securing-debian-howto/ch3.en.html#s-disableserv) 107 | 108 | **Run levels** 109 | [https://www.debian.org/doc/debian-policy/ch-opersys.html#s-sysvinit](https://www.debian.org/doc/debian-policy/ch-opersys.html#s-sysvinit) 110 | 111 | **`apt-get --purge remove exim4 exim4-base exim4-config exim4-daemon-light`** 112 | [http://stackoverflow.com/questions/12061358/how-to-cleanly-remove-exim4-mail-server-on-ubuntu](http://stackoverflow.com/questions/12061358/how-to-cleanly-remove-exim4-mail-server-on-ubuntu) 113 | 114 | **Running the minimum number of services required** 115 | [http://www.debian.org/doc/manuals/securing-debian-howto/ch3.en.html#s3.6](http://www.debian.org/doc/manuals/securing-debian-howto/ch3.en.html#s3.6) 116 | 117 | **System audit** 118 | [http://www.tldp.org/HOWTO/Security-Quickstart-HOWTO/services.html#AUDIT](http://www.tldp.org/HOWTO/Security-Quickstart-HOWTO/services.html#AUDIT) 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | **Securing the services that are left** 127 | [https://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html](https://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html) 128 | 129 | **Which services do we really need** 130 | [http://www.tldp.org/HOWTO/Security-Quickstart-HOWTO/services.html](http://www.tldp.org/HOWTO/Security-Quickstart-HOWTO/services.html) 131 | 132 | 133 | 134 | 135 | **Centralized logging makes everything better** 136 | https://medium.com/starting-up-security/learning-from-a-year-of-security-breaches-ed036ea 137 | 05d9b#41e1 138 | 139 | **Logging and Alerting**, where and what are the log files? 140 | [http://www.thegeekstuff.com/2011/08/linux-var-log-files/](http://www.thegeekstuff.com/2011/08/linux-var-log-files/) 141 | 142 | {#additional-resources-vps-countermeasures-lack-of-visibility-logging-and-alerting-swatch} 143 | **Nagios Log Monitoring with Swatch** 144 | https://assets.nagios.com/downloads/nagiosxi/docs/Log_Monitoring_With_Swatch.pdf#_ga=1 145 | .228044821.985883814.1472695863 146 | 147 | **Simple Log Watcher** examples 148 | [http://www.linux-mag.com/id/7807/](http://www.linux-mag.com/id/7807/) 149 | 150 | **Simple Log Watcher** man page 151 | [http://linux.die.net/man/1/swatch](http://linux.die.net/man/1/swatch) 152 | 153 | **Logwatch install, set-up, and using** 154 | [https://www.digitalocean.com/community/tutorials/how-to-install-and-use-logwatch-log-analyzer-and-reporter-on-a-vps](https://www.digitalocean.com/community/tutorials/how-to-install-and-use-logwatch-log-analyzer-and-reporter-on-a-vps) 155 | 156 | **The Debian Manuals have details on how to use and customise logcheck** 157 | [https://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s-custom-logcheck](https://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s-custom-logcheck) 158 | 159 | **Fail2ban** source code 160 | [https://github.com/fail2ban/fail2ban/](https://github.com/fail2ban/fail2ban/) 161 | 162 | **Multitail** example 163 | [https://www.howtoforge.com/monitoring-multiple-log-files-at-a-time-with-multitail-on-debian-lenny](https://www.howtoforge.com/monitoring-multiple-log-files-at-a-time-with-multitail-on-debian-lenny) 164 | 165 | **Gentoo rsyslog wiki** 166 | [https://wiki.gentoo.org/wiki/Rsyslog](https://wiki.gentoo.org/wiki/Rsyslog) 167 | 168 | **Make sure you have reviewed who can write and read** your logs and make any modifications necessary to the permissions. 169 | [http://www.tldp.org/HOWTO/Security-HOWTO/secure-prep.html#logs](http://www.tldp.org/HOWTO/Security-HOWTO/secure-prep.html#logs) 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | %% Keep NodeJS Applications Alive 178 | 179 | **`kill`ing processes** 180 | http://www.cyberciti.biz/faq/ 181 | kill-process-in-linux-or-terminate-a-process-in-unix-or-linux-systems/ 182 | 183 | **Unix signals** 184 | [https://en.wikipedia.org/wiki/Unix_signal](https://en.wikipedia.org/wiki/Unix_signal) 185 | 186 | **Terse guide of systemd commands** and some other quick start sort of info 187 | [https://wiki.archlinux.org/index.php/systemd](https://wiki.archlinux.org/index.php/systemd) 188 | 189 | 190 | 191 | 192 | **Tripwire tutorial** 193 | [https://www.digitalocean.com/community/tutorials/how-to-use-tripwire-to-detect-server-intrusions-on-an-ubuntu-vps](https://www.digitalocean.com/community/tutorials/how-to-use-tripwire-to-detect-server-intrusions-on-an-ubuntu-vps) 194 | 195 | 196 | 197 | **TLDP Security HowTo** 198 | [http://www.tldp.org/HOWTO/Security-HOWTO/](http://www.tldp.org/HOWTO/Security-HOWTO/) 199 | 200 | **TLDP Security Quickstart** 201 | [http://www.tldp.org/HOWTO/Security-Quickstart-HOWTO/](http://www.tldp.org/HOWTO/Security-Quickstart-HOWTO/) 202 | 203 | **Securing Debian Howto** 204 | [http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html](http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html) 205 | 206 | **Debian Security** 207 | [http://www.debianhelp.co.uk/security.htm](http://www.debianhelp.co.uk/security.htm) 208 | 209 | {#additional-resources-vps-countermeasures-docker} 210 | **Cisecurity** 211 | has an [excellent resource](https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf) for hardening docker images, which the Docker Security team helped with. This should be consulted in parallel to reading the [Docker Countermeasures](#vps-countermeasures-docker) section 212 | 213 | **I also conducted an interview called "[Docker Security](http://www.se-radio.net/2017/05/se-radio-episode-290-diogo-monica-on-docker-security/)"** 214 | for Software Engineering Radio in which Docker Security Team Lead Diogo Monica appeared as guest and provided some excellent advice, opinions, and food for thought, be sure to listen to it 215 | 216 | {#additional-resources-vps-countermeasures-docker-hardening-docker-host-engine-and-containers-namespaces} 217 | **Network Namespace** source code 218 | [https://github.com/torvalds/linux/blob/master/net/core/net_namespace.c](https://github.com/torvalds/linux/blob/master/net/core/net_namespace.c) 219 | 220 | **IP-NETNS** man page 221 | [http://man7.org/linux/man-pages/man8/ip-netns.8.html](http://man7.org/linux/man-pages/man8/ip-netns.8.html) 222 | 223 | **Introducing Linux Network Namespaces** 224 | [http://blog.scottlowe.org/2013/09/04/introducing-linux-network-namespaces/](http://blog.scottlowe.org/2013/09/04/introducing-linux-network-namespaces/) 225 | 226 | **Network namespaces** 227 | [https://blogs.igalia.com/dpino/2016/04/10/network-namespaces/](https://blogs.igalia.com/dpino/2016/04/10/network-namespaces/) 228 | 229 | **docker network** 230 | [https://docs.docker.com/engine/reference/commandline/network/](https://docs.docker.com/engine/reference/commandline/network/) 231 | 232 | **Namespaces in operation** 233 | [https://lwn.net/Articles/580893/](https://lwn.net/Articles/580893/) 234 | 235 | **dockerscan** may be worth keeping an eye on for offensive testing 236 | [https://github.com/cr0hn/dockerscan](https://github.com/cr0hn/dockerscan) 237 | 238 | **Docker SELinux Man Page** 239 | [https://www.mankier.com/8/docker_selinux](https://www.mankier.com/8/docker_selinux) 240 | 241 | **Understanding and Hardening Linux Containers** 242 | https://www.nccgroup.trust/globalassets/our-research/us/whitepapers/2016/april/ncc_group 243 | _understanding_hardening_linux_containers-10pdf/ 244 | 245 | **Increasing Attacker Cost using Immutable Infrastructure** 246 | https://diogomonica.com/2016/11/19/increasing-attacker-cost-using-immutable-infrastructure/ 247 | 248 | **Diogo Monica on Mutual TLS** 249 | [https://www.youtube.com/watch?v=apma_C24W58](https://www.youtube.com/watch?v=apma_C24W58) 250 | 251 | **Diogo Monica on Orchestrating Least Privilege** 252 | 253 | * [https://www.youtube.com/watch?v=xpGNAiA3XW8](https://www.youtube.com/watch?v=xpGNAiA3XW8) 254 | * https://www.slideshare.net/Docker/orchestrating-least-privilege-by-diogo-monica-6718 255 | 6063 256 | 257 | **Comparison of secrets across orchestrators** 258 | https://medium.com/on-docker/secrets-and-lie-abilities-the-state-of-modern-secret-managem 259 | ent-2017-c82ec9136a3d#.f6yba66ti 260 | 261 | **Description of how PKI automatically gets setup in swarm** 262 | [https://docs.docker.com/engine/swarm/how-swarm-mode-works/pki/](https://docs.docker.com/engine/swarm/how-swarm-mode-works/pki/) 263 | 264 | **Image signing**, and why it is important 265 | [https://blog.docker.com/2015/08/content-trust-docker-1-8/](https://blog.docker.com/2015/08/content-trust-docker-1-8/) 266 | 267 | **Docker security scanning (content integrity)** 268 | [https://blog.docker.com/2016/05/docker-security-scanning/](https://blog.docker.com/2016/05/docker-security-scanning/) 269 | 270 | ## [Network](#network) 271 | 272 | %% Lack of Segmentation Identify Risks 273 | 274 | **Top 10 Network Security Mistakes - #5: Lack of Segmentation** 275 | [https://www.optiv.com/blog/top-10-network-security-mistakes-5-lack-of-segmentation](https://www.optiv.com/blog/top-10-network-security-mistakes-5-lack-of-segmentation) 276 | 277 | **Database security** 278 | [https://www.owasp.org/index.php/Configuration#Database_security](https://www.owasp.org/index.php/Configuration#Database_security) 279 | 280 | %% End Lack of Segmentation Identify Risks 281 | 282 | %% Data Exfiltration, Infiltration Identify Risks 283 | 284 | **Dropbox Interview of James Cowling** 285 | [http://www.se-radio.net/2017/03/se-radio-episode-285-james-cowling-on-dropboxs-distributed-storage-system/](http://www.se-radio.net/2017/03/se-radio-episode-285-james-cowling-on-dropboxs-distributed-storage-system/) 286 | 287 | **DropSmack** 288 | [https://media.blackhat.com/eu-13/briefings/Williams/bh-eu-13-dropsmack-jwilliams-slides.pdf](https://media.blackhat.com/eu-13/briefings/Williams/bh-eu-13-dropsmack-jwilliams-slides.pdf) 289 | 290 | **NS1 Using dig +trace** 291 | [https://ns1.com/articles/using-dig-trace](https://ns1.com/articles/using-dig-trace) 292 | 293 | **Difference between Authoritative and Recursive DNS Nameservers** by Chris Frost 294 | [https://umbrella.cisco.com/blog/blog/2014/07/16/difference-authoritative-recursive-dns-nameservers/](https://umbrella.cisco.com/blog/blog/2014/07/16/difference-authoritative-recursive-dns-nameservers/) 295 | 296 | **Comparison of DNS Server Types** by Justin Ellingwood 297 | [https://www.digitalocean.com/community/tutorials/a-comparison-of-dns-server-types-how-to-choose-the-right-dns-configuration](https://www.digitalocean.com/community/tutorials/a-comparison-of-dns-server-types-how-to-choose-the-right-dns-configuration) 298 | 299 | **DNS Steps in Detail** 300 | [http://blog.catchpoint.com/2014/07/01/dns-lookup-domain-name-ip-address/](http://blog.catchpoint.com/2014/07/01/dns-lookup-domain-name-ip-address/) 301 | 302 | **How long can my SPF record be** 303 | [https://agari.zendesk.com/hc/en-us/articles/202952749-How-long-can-my-SPF-record-be-](https://agari.zendesk.com/hc/en-us/articles/202952749-How-long-can-my-SPF-record-be-) 304 | 305 | **Tunneling Data and Commands Over DNS to Bypass Firewalls** by Lenny Zeltser 306 | [https://zeltser.com/c2-dns-tunneling/](https://zeltser.com/c2-dns-tunneling/) 307 | 308 | %% End Data Exfiltration, Infiltration Identify Risks 309 | 310 | %% Insufficient Logging Countermeasures 311 | 312 | {#additional-resources-network-insufficient-logging-internal-network-system-logging} 313 | **Insufficient Logging - Internal Network System Logging** 314 | These resources in order were helpful for establishing a strategy for the unreliable and unconfidental transport UDP 315 | [https://forums.freenas.org/index.php?threads/freenas-as-syslog-server.13145/](https://forums.freenas.org/index.php?threads/freenas-as-syslog-server.13145/) 316 | [https://forums.freenas.org/index.php?threads/syslog-through-tcp-protocol.7112/](https://forums.freenas.org/index.php?threads/syslog-through-tcp-protocol.7112/) 317 | [https://doc.pfsense.org/index.php/Copying_Logs_to_a_Remote_Host_with_Syslog](https://doc.pfsense.org/index.php/Copying_Logs_to_a_Remote_Host_with_Syslog) 318 | 319 | **The ELK stack** is also well worth considering 320 | [https://logz.io/blog/install-elk-stack-amazon-aws/](https://logz.io/blog/install-elk-stack-amazon-aws/) 321 | 322 | %% End Insufficient Logging Countermeasures 323 | 324 | %% Lack of Network Intrusion Detection Systems (NIDS) Countermeasures 325 | 326 | **BSidesLV IDS talk** 327 | [https://www.youtube.com/watch?v=iHRwAg8LQtI&feature=youtu.be](https://www.youtube.com/watch?v=iHRwAg8LQtI&feature=youtu.be) 328 | 329 | **Top Free Network-Based Intrusion Detection Systems (IDS) for the Enterprise** 330 | [https://www.upguard.com/articles/top-free-network-based-intrusion-detection-systems-ids-for-the-enterprise](https://www.upguard.com/articles/top-free-network-based-intrusion-detection-systems-ids-for-the-enterprise) 331 | 332 | **Suricata-vs-snort** 333 | [https://www.aldeid.com/wiki/Suricata-vs-snort](https://www.aldeid.com/wiki/Suricata-vs-snort) 334 | 335 | %% End Lack of Network Intrusion Detection Systems (NIDS) Countermeasures 336 | 337 | %% Spoofing IP Countermeasures 338 | 339 | **Defense and mitigate ARP Spoofing** 340 | [http://www.jaringankita.com/blog/defense-arp-spoofing](http://www.jaringankita.com/blog/defense-arp-spoofing) 341 | 342 | %% Spoofing IP Countermeasures 343 | 344 | **FakeDNS** 345 | [https://github.com/Crypt0s/FakeDns](https://github.com/Crypt0s/FakeDns) 346 | 347 | %% End Spoofing IP Countermeasures 348 | 349 | %% Spoofing EMail Address Countermeasures 350 | 351 | **Open Sender Policy Framework** 352 | [http://www.openspf.org/](http://www.openspf.org/) 353 | 354 | **Wikipedia Sender Policy Framework** (SPF) 355 | [https://en.wikipedia.org/wiki/Sender_Policy_Framework](https://en.wikipedia.org/wiki/Sender_Policy_Framework) 356 | 357 | **Wikipedia DomainKeys Identified Mail** (DKIM) 358 | [https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) 359 | 360 | %% End Spoofing EMail Address Countermeasures 361 | 362 | %% Data Exfiltration, Infiltration leveraging DNS Countermeasures 363 | 364 | **tcp-over-websockets** 365 | [https://github.com/derhuerst/tcp-over-websockets](https://github.com/derhuerst/tcp-over-websockets) 366 | 367 | **chisel** 368 | [https://github.com/jpillora/chisel](https://github.com/jpillora/chisel) 369 | 370 | **Dnscat documentation** 371 | [https://wiki.skullsecurity.org/Dnscat](https://wiki.skullsecurity.org/Dnscat) 372 | 373 | **FakeDns** 374 | [https://github.com/Crypt0s/FakeDns](https://github.com/Crypt0s/FakeDns) 375 | 376 | %% End Data Exfiltration, Infiltration leveraging DNS Countermeasures 377 | 378 | 379 | 380 | 381 | 382 | 383 | 384 | ## [Cloud](#cloud) 385 | 386 | **Interview I hosted with Scott Piper on Cloud Security** 387 | [https://binarymist.io/publication/ser-podcast-cloud-security/](https://binarymist.io/publication/ser-podcast-cloud-security/) 388 | 389 | **Interview I hosted with Peter Budai on EtEE** 390 | [https://binarymist.io/publication/ser-podcast-end-to-end-encryption/](https://binarymist.io/publication/ser-podcast-end-to-end-encryption/) 391 | 392 | %% Storage of Secrets, Private Key Abuse, TLS, Countermeasures 393 | 394 | **Secrets out of Docker images** 395 | [https://www.ctl.io/developers/blog/post/tutorial-protecting-sensitive-info-docker](https://www.ctl.io/developers/blog/post/tutorial-protecting-sensitive-info-docker) 396 | 397 | %% End Storage of Secrets, Private Key Abuse, TLS, Countermeasures 398 | 399 | 400 | %% Countermeasures, Storage of Secrets, Credentials and Other Secrets, Entered by people (manually) 401 | 402 | **Darkreading: 10 Password Managers For Business Use** 403 | https://www.darkreading.com/endpoint/10-password-managers-for-business-use/d/d-id/ 404 | 1322326 405 | 406 | %% End Countermeasures, Storage of Secrets, Credentials and Other Secrets, Entered by people (manually) 407 | 408 | %% Countermeasures, Storage of Secrets, Credentials and Other Secrets, Entered by Software (manually) 409 | {#additional-resources-cloud-countermeasures-storage-of-secrets-credentials-and-other-secrets-entered-by-software} 410 | **Using Vault with MySQL** 411 | [https://dzone.com/articles/using-vault-with-mysql](https://dzone.com/articles/using-vault-with-mysql) 412 | 413 | **Infrastructure Secret Management Overview** 414 | [https://gist.github.com/binarymist/66206419df712bd738c3d664542157d8](https://gist.github.com/binarymist/66206419df712bd738c3d664542157d8) 415 | Forked from maxvt. 416 | 417 | **Secrets Management** show on Software Engineering Radio 418 | [http://www.se-radio.net/2017/12/se-radio-episode-311-armon-dadgar-on-secrets-management/](http://www.se-radio.net/2017/12/se-radio-episode-311-armon-dadgar-on-secrets-management/) 419 | 420 | %% End Countermeasures, Storage of Secrets, Credentials and Other Secrets, Entered by Software (manually) 421 | 422 | **flaws.cloud** AWS CTF by Scott Piper 423 | [http://flaws.cloud/](http://flaws.cloud/) 424 | 425 | %% Not book content related 426 | 427 | **Collection of AWS Security Tools** 428 | [https://blyx.com/2018/07/18/my-arsenal-of-aws-security-tools/](https://blyx.com/2018/07/18/my-arsenal-of-aws-security-tools/) 429 | 430 | **ASecure Cloud** 431 | [https://asecure.cloud/](https://asecure.cloud/) 432 | 433 | 434 | 435 | ## [Web Applications](#web-applications) 436 | 437 | **OWASP canonical XSS resource** 438 | https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29 439 | 440 | **Hashcat rules based** attack 441 | [http://hashcat.net/wiki/doku.php?id=rule_based_attack](http://hashcat.net/wiki/doku.php?id=rule_based_attack) 442 | 443 | **Details that helped setup NodeJS logging**: 444 | [https://gist.github.com/rtgibbons/7354879](https://gist.github.com/rtgibbons/7354879) 445 | [https://thejsf.wordpress.com/2015/01/18/node-js-logging-with-winston/](https://thejsf.wordpress.com/2015/01/18/node-js-logging-with-winston/) 446 | 447 | **Application logging to syslog server** on another machine: 448 | [http://unix.stackexchange.com/questions/67250/where-does-rsyslog-keep-facility-local0](http://unix.stackexchange.com/questions/67250/where-does-rsyslog-keep-facility-local0) 449 | 450 | **Or the new style configuration** 451 | [http://www.rsyslog.com/doc/v8-stable/configuration/modules/imudp.html](http://www.rsyslog.com/doc/v8-stable/configuration/modules/imudp.html) 452 | 453 | **Syslog compatible protocol severities** 454 | [https://wiki.gentoo.org/wiki/Rsyslog#Severity](https://wiki.gentoo.org/wiki/Rsyslog#Severity) 455 | 456 | %% NoSQLi 457 | 458 | **cr0hn nosqlinjection_wordlists** 459 | [https://github.com/cr0hn/nosqlinjection_wordlists](https://github.com/cr0hn/nosqlinjection_wordlists) 460 | 461 | %% End NoSQLi 462 | 463 | %% Command Injection Risks 464 | 465 | {#additional-resources-web-applications-risks-injection-command-injection} 466 | **Avoiding Command Injection in Node.js** 467 | [https://blog.liftsecurity.io/2014/08/19/Avoid-Command-Injection-Node.js/](https://blog.liftsecurity.io/2014/08/19/Avoid-Command-Injection-Node.js/) 468 | 469 | **Server-Side JavaScript Injection** 470 | [https://media.blackhat.com/bh-us-11/Sullivan/BH_US_11_Sullivan_Server_Side_WP.pdf](https://media.blackhat.com/bh-us-11/Sullivan/BH_US_11_Sullivan_Server_Side_WP.pdf) 471 | 472 | %% End Command Injection Risks 473 | 474 | %% Statistics Graphing Countermeasures 475 | 476 | **statsd source code** 477 | [https://github.com/etsy/statsd/](https://github.com/etsy/statsd/) 478 | 479 | **One of the ways we can generate statistics for our statsd daemon** is by using one of the many language specific statsd clients 480 | [https://github.com/etsy/statsd/wiki#client-implementations](https://github.com/etsy/statsd/wiki#client-implementations) 481 | 482 | **First statsd spec for metric types** 483 | [https://github.com/b/statsd_spec/blob/master/README.md](https://github.com/b/statsd_spec/blob/master/README.md) 484 | **Current, or at least more recent statsd spec** for metric types 485 | [https://github.com/etsy/statsd/blob/master/docs/metric_types.md](https://github.com/etsy/statsd/blob/master/docs/metric_types.md) 486 | 487 | **Configuring Graphite for StatsD** 488 | [https://github.com/etsy/statsd/blob/master/docs/graphite.md](https://github.com/etsy/statsd/blob/master/docs/graphite.md) 489 | 490 | **StatsD, what it is and how it can help you** 491 | [https://www.datadoghq.com/blog/statsd/](https://www.datadoghq.com/blog/statsd/) 492 | 493 | %% End Statistics Graphing Countermeasures 494 | 495 | **Podcast on WebComponents** 496 | [http://webcomponents.org/](http://webcomponents.org/) 497 | 498 | **I would recommend NSubstitute** instead if you were looking for a mocking framework for .NET. 499 | [http://blog.binarymist.net/2013/12/14/evaluation-of-net-mocking-libraries/](http://blog.binarymist.net/2013/12/14/evaluation-of-net-mocking-libraries/) 500 | 501 | **Information on how jQuery plugins plugin** 502 | [https://learn.jquery.com/plugins/](https://learn.jquery.com/plugins/) 503 | 504 | **jQuery Validation** documentation 505 | [http://jqueryvalidation.org/documentation/](http://jqueryvalidation.org/documentation/) 506 | 507 | [http://jqueryvalidation.org/validate](http://jqueryvalidation.org/validate) 508 | 509 | [http://jqueryvalidation.org/jQuery.validator.addMethod](http://jqueryvalidation.org/jQuery.validator.addMethod) 510 | 511 | [http://jqueryvalidation.org/rules](http://jqueryvalidation.org/rules) 512 | 513 | **express-form** 514 | [https://github.com/freewil/express-form](https://github.com/freewil/express-form) 515 | 516 | %% Countermeasures for CSRF 517 | {#additional-resources-countermeasures-for-csrf} 518 | **XSRF/CSRF Prevention in ASP.NET MVC and Web Pages** is good for understanding CSRF 519 | [https://docs.microsoft.com/en-us/aspnet/mvc/overview/security/xsrfcsrf-prevention-in-aspnet-mvc-and-web-pages](https://docs.microsoft.com/en-us/aspnet/mvc/overview/security/xsrfcsrf-prevention-in-aspnet-mvc-and-web-pages) 520 | 521 | **OWASP CSRF** 522 | https://www.owasp.org/index.php/Top_10_2017-A8-Cross-Site_Request_Forgery_(CSRF) 523 | 524 | %% End Countermeasures for CSRF 525 | 526 | %% Countermeasures for XPath Injection 527 | {#additional-resources-countermeasures-for-xpath-injection} 528 | **Hacking XPath 2.0** 529 | [https://media.blackhat.com/bh-eu-12/Siddharth/bh-eu-12-Siddharth-Xpath-WP.pdf](https://media.blackhat.com/bh-eu-12/Siddharth/bh-eu-12-Siddharth-Xpath-WP.pdf) 530 | 531 | %% End Countermeasures for XPath Injection 532 | 533 | **Recording and testing user time expenditure** 534 | 535 | [http://www.smashingmagazine.com/2011/03/in-search-of-the-perfect-captcha/#recording-user-time-expenditure](http://www.smashingmagazine.com/2011/03/in-search-of-the-perfect-captcha/#recording-user-time-expenditure) 536 | 537 | [http://stackoverflow.com/questions/8472/practical-non-image-based-captcha-approaches](http://stackoverflow.com/questions/8472/practical-non-image-based-captcha-approaches) 538 | 539 | **Blowfish cipher** 540 | https://en.wikipedia.org/wiki/Blowfish_%28cipher%29 541 | 542 | **PBKDF2** 543 | [https://en.wikipedia.org/wiki/PBKDF2](https://en.wikipedia.org/wiki/PBKDF2) 544 | 545 | **Key Derivation Function** 546 | [https://en.wikipedia.org/wiki/Key_derivation_function](https://en.wikipedia.org/wiki/Key_derivation_function) (KDF) 547 | 548 | **bcrypt** 549 | [https://en.wikipedia.org/wiki/Bcrypt](https://en.wikipedia.org/wiki/Bcrypt) 550 | 551 | **Cryptographic hash function** 552 | [https://en.wikipedia.org/wiki/Cryptographic_hash_function](https://en.wikipedia.org/wiki/Cryptographic_hash_function): MD5, SHA1, SHA2, etc 553 | 554 | **Key stretching** 555 | [https://en.wikipedia.org/wiki/Key_stretching](https://en.wikipedia.org/wiki/Key_stretching) 556 | 557 | **scrypt** 558 | [https://en.wikipedia.org/wiki/Scrypt](https://en.wikipedia.org/wiki/Scrypt) 559 | 560 | **Good Password Hashing Functions** 561 | [http://defencely.com/blog/do-you-rely-on-hashing-know-websec-cryptography-indepth/](http://defencely.com/blog/do-you-rely-on-hashing-know-websec-cryptography-indepth/) 562 | 563 | **bcrypt brute-forcing** feasible on certain hardware 564 | [http://www.openwall.com/presentations/Passwords14-Energy-Efficient-Cracking/](http://www.openwall.com/presentations/Passwords14-Energy-Efficient-Cracking/) 565 | http://www.openwall.com/presentations/Password 566 | s13-Energy-Efficient-Cracking/Passwords13-Energy-Efficient-Cracking.pdf 567 | [https://www.usenix.org/system/files/conference/woot14/woot14-malvoni.pdf](https://www.usenix.org/system/files/conference/woot14/woot14-malvoni.pdf) 568 | 569 | **Cooling the Xeon Phi** 570 | [https://ssrb.github.io/hpc/2015/04/17/cooling-down-the-xeon-phi-sku31S1P/](https://ssrb.github.io/hpc/2015/04/17/cooling-down-the-xeon-phi-sku31S1P/) 571 | 572 | **Xeon Phi misconceptions** 573 | [https://www.pugetsystems.com/labs/hpc/Top-5-Xeon-Phi-Misconceptions-508/](https://www.pugetsystems.com/labs/hpc/Top-5-Xeon-Phi-Misconceptions-508/) 574 | 575 | 576 | 577 | **Password Cracking Strategy** 578 | http://null-byte.wonderhowto.com/how-to/hack-like-pro-crack-passwords-part-2-cracking 579 | -strategy-0156491/ 580 | 581 | **Securing Sessions** via cookie attributes 582 | [https://www.owasp.org/index.php/HttpOnly](https://www.owasp.org/index.php/HttpOnly) 583 | 584 | **Justin Searls talk** on consuming all the open source 585 | [http://blog.testdouble.com/posts/2014-12-02-the-social-coding-contract.html](http://blog.testdouble.com/posts/2014-12-02-the-social-coding-contract.html) 586 | 587 | **Effecting Change** 588 | [http://blog.binarymist.net/2013/06/22/ideas-for-more-effective-meetings-and-presentations/](http://blog.binarymist.net/2013/06/22/ideas-for-more-effective-meetings-and-presentations/) 589 | 590 | 591 | {#additional-resources-countermeasures-insufficient-attack-protection-application-intrusion-detection-and-response} 592 | **Application Intrusion Detection and Response** 593 | 594 | **Appsensor home** 595 | [http://appsensor.org/](http://appsensor.org/) 596 | 597 | **Sample Appsensor applications** 598 | [https://github.com/jtmelton/appsensor/tree/master/sample-apps](https://github.com/jtmelton/appsensor/tree/master/sample-apps) 599 | 600 | **Slide deck** from John Melton (AppSensor project lead) 601 | [http://www.slideshare.net/jtmelton/appsensor-near-real-time-event-detection-and-response](http://www.slideshare.net/jtmelton/appsensor-near-real-time-event-detection-and-response) 602 | 603 | **Good podcast on OWASP 24/7 soundcloud** 604 | [https://soundcloud.com/owasp-podcast/john-melton-and-the-owasp-appsensor-project](https://soundcloud.com/owasp-podcast/john-melton-and-the-owasp-appsensor-project) 605 | 606 | **Gaslighting with Honeypits and Mirages** 607 | at OWASP NZ Day 2017 by Kate Pearce demonstrated a collection of very useful techniques for programmatically wasting your attackers time 608 | [https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2017#tab=Presentation_Schedule](https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2017#tab=Presentation_Schedule) 609 | 610 | 611 | 612 | **W3C Web Crypto API Update** Slides from Ryan Sleevi 613 | [https://www.ietf.org/proceedings/86/slides/slides-86-saag-5.pdf](https://www.ietf.org/proceedings/86/slides/slides-86-saag-5.pdf) 614 | 615 | **What's wrong with in-browser cryptography** There is some great advice here, but I also don't agree with some of it. 616 | [https://tonyarcieri.com/whats-wrong-with-webcrypto](https://tonyarcieri.com/whats-wrong-with-webcrypto) 617 | 618 | **Advice from Cryptographer Matt Green** to the W3C on the Web Cryptography APIs failure 619 | [http://blog.cryptographyengineering.com/2012/12/the-anatomy-of-bad-idea.html](http://blog.cryptographyengineering.com/2012/12/the-anatomy-of-bad-idea.html) 620 | -------------------------------------------------------------------------------- /manuscript/markdown/front/foreword.md: -------------------------------------------------------------------------------- 1 | 2 | {frontmatter} 3 | 4 | # Foreword 5 | 6 | %% To be written by someone eminent other than the author, to lend credibility. 7 | 8 | Application Security is hard, very hard. It is often counter intuitive with attackers using lateral thinking to abuse a service. 9 | I started my security journey when I was developing important, externally facing web applications with a large FTSE 100 company. Like many developers I had had absolutely no formal security training whatsoever and relied on the little knowledge that I'd picked up in passing. The results of a penetration test against one of the applications I had designed and built convinced me that I needed to radically improve my security knowledge. 10 | 11 | Security is still often the poor relation when it comes to developing web applications. 12 | Developers still do not get sufficient security training, and when security is considered, it is often left to a penetration test at the end of a development just prior to going live. This is way too late. 13 | 14 | Security needs to be considered throughout the development lifecycle. 15 | Everyone involved in application development needs to have a basic understanding of security, and developers need to know much more than that. 16 | Security professions do not typically prevent or fix security issues, they only find them. Developers need to design and build software that is resilient to attack and they can only do that if they understand how, why and where their systems will be attacked. 17 | 18 | This is where books like this come in. 19 | Kim's background as a software engineer means that he understands the development process and the pressures that developers are under. 20 | It is a wide ranging book that can help you learn about all aspects of security and help you design and build secure systems. 21 | 22 | > Simon Bennetts - [Zed Attack Proxy](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) Lead -------------------------------------------------------------------------------- /manuscript/markdown/front/introduction.md: -------------------------------------------------------------------------------- 1 | # Introduction 2 | 3 | %% An introduction deals with the subject of the book, supplementing and introducing the text and indicating a point of view to be adopted by the reader. The introduction usually forms a part of the text [and the text numbering system]; the preface does not." (In other words, the arabic numbering of the book (1,2,3) starts with the introduction, if there is one. The other front matter takes i, ii, iii, etc.) 4 | 5 | In-depth guidance for Web Developers, Engineers, Architects and their teams, based on 25 years experience architecting, engineering, breaking and redesigning physical and technological systems then repeating the cycle iteratively. 6 | 7 | Holistic InfoSec For Web Developers is focused toward agile teams and the realisation that high quality doesn't have to be expensive, providing it's introduced at the right points in the Development Life Cycle (DLC). I focus on bringing quality building practises into each Sprint as part of the Teams Definition of Done (DoD), rather than waiting until go-live when the cost of fixing defects is at its highest. 8 | 9 | Traditionally, security has been applied at the end of projects where it's most costly in the development life cycle to re-design and re-deploy. This is why security, and in fact quality in general, is often seen as being to expensive and corners are cut. I discuss many processes and practises in chapter 4 to reduce the focus of labour intensive and costly security assessments, and tests being performed by deeply specialised security consultants, to techniques and activities that can be crafted by the Development Team and carried out within each Sprint. Effectively removing defects as they are being introduced. 10 | 11 | The processes and practices I'm going to introduce, will help you reduce the most likely to be compromised security defects first, at the earliest possible point in time. Right where they are introduced. Iterate on Design -> Build -> Break, at every point of the development life cycle. Including within each Sprint for each Product Backlog Item (PBI) that's pulled into work in progress (WIP). We become good at what we do by failing fast in development, fixing it, then trying again. This same strategy applies to all areas of life. 12 | 13 | W> Don't wait until you're on the stage, where the cost of your mistakes is at its highest. 14 | 15 | When it comes to providing countermeasures to the identified risks, measuring the security posture of an application or network is the step before. The best defence against an attacker is offence. This means your best defence is to have someone with your best interests, someone employed or contracted by you when discussing your assets, assess the vulnerabilities of your assets and attempt to exploit them. 16 | 17 | Each of the topic chapters (as shown on the cover) utilise a five step threat modelling process not dissimilar to Bruce Schneier's [Sensible Security Model](http://www.win.tue.nl/~wstomv/quotes/beyond-fear.html) (SSM). In which I take you the reader through the five steps for the specific topic. 18 | 19 | Asset Identification (Step 1): Provides insight on what your assets are. This is not always obvious at first. By studying our adversaries, their behaviours and goals, what they are attempting to obtain from you and how they go about acquiring it, assists us in defining what our assets are. These are the items we want to protect. I provide many examples throughout the book. 20 | 21 | Identify Risks (Step 2): By starting to understand what our assets are, we are able to start thinking about the possible risks to each of them. Throughout the book I reveal the different agendas of your attackers, what their goals are and the types of attacks they carry out to achieve them. We study their attack life cycle which is covered in the Penetration Testing subsection of the Process and Practises chapter, their tools, techniques and strategies for exploiting weaknesses in your defences. By beating your attackers to your weaknesses, we are able to determine where and what they are, and mitigate them before your adversaries can exploit them. We also work through many hands on attacks to provide you with context of how to start building up countermeasures. 22 | 23 | Countermeasures (Step 3): Once we have a fairly good idea of the risks to your assets, we explore many countermeasures. These are then converted into security focussed Product Backlog Items, which you work together with your Product Owner in ordering them within the Scrum Product Backlog, based on the lowest hanging fruit for an attacker being the items nearest the top of the Backlog. Your Scrum team pulls the highest rating PBI(s) into the Sprint Backlog at Sprint Planning. 24 | 25 | Risks that Solution Causes (Step 4): There will be new risks that the countermeasures introduce. We work through what these might be for every countermeasure identified and how to recognise them. This helps us feed into the last step in which we make trade-offs based on what we learn from this step. 26 | 27 | Costs and Trade-offs (Step 5): We look at some techniques for establishing what the costs of the security solutions may be and we discuss many trade-offs. This encapsulates the essence of pragmatism. These steps are not hard and fast. We learn more as we work though them and we frequently revisit previous steps and refine our Product Backlog Items, just as the Scrum Team refines any PBI as it approaches the top of the Backlog to be pulled into a Sprint. 28 | 29 | The general approach to reading this book, is to iterate on the 30,000' view, which is covered in the first chapter. Then iterate on each of the 10,000' views that are applicable for your specific domain and systems. The Tooling Setup chapter will establish your tool-box to be used throughout the book. In the Process and Practises chapter we take learnings from the attackers perspective and apply them to the Scrum Teams work-flow 30 | 31 | I've used a similar graphic set that the OWASP Top 10 uses for vulnerabilities through out the book for the risk in the following vein: 32 | Exploitability: [EASY|AVERAGE|DIFFICULT|VERY DIFFICULT] 33 | Prevalence: [VERY WIDESPREAD|WIDESPREAD|COMMON|UNCOMMON] 34 | Detectability: [DIFFICULT|AVERAGE|EASY|VERY EASY] 35 | Impact: [SEVERE|MODERATE|LOW] 36 | 37 | Then for the countermeasures again following OWASP's lead: 38 | Prevention: [DIFFICULT|AVERAGE|EASY|VERY EASY]. 39 | 40 | Where ever you see the following fiddling devil. It means it's hands on attack sequence time: 41 | 42 | ![](images/HandsOnHack.png) 43 | 44 | W> This is a Warning. 45 | 46 | T> This is a Tip. 47 | 48 | I> This is extra information. 49 | 50 | -------------------------------------------------------------------------------- /manuscript/markdown/front/preface.md: -------------------------------------------------------------------------------- 1 | 2 | {frontmatter} 3 | 4 | # Preface 5 | 6 | 7 | 8 | %% A preface or foreword deals with the genesis, purpose, limitations, and scope of the book and may include acknowledgments of indebtedness. 9 | 10 | 11 | ## Description 12 | 13 | This book begins by taking the reader to the 30,000' view, so you can start to see the entire security landscape. I then attempt to explain a very simple threat modelling approach that I believe Bruce Schneier created, called the Sensible Security Model (SSM). We take the learnings from the first chapter and apply them to lower levels. I detail how to set-up a security focussed distribution with all the tools and configuration options required for working through the book. We then walk through the Process and Practises that the attackers often execute, and we take the learnings from that and train the defenders on how they can bring the finding of defects from the most expensive place to the cheapest place, within your Sprint cycles. 14 | 15 | The rest of the book focusses on the specific areas addressed on the cover of this book. 16 | 17 | ## Purpose 18 | 19 | My intention with "Holistic Info-Sec for Web Developers" is in many ways to help you answer your own questions and show you that creating systems and arming people to withstand the types of attacks commonly encounted today is not out of reach of mere mortals. That by simply lifting the lower hanging fruit for an attacker often means they will move on to an easier target. Unless they are specifically targeting you. In which case you should find many of the risks and countermeasures I address, effective for increasing the difficulty for your attacker, and thus dramatically increasing your chances of defence and counter-attack. 20 | 21 | ## Reason 22 | 23 | As I was travelling to New York City to speak at a technology architects conference from New Zealand, I had 17 hours to get quite a bit of work done, catch up on some book reading, podcast listening and do lots of thinking. It was on that flight that God gave me the concept for this book. I realised I was in a unique place as an architect, engineer and security professional, with a previous career in the physical construction industry, to be able to bridge the gap between the attacking side of our industry and those under attack. I had enough time to work out how best to approach the structure and content and started to shape it on my github wiki. Which was later used at a CampJS tutorial. 24 | From working as a software engineer, I knew that my fellow engineers spent all their working concentration in tunnel vision and very rarely took the opportunity to step back from their code, config, hardware, PCBs and any other technical aspects that consumed their time in order to look at the entire security landscape that affects us all. 25 | 26 | The reason I set out on the journey of distilling my knowledge and others into this form to be consumed by Web Developers, is because I saw the great need for it amongst my friends and colleagues. 27 | 28 | ## Acknowledgements 29 | 30 | ![](images/LeanneCarter.png) 31 | 32 | Leanne Carter: For being the long suffering wife of a technologist that often puts his priorities in the wrong places. Leanne has a very pragmatic approach to everything, always seeing the simple (should be obvious) answers to everything. One of Leanne's natural abilities is being able to walk into a room and lighten the mood instantly. Reviewing and proof editing. 33 | 34 | ![](images/RussMcRee.png) 35 | 36 | Russ McRee: For helping and chair leading with many aspects of the book writing and promoting process, for contacts, reaching out to them requesting favours. Technical Editing. Making sense of my writing and helping to shape and mould it into something that is easily readable by the target audience. 37 | 38 | %% Any others here? 39 | 40 | Also be sure to review the Attributions chapter. 41 | 42 | ## Influences 43 | 44 | %% Todo: In Fascicle 1 I'll go over influences around specific languages. 45 | 46 | Bruce Schneier is an exceptionally talented person that turned his energies to information security, and often more specifically cryptography. Our industry owes a lot to Bruce for his insight and pragmatism in security. 47 | 48 | Both Steve McConnell and Bob Martin have written several books that in my opinion remain timeless and capture the essence of what creating quality software means, with many clear guidelines as to how one should go about doing this. They also discuss the common issues of how a software engineer should go about converting defective projects into beautiful, functional and maintainable solutions. There are many other great software engineers that have written excellent guidance, but I always seem to come back to Bob and Steve's books. 49 | 50 | So many others that I would love to thank and owe a lot to being so generous in passing on their knowledge, insight and wisdom in regards to technology. 51 | --------------------------------------------------------------------------------