├── .gitignore ├── CONTRIBUTING.md ├── Gemfile ├── Gemfile.lock ├── LICENSE.md ├── README.md ├── _config.yml ├── _headers ├── _includes ├── footer.html ├── head.html ├── header.html ├── icon-github.html ├── icon-github.svg ├── icon-twitter.html ├── icon-twitter.svg ├── scripts.html └── segment.html ├── _layouts ├── default.html ├── home.html ├── page.html └── post.html ├── _redirects ├── _sass ├── design │ ├── _colors.scss │ ├── _font.scss │ ├── _mixin.scss │ ├── _reset.scss │ └── _title.scss ├── elements │ ├── footer.scss │ └── github-corner.scss └── pages │ ├── home.scss │ └── layout.scss ├── _tips ├── audit-your-infrastructure-on-a-regular-basis.markdown ├── automatically-configure-and-update-your-servers.markdown ├── backup-regurlarly.markdown ├── check-that-tls-certificates-are-not-set-to-expire.markdown ├── check-your-ssl-tls-configurations.markdown ├── control-access-on-your-cloud-providers.markdown ├── cover-your-ass.markdown ├── detect-insider-threats.markdown ├── dont-implement-your-own-crypto.markdown ├── dont-store-credit-card-information.markdown ├── encrypted-all-the-things.markdown ├── enforce-two-factor-authentification.markdown ├── ensure-compliance-with-relevant-industry-standards.markdown ├── ensure-you-are-using-security-headers.markdown ├── follow-an-onboarding-offboarding-checklist.markdown ├── gamify-security-and-train-employees-on-a-regular-basis.markdown ├── get-notified-when-your-app-is-under-attack.markdown ├── go-hack-yourself.markdown ├── harden-ssh-configuration.markdown ├── have-a-public-bug-bounty-program.markdown ├── have-a-public-security-policy.markdown ├── integrate-security-scanners-in-your-ci-pipeline.markdown ├── keep-your-containers-protected.markdown ├── keep-your-dependencies-up-to-date.markdown ├── log-all-the-things.markdown ├── manage-secrets-with-dedicated-tools-and-vaults.markdown ├── monitor-third-party-vendors.markdown ├── monitor-your-authorizations.markdown ├── monitoring-your-dns-expiration-date.markdown ├── protect-against-denial-of-service.markdown ├── protect-your-application-against-breaches.markdown ├── protect-your-ci-cd-tools-like-your-product.markdown ├── protect-your-servers-and-infrastructure.markdown ├── protect-your-users-against-account-takeovers.markdown ├── run-security-tests-on-your-code.markdown ├── stay-on-top-of-best-practices.markdown ├── store-encrypted-passwords-in-your-configuration-management.markdown ├── understand-the-risk.markdown ├── upgrade-yours-servers-regurlarly.markdown └── use-an-immutable-infrastructure.markdown ├── android-chrome-192x192.png ├── android-chrome-512x512.png ├── apple-touch-icon.png ├── assets └── main.scss ├── browserconfig.xml ├── develop.sh ├── favicon-16x16.png ├── favicon-32x32.png ├── favicon.ico ├── fonts ├── FilsonSoftBook.eot ├── FilsonSoftBook.svg ├── FilsonSoftBook.ttf ├── FilsonSoftBook.woff ├── FilsonSoftMedium.eot ├── FilsonSoftMedium.svg ├── FilsonSoftMedium.ttf ├── FilsonSoftMedium.woff ├── FilsonSoftRegular.eot ├── FilsonSoftRegular.svg ├── FilsonSoftRegular.ttf ├── FilsonSoftRegular.woff ├── hinted-ProximaNova-Black.eot ├── hinted-ProximaNova-Black.ttf ├── hinted-ProximaNova-Black.woff ├── hinted-ProximaNova-Black.woff2 ├── hinted-ProximaNova-Bold.eot ├── hinted-ProximaNova-Bold.ttf ├── hinted-ProximaNova-Bold.woff ├── hinted-ProximaNova-Bold.woff2 ├── hinted-ProximaNova-Extrabld.eot ├── hinted-ProximaNova-Extrabld.ttf ├── hinted-ProximaNova-Extrabld.woff ├── hinted-ProximaNova-Extrabld.woff2 ├── hinted-ProximaNova-Light.eot ├── hinted-ProximaNova-Light.ttf ├── hinted-ProximaNova-Light.woff ├── hinted-ProximaNova-Light.woff2 ├── hinted-ProximaNova-Regular.eot ├── hinted-ProximaNova-Regular.ttf ├── hinted-ProximaNova-Regular.woff ├── hinted-ProximaNova-Regular.woff2 ├── hinted-ProximaNova-Semibold.eot ├── hinted-ProximaNova-Semibold.ttf ├── hinted-ProximaNova-Semibold.woff ├── hinted-ProximaNova-Semibold.woff2 ├── hinted-ProximaNovaT-Thin.eot ├── hinted-ProximaNovaT-Thin.ttf ├── hinted-ProximaNovaT-Thin.woff └── hinted-ProximaNovaT-Thin.woff2 ├── images ├── arrow-bottom.svg ├── burger.svg ├── cross.svg ├── icon-check.svg ├── icon-facebook.svg ├── icon-linkedin.svg ├── icon-twitter-white.svg ├── icon-twitter.svg ├── logo-csc.svg ├── scsc-logo.svg ├── share-pic.jpg ├── sqreen-logo-grey.svg └── sqreen-logo.svg ├── index.md ├── js ├── main.js └── vendors │ ├── isotope.pkgd.min.js │ ├── jquery-3.1.1.min.js │ ├── scrollspy.js │ └── viewport-units-buggyfill.js ├── manifest.json ├── mstile-144x144.png ├── mstile-150x150.png ├── mstile-310x150.png ├── mstile-310x310.png ├── mstile-70x70.png ├── safari-pinned-tab.svg └── script ├── bootstrap ├── build └── cibuild /.gitignore: -------------------------------------------------------------------------------- 1 | _site 2 | .sass-cache 3 | .jekyll-metadata 4 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contribution Guidelines 2 | 3 | Contributions to this Security Checklist are encouraged through pull-requests. 4 | 5 | ## Adding a new item to the checklist 6 | 7 | - Make an individual pull request for each suggestion. 8 | - Fill the following sections: 9 | - item section 10 | - item title 11 | - company stage 12 | - item details 13 | - item relevant links (Minimum 1. Max 3) 14 | - Keep the item details concise and simple. 15 | - Don't add more than three relevant links. 16 | - The pull request and commit should have a useful title. 17 | 18 | ## Improving of modifying current items 19 | 20 | - You can also improve current items by submitting pull-requests. 21 | - To keep the quality standard of this checklist high, no more than 3 links can be added to an item. 22 | 23 | ## Quality standard 24 | 25 | - We reserve the right to reject pull requests and close issues if we do not agree with how they affect the checklist. 26 | - The items in this list should be relevant to startups. 27 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source "https://rubygems.org" 2 | ruby RUBY_VERSION 3 | 4 | # Hello! This is where you manage which Jekyll version is used to run. 5 | # When you want to use a different version, change it below, save the 6 | # file and run `bundle install`. Run Jekyll with `bundle exec`, like so: 7 | # 8 | # bundle exec jekyll serve 9 | # 10 | # This will help ensure the proper Jekyll version is running. 11 | # Happy Jekylling! 12 | gem "jekyll", "3.4.1" 13 | 14 | # Windows does not include zoneinfo files, so bundle the tzinfo-data gem 15 | gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby] 16 | gem 'jekyll-feed' 17 | -------------------------------------------------------------------------------- /Gemfile.lock: -------------------------------------------------------------------------------- 1 | GEM 2 | remote: https://rubygems.org/ 3 | specs: 4 | addressable (2.5.0) 5 | public_suffix (~> 2.0, >= 2.0.2) 6 | colorator (1.1.0) 7 | ffi (1.9.18) 8 | forwardable-extended (2.6.0) 9 | jekyll (3.4.1) 10 | addressable (~> 2.4) 11 | colorator (~> 1.0) 12 | jekyll-sass-converter (~> 1.0) 13 | jekyll-watch (~> 1.1) 14 | kramdown (~> 1.3) 15 | liquid (~> 3.0) 16 | mercenary (~> 0.3.3) 17 | pathutil (~> 0.9) 18 | rouge (~> 1.7) 19 | safe_yaml (~> 1.0) 20 | jekyll-feed (0.9.2) 21 | jekyll (~> 3.3) 22 | jekyll-sass-converter (1.5.0) 23 | sass (~> 3.4) 24 | jekyll-watch (1.5.0) 25 | listen (~> 3.0, < 3.1) 26 | kramdown (1.13.2) 27 | liquid (3.0.6) 28 | listen (3.0.8) 29 | rb-fsevent (~> 0.9, >= 0.9.4) 30 | rb-inotify (~> 0.9, >= 0.9.7) 31 | mercenary (0.3.6) 32 | pathutil (0.14.0) 33 | forwardable-extended (~> 2.6) 34 | public_suffix (2.0.5) 35 | rb-fsevent (0.9.8) 36 | rb-inotify (0.9.8) 37 | ffi (>= 0.5.0) 38 | rouge (1.11.1) 39 | safe_yaml (1.0.4) 40 | sass (3.4.23) 41 | 42 | PLATFORMS 43 | ruby 44 | 45 | DEPENDENCIES 46 | jekyll (= 3.4.1) 47 | jekyll-feed 48 | tzinfo-data 49 | 50 | RUBY VERSION 51 | ruby 2.0.0p648 52 | 53 | BUNDLED WITH 54 | 1.14.6 55 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | ## creative commons 2 | 3 | # Attribution-NonCommercial-ShareAlike 4.0 International 4 | 5 | Creative Commons Corporation (“Creative Commons”) is not a law firm and does not provide legal services or legal advice. Distribution of Creative Commons public licenses does not create a lawyer-client or other relationship. Creative Commons makes its licenses and related information available on an “as-is” basis. Creative Commons gives no warranties regarding its licenses, any material licensed under their terms and conditions, or any related information. Creative Commons disclaims all liability for damages resulting from their use to the fullest extent possible. 6 | 7 | ### Using Creative Commons Public Licenses 8 | 9 | Creative Commons public licenses provide a standard set of terms and conditions that creators and other rights holders may use to share original works of authorship and other material subject to copyright and certain other rights specified in the public license below. The following considerations are for informational purposes only, are not exhaustive, and do not form part of our licenses. 10 | 11 | * __Considerations for licensors:__ Our public licenses are intended for use by those authorized to give the public permission to use material in ways otherwise restricted by copyright and certain other rights. Our licenses are irrevocable. Licensors should read and understand the terms and conditions of the license they choose before applying it. Licensors should also secure all rights necessary before applying our licenses so that the public can reuse the material as expected. Licensors should clearly mark any material not subject to the license. This includes other CC-licensed material, or material used under an exception or limitation to copyright. [More considerations for licensors](http://wiki.creativecommons.org/Considerations_for_licensors_and_licensees#Considerations_for_licensors). 12 | 13 | * __Considerations for the public:__ By using one of our public licenses, a licensor grants the public permission to use the licensed material under specified terms and conditions. If the licensor’s permission is not necessary for any reason–for example, because of any applicable exception or limitation to copyright–then that use is not regulated by the license. Our licenses grant only permissions under copyright and certain other rights that a licensor has authority to grant. Use of the licensed material may still be restricted for other reasons, including because others have copyright or other rights in the material. A licensor may make special requests, such as asking that all changes be marked or described. Although not required by our licenses, you are encouraged to respect those requests where reasonable. [More considerations for the public](http://wiki.creativecommons.org/Considerations_for_licensors_and_licensees#Considerations_for_licensees). 14 | 15 | ## Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International Public License 16 | 17 | By exercising the Licensed Rights (defined below), You accept and agree to be bound by the terms and conditions of this Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International Public License ("Public License"). To the extent this Public License may be interpreted as a contract, You are granted the Licensed Rights in consideration of Your acceptance of these terms and conditions, and the Licensor grants You such rights in consideration of benefits the Licensor receives from making the Licensed Material available under these terms and conditions. 18 | 19 | ### Section 1 – Definitions. 20 | 21 | a. __Adapted Material__ means material subject to Copyright and Similar Rights that is derived from or based upon the Licensed Material and in which the Licensed Material is translated, altered, arranged, transformed, or otherwise modified in a manner requiring permission under the Copyright and Similar Rights held by the Licensor. For purposes of this Public License, where the Licensed Material is a musical work, performance, or sound recording, Adapted Material is always produced where the Licensed Material is synched in timed relation with a moving image. 22 | 23 | b. __Adapter's License__ means the license You apply to Your Copyright and Similar Rights in Your contributions to Adapted Material in accordance with the terms and conditions of this Public License. 24 | 25 | c. __BY-NC-SA Compatible License__ means a license listed at [creativecommons.org/compatiblelicenses](http://creativecommons.org/compatiblelicenses), approved by Creative Commons as essentially the equivalent of this Public License. 26 | 27 | d. __Copyright and Similar Rights__ means copyright and/or similar rights closely related to copyright including, without limitation, performance, broadcast, sound recording, and Sui Generis Database Rights, without regard to how the rights are labeled or categorized. For purposes of this Public License, the rights specified in Section 2(b)(1)-(2) are not Copyright and Similar Rights. 28 | 29 | e. __Effective Technological Measures__ means those measures that, in the absence of proper authority, may not be circumvented under laws fulfilling obligations under Article 11 of the WIPO Copyright Treaty adopted on December 20, 1996, and/or similar international agreements. 30 | 31 | f. __Exceptions and Limitations__ means fair use, fair dealing, and/or any other exception or limitation to Copyright and Similar Rights that applies to Your use of the Licensed Material. 32 | 33 | g. __License Elements__ means the license attributes listed in the name of a Creative Commons Public License. The License Elements of this Public License are Attribution, NonCommercial, and ShareAlike. 34 | 35 | h. __Licensed Material__ means the artistic or literary work, database, or other material to which the Licensor applied this Public License. 36 | 37 | i. __Licensed Rights__ means the rights granted to You subject to the terms and conditions of this Public License, which are limited to all Copyright and Similar Rights that apply to Your use of the Licensed Material and that the Licensor has authority to license. 38 | 39 | h. __Licensor__ means the individual(s) or entity(ies) granting rights under this Public License. 40 | 41 | i. __NonCommercial__ means not primarily intended for or directed towards commercial advantage or monetary compensation. For purposes of this Public License, the exchange of the Licensed Material for other material subject to Copyright and Similar Rights by digital file-sharing or similar means is NonCommercial provided there is no payment of monetary compensation in connection with the exchange. 42 | 43 | j. __Share__ means to provide material to the public by any means or process that requires permission under the Licensed Rights, such as reproduction, public display, public performance, distribution, dissemination, communication, or importation, and to make material available to the public including in ways that members of the public may access the material from a place and at a time individually chosen by them. 44 | 45 | k. __Sui Generis Database Rights__ means rights other than copyright resulting from Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, as amended and/or succeeded, as well as other essentially equivalent rights anywhere in the world. 46 | 47 | l. __You__ means the individual or entity exercising the Licensed Rights under this Public License. Your has a corresponding meaning. 48 | 49 | ### Section 2 – Scope. 50 | 51 | a. ___License grant.___ 52 | 53 | 1. Subject to the terms and conditions of this Public License, the Licensor hereby grants You a worldwide, royalty-free, non-sublicensable, non-exclusive, irrevocable license to exercise the Licensed Rights in the Licensed Material to: 54 | 55 | A. reproduce and Share the Licensed Material, in whole or in part, for NonCommercial purposes only; and 56 | 57 | B. produce, reproduce, and Share Adapted Material for NonCommercial purposes only. 58 | 59 | 2. __Exceptions and Limitations.__ For the avoidance of doubt, where Exceptions and Limitations apply to Your use, this Public License does not apply, and You do not need to comply with its terms and conditions. 60 | 61 | 3. __Term.__ The term of this Public License is specified in Section 6(a). 62 | 63 | 4. __Media and formats; technical modifications allowed.__ The Licensor authorizes You to exercise the Licensed Rights in all media and formats whether now known or hereafter created, and to make technical modifications necessary to do so. The Licensor waives and/or agrees not to assert any right or authority to forbid You from making technical modifications necessary to exercise the Licensed Rights, including technical modifications necessary to circumvent Effective Technological Measures. For purposes of this Public License, simply making modifications authorized by this Section 2(a)(4) never produces Adapted Material. 64 | 65 | 5. __Downstream recipients.__ 66 | 67 | A. __Offer from the Licensor – Licensed Material.__ Every recipient of the Licensed Material automatically receives an offer from the Licensor to exercise the Licensed Rights under the terms and conditions of this Public License. 68 | 69 | B. __Additional offer from the Licensor – Adapted Material.__ Every recipient of Adapted Material from You automatically receives an offer from the Licensor to exercise the Licensed Rights in the Adapted Material under the conditions of the Adapter’s License You apply. 70 | 71 | C. __No downstream restrictions.__ You may not offer or impose any additional or different terms or conditions on, or apply any Effective Technological Measures to, the Licensed Material if doing so restricts exercise of the Licensed Rights by any recipient of the Licensed Material. 72 | 73 | 6. __No endorsement.__ Nothing in this Public License constitutes or may be construed as permission to assert or imply that You are, or that Your use of the Licensed Material is, connected with, or sponsored, endorsed, or granted official status by, the Licensor or others designated to receive attribution as provided in Section 3(a)(1)(A)(i). 74 | 75 | b. ___Other rights.___ 76 | 77 | 1. Moral rights, such as the right of integrity, are not licensed under this Public License, nor are publicity, privacy, and/or other similar personality rights; however, to the extent possible, the Licensor waives and/or agrees not to assert any such rights held by the Licensor to the limited extent necessary to allow You to exercise the Licensed Rights, but not otherwise. 78 | 79 | 2. Patent and trademark rights are not licensed under this Public License. 80 | 81 | 3. To the extent possible, the Licensor waives any right to collect royalties from You for the exercise of the Licensed Rights, whether directly or through a collecting society under any voluntary or waivable statutory or compulsory licensing scheme. In all other cases the Licensor expressly reserves any right to collect such royalties, including when the Licensed Material is used other than for NonCommercial purposes. 82 | 83 | ### Section 3 – License Conditions. 84 | 85 | Your exercise of the Licensed Rights is expressly made subject to the following conditions. 86 | 87 | a. ___Attribution.___ 88 | 89 | 1. If You Share the Licensed Material (including in modified form), You must: 90 | 91 | A. retain the following if it is supplied by the Licensor with the Licensed Material: 92 | 93 | i. identification of the creator(s) of the Licensed Material and any others designated to receive attribution, in any reasonable manner requested by the Licensor (including by pseudonym if designated); 94 | 95 | ii. a copyright notice; 96 | 97 | iii. a notice that refers to this Public License; 98 | 99 | iv. a notice that refers to the disclaimer of warranties; 100 | 101 | v. a URI or hyperlink to the Licensed Material to the extent reasonably practicable; 102 | 103 | B. indicate if You modified the Licensed Material and retain an indication of any previous modifications; and 104 | 105 | C. indicate the Licensed Material is licensed under this Public License, and include the text of, or the URI or hyperlink to, this Public License. 106 | 107 | 2. You may satisfy the conditions in Section 3(a)(1) in any reasonable manner based on the medium, means, and context in which You Share the Licensed Material. For example, it may be reasonable to satisfy the conditions by providing a URI or hyperlink to a resource that includes the required information. 108 | 109 | 3. If requested by the Licensor, You must remove any of the information required by Section 3(a)(1)(A) to the extent reasonably practicable. 110 | 111 | b. ___ShareAlike.___ 112 | 113 | In addition to the conditions in Section 3(a), if You Share Adapted Material You produce, the following conditions also apply. 114 | 115 | 1. The Adapter’s License You apply must be a Creative Commons license with the same License Elements, this version or later, or a BY-NC-SA Compatible License. 116 | 117 | 2. You must include the text of, or the URI or hyperlink to, the Adapter's License You apply. You may satisfy this condition in any reasonable manner based on the medium, means, and context in which You Share Adapted Material. 118 | 119 | 3. You may not offer or impose any additional or different terms or conditions on, or apply any Effective Technological Measures to, Adapted Material that restrict exercise of the rights granted under the Adapter's License You apply. 120 | 121 | ### Section 4 – Sui Generis Database Rights. 122 | 123 | Where the Licensed Rights include Sui Generis Database Rights that apply to Your use of the Licensed Material: 124 | 125 | a. for the avoidance of doubt, Section 2(a)(1) grants You the right to extract, reuse, reproduce, and Share all or a substantial portion of the contents of the database for NonCommercial purposes only; 126 | 127 | b. if You include all or a substantial portion of the database contents in a database in which You have Sui Generis Database Rights, then the database in which You have Sui Generis Database Rights (but not its individual contents) is Adapted Material, including for purposes of Section 3(b); and 128 | 129 | c. You must comply with the conditions in Section 3(a) if You Share all or a substantial portion of the contents of the database. 130 | 131 | For the avoidance of doubt, this Section 4 supplements and does not replace Your obligations under this Public License where the Licensed Rights include other Copyright and Similar Rights. 132 | 133 | ### Section 5 – Disclaimer of Warranties and Limitation of Liability. 134 | 135 | a. __Unless otherwise separately undertaken by the Licensor, to the extent possible, the Licensor offers the Licensed Material as-is and as-available, and makes no representations or warranties of any kind concerning the Licensed Material, whether express, implied, statutory, or other. This includes, without limitation, warranties of title, merchantability, fitness for a particular purpose, non-infringement, absence of latent or other defects, accuracy, or the presence or absence of errors, whether or not known or discoverable. Where disclaimers of warranties are not allowed in full or in part, this disclaimer may not apply to You.__ 136 | 137 | b. __To the extent possible, in no event will the Licensor be liable to You on any legal theory (including, without limitation, negligence) or otherwise for any direct, special, indirect, incidental, consequential, punitive, exemplary, or other losses, costs, expenses, or damages arising out of this Public License or use of the Licensed Material, even if the Licensor has been advised of the possibility of such losses, costs, expenses, or damages. Where a limitation of liability is not allowed in full or in part, this limitation may not apply to You.__ 138 | 139 | c. The disclaimer of warranties and limitation of liability provided above shall be interpreted in a manner that, to the extent possible, most closely approximates an absolute disclaimer and waiver of all liability. 140 | 141 | ### Section 6 – Term and Termination. 142 | 143 | a. This Public License applies for the term of the Copyright and Similar Rights licensed here. However, if You fail to comply with this Public License, then Your rights under this Public License terminate automatically. 144 | 145 | b. Where Your right to use the Licensed Material has terminated under Section 6(a), it reinstates: 146 | 147 | 1. automatically as of the date the violation is cured, provided it is cured within 30 days of Your discovery of the violation; or 148 | 149 | 2. upon express reinstatement by the Licensor. 150 | 151 | For the avoidance of doubt, this Section 6(b) does not affect any right the Licensor may have to seek remedies for Your violations of this Public License. 152 | 153 | c. For the avoidance of doubt, the Licensor may also offer the Licensed Material under separate terms or conditions or stop distributing the Licensed Material at any time; however, doing so will not terminate this Public License. 154 | 155 | d. Sections 1, 5, 6, 7, and 8 survive termination of this Public License. 156 | 157 | ### Section 7 – Other Terms and Conditions. 158 | 159 | a. The Licensor shall not be bound by any additional or different terms or conditions communicated by You unless expressly agreed. 160 | 161 | b. Any arrangements, understandings, or agreements regarding the Licensed Material not stated herein are separate from and independent of the terms and conditions of this Public License. 162 | 163 | ### Section 8 – Interpretation. 164 | 165 | a. For the avoidance of doubt, this Public License does not, and shall not be interpreted to, reduce, limit, restrict, or impose conditions on any use of the Licensed Material that could lawfully be made without permission under this Public License. 166 | 167 | b. To the extent possible, if any provision of this Public License is deemed unenforceable, it shall be automatically reformed to the minimum extent necessary to make it enforceable. If the provision cannot be reformed, it shall be severed from this Public License without affecting the enforceability of the remaining terms and conditions. 168 | 169 | c. No term or condition of this Public License will be waived and no failure to comply consented to unless expressly agreed to by the Licensor. 170 | 171 | d. Nothing in this Public License constitutes or may be interpreted as a limitation upon, or waiver of, any privileges and immunities that apply to the Licensor or You, including from the legal processes of any jurisdiction or authority. 172 | 173 | ``` 174 | Creative Commons is not a party to its public licenses. Notwithstanding, Creative Commons may elect to apply one of its public licenses to material it publishes and in those instances will be considered the “Licensor.” Except for the limited purpose of indicating that material is shared under a Creative Commons public license or as otherwise permitted by the Creative Commons policies published at [creativecommons.org/policies](http://creativecommons.org/policies), Creative Commons does not authorize the use of the trademark “Creative Commons” or any other trademark or logo of Creative Commons without its prior written consent including, without limitation, in connection with any unauthorized modifications to any of its public licenses or any other arrangements, understandings, or agreements concerning use of licensed material. For the avoidance of doubt, this paragraph does not form part of the public licenses. 175 | 176 | Creative Commons may be contacted at creativecommons.org 177 | ``` 178 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [![logo](https://devops-security-checklist.sqreen.io/images/share-pic.jpg)](https://devops-security-checklist.sqreen.io/) 2 | 3 | # The DevOps Security Checklist 4 | 5 | The content of this checklist is now deprecated. If you want to read the updated version check [https://www.sqreen.io/checklists/devops-security-checklist](https://www.sqreen.io/checklists/devops-security-checklist) 6 | 7 | Security is increasingly becoming the responsibility of DevOps teams. Movements like DevSecOps are contributing to this change. 8 | This security checklist aims to give DevOps professionals a list of security best practices they can follow according to their company stage. 9 | DevOps teams make security decisions several times, everyday! Security is a moving target. The applicable recommendations for a Series B company will not be relevant for an early stage company. 10 | Select your company stage and use these rules to improve your security. 11 | This list is far from being exhaustive. Feel free to contribute! 12 | -------------------------------------------------------------------------------- /_config.yml: -------------------------------------------------------------------------------- 1 | # Welcome to Jekyll! 2 | # 3 | # This config file is meant for settings that affect your whole blog, values 4 | # which you are expected to set up once and rarely edit after that. If you find 5 | # yourself editing this file very often, consider using Jekyll's data files 6 | # feature for the data you need to update frequently. 7 | # 8 | # For technical reasons, this file is *NOT* reloaded automatically when you use 9 | # 'bundle exec jekyll serve'. If you change this file, please restart the server process. 10 | 11 | # Site settings 12 | # These are used to personalize your new site. If you look in the HTML files, 13 | # you will see them accessed via {{ site.title }}, {{ site.email }}, and so on. 14 | # You can create any custom variable you would like, and they will be accessible 15 | # in the templates via {{ site.myvariable }}. 16 | title: DevOps Security Checklist 17 | email: contact@sqreen.io 18 | description: > # this means to ignore newlines until "baseurl:" 19 | Write an awesome description for your new site here. You can edit this 20 | line in _config.yml. It will appear in your document head meta (for 21 | Google search results) and in your feed.xml site description. 22 | baseurl: "" # the subpath of your site, e.g. /blog 23 | url: "" # the base hostname & protocol for your site, e.g. http://example.com 24 | twitter_username: jekyllrb 25 | github_username: jekyll 26 | 27 | # Build settings 28 | markdown: kramdown 29 | gems: 30 | - jekyll-feed 31 | exclude: 32 | - Gemfile 33 | - Gemfile.lock 34 | collections: 35 | tips: 36 | output: true 37 | defaults: 38 | - scope: 39 | path: "" 40 | type: tips 41 | values: 42 | layout: page 43 | -------------------------------------------------------------------------------- /_headers: -------------------------------------------------------------------------------- 1 | /* 2 | X-Frame-Options: DENY 3 | X-XSS-Protection: 1; mode=block 4 | X-Content-Type-Options: nosniff 5 | Referrer-Policy: same-origin 6 | Content-Security-Policy-Report-Only: script-src 'self'; img-src 'self'; object-src 'self'; manifest-src 'self'; default-src 'self'; frame-src 'self'; worker-src 'self'; style-src 'self'; connect-src 'self'; child-src 'self'; media-src 'self'; font-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/d80aca36-0932-44c5-8e10-3dc4e06052ec 7 | -------------------------------------------------------------------------------- /_includes/footer.html: -------------------------------------------------------------------------------- 1 | 18 | -------------------------------------------------------------------------------- /_includes/head.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {% if page.title %}{{ page.title | escape }}{% else %}{{ site.title | escape }}{% endif %} 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | {% include segment.html %} 39 | 40 | -------------------------------------------------------------------------------- /_includes/header.html: -------------------------------------------------------------------------------- 1 | 28 | -------------------------------------------------------------------------------- /_includes/icon-github.html: -------------------------------------------------------------------------------- 1 | {% include icon-github.svg %}{{ include.username }} 2 | -------------------------------------------------------------------------------- /_includes/icon-github.svg: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /_includes/icon-twitter.html: -------------------------------------------------------------------------------- 1 | {% include icon-twitter.svg %}{{ include.username }} 2 | -------------------------------------------------------------------------------- /_includes/icon-twitter.svg: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /_includes/scripts.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | -------------------------------------------------------------------------------- /_includes/segment.html: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /_layouts/default.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | {% include head.html %} 5 | 6 | 7 | 8 |
9 | Close the menu 10 | 17 |
18 |
19 |
Get the PDF version of the Security Checklist
20 |
21 | 22 | 23 | 24 | 25 | 26 |
27 | 28 | 29 | 30 | 34 |
35 | 36 | 39 |
40 |
41 |
42 |
43 |

Share on

44 | 67 |
68 |
69 |
70 | A project by 71 | 72 | 73 | 74 | 75 | 76 |
77 |
78 | 79 | 80 |
81 |
82 | 83 |
84 | 85 | 86 |
87 | Progress: 0% 88 |
89 |
90 |
91 |
92 | 101 | 127 | 133 |
134 | 135 |
136 |

The DevOps Security Checklist

137 |

138 | Security is increasingly becoming the responsibility of DevOps teams. Movements like DevSecOps are contributing to this change.
139 | This security checklist aims to give DevOps professionals a list of security best practices they can follow according to their company stage.
140 | DevOps teams make security decisions several times, everyday! Security is a moving target. The applicable recommendations for a Series B company will not be relevant for an early stage company.
141 | Select your company stage and use these rules to improve your security.

142 | This list is far from being exhaustive. Feel free to contribute directly on GitHub! 143 |

144 |
145 |

View

146 |
147 |
    148 |
  • Early stage/series A
    • 149 |
  • Series B
    • 150 |
  • Post-Series B
    • 151 |
152 |
153 |
154 |
155 | {{ content }} 156 | 176 | {% include footer.html %} 177 |
178 |
179 | 180 | 181 | {% include scripts.html %} 182 | 183 | 199 | 200 | 201 | 202 | 203 | -------------------------------------------------------------------------------- /_layouts/home.html: -------------------------------------------------------------------------------- 1 | --- 2 | layout: default 3 | --- 4 | {% assign cultures = site.tips | where:'category', 'Culture' %} 5 |
6 |

Culture

7 | 33 |
34 | 35 |
36 | Send me the whole checklist & updates! 37 |
38 | 39 | 40 | 41 | 42 | 43 |
44 | 45 | 46 | 47 | 51 |
52 | 53 | 56 |
57 |
58 | 59 | {% assign codes = site.tips | where:'category', 'Code' %} 60 |
61 |

Code

62 | 88 |
89 | 90 | {% assign infrastructures = site.tips | where:'category', 'Infrastructure' %} 91 |
92 |

Infrastructure

93 | 119 |
120 | 121 | {% assign protections = site.tips | where:'category', 'Protection' %} 122 |
123 |

Protection

124 | 150 |
151 | 152 | {% assign monitorings = site.tips | where:'category', 'Monitoring' %} 153 |
154 |

Monitoring

155 | 181 |
182 | -------------------------------------------------------------------------------- /_layouts/page.html: -------------------------------------------------------------------------------- 1 | --- 2 | layout: default 3 | --- 4 |
5 | 6 |
7 |

{{ page.title | escape }}

8 |
9 | 10 |
11 | {{ content }} 12 |
13 | 14 |
15 | -------------------------------------------------------------------------------- /_layouts/post.html: -------------------------------------------------------------------------------- 1 | --- 2 | layout: default 3 | --- 4 |
5 | 6 |
7 |

{{ page.title | escape }}

8 |

{% if page.author %} • {% endif %}

9 |
10 | 11 |
12 | {{ content }} 13 |
14 | 15 | {% if site.disqus.shortname %} 16 | {% include disqus_comments.html %} 17 | {% endif %} 18 |
19 | -------------------------------------------------------------------------------- /_redirects: -------------------------------------------------------------------------------- 1 | https://devops-security-checklist.sqreen.io/* https://www.sqreen.com/checklists/devops-security-checklist/:splat 301! 2 | https://devops-security-checklist.sqreen.com/* https://www.sqreen.com/checklists/devops-security-checklist/:splat 301! 3 | -------------------------------------------------------------------------------- /_sass/design/_colors.scss: -------------------------------------------------------------------------------- 1 | // Generals colors 2 | 3 | $black: #333; 4 | $grey-darker: #999; 5 | $grey: #898989; 6 | $grey-light: #b8b8b8; 7 | $grey-lighter: #ebebeb; 8 | $grey-lighter2: #f9f9f9; 9 | $violet: #fc3e47; 10 | $white: #fff; 11 | -------------------------------------------------------------------------------- /_sass/design/_font.scss: -------------------------------------------------------------------------------- 1 | @font-face { 2 | font-family: 'Proxima Nova'; 3 | src: url('../fonts/hinted-ProximaNova-Black.eot'); 4 | src: local('Proxima Nova Black'), local('ProximaNova-Black'), 5 | url('../fonts/hinted-ProximaNova-Black.eot?#iefix') format('embedded-opentype'), 6 | url('../fonts/hinted-ProximaNova-Black.woff2') format('woff2'), 7 | url('../fonts/hinted-ProximaNova-Black.woff') format('woff'), 8 | url('../fonts/hinted-ProximaNova-Black.ttf') format('truetype'); 9 | font-weight: 900; 10 | font-style: normal; 11 | } 12 | 13 | @font-face { 14 | font-family: 'Proxima Nova'; 15 | src: url('../fonts/hinted-ProximaNovaT-Thin.eot'); 16 | src: local('Proxima Nova Thin'), local('ProximaNovaT-Thin'), 17 | url('../fonts/hinted-ProximaNovaT-Thin.eot?#iefix') format('embedded-opentype'), 18 | url('../fonts/hinted-ProximaNovaT-Thin.woff2') format('woff2'), 19 | url('../fonts/hinted-ProximaNovaT-Thin.woff') format('woff'), 20 | url('../fonts/hinted-ProximaNovaT-Thin.ttf') format('truetype'); 21 | font-weight: 100; 22 | font-style: normal; 23 | } 24 | 25 | @font-face { 26 | font-family: 'Proxima Nova'; 27 | src: url('../fonts/hinted-ProximaNova-Regular.eot'); 28 | src: local('Proxima Nova'), local('ProximaNova-Regular'), 29 | url('../fonts/hinted-ProximaNova-Regular.eot?#iefix') format('embedded-opentype'), 30 | url('../fonts/hinted-ProximaNova-Regular.woff2') format('woff2'), 31 | url('../fonts/hinted-ProximaNova-Regular.woff') format('woff'), 32 | url('../fonts/hinted-ProximaNova-Regular.ttf') format('truetype'); 33 | font-weight: normal; 34 | font-style: normal; 35 | } 36 | 37 | @font-face { 38 | font-family: 'Proxima Nova'; 39 | src: url('../fonts/hinted-ProximaNova-Semibold.eot'); 40 | src: local('Proxima Nova Semibold'), local('ProximaNova-Semibold'), 41 | url('../fonts/hinted-ProximaNova-Semibold.eot?#iefix') format('embedded-opentype'), 42 | url('../fonts/hinted-ProximaNova-Semibold.woff2') format('woff2'), 43 | url('../fonts/hinted-ProximaNova-Semibold.woff') format('woff'), 44 | url('../fonts/hinted-ProximaNova-Semibold.ttf') format('truetype'); 45 | font-weight: 600; 46 | font-style: normal; 47 | } 48 | 49 | @font-face { 50 | font-family: 'Proxima Nova'; 51 | src: url('../fonts/hinted-ProximaNova-Bold.eot'); 52 | src: local('Proxima Nova Bold'), local('ProximaNova-Bold'), 53 | url('../fonts/hinted-ProximaNova-Bold.eot?#iefix') format('embedded-opentype'), 54 | url('../fonts/hinted-ProximaNova-Bold.woff2') format('woff2'), 55 | url('../fonts/hinted-ProximaNova-Bold.woff') format('woff'), 56 | url('../fonts/hinted-ProximaNova-Bold.ttf') format('truetype'); 57 | font-weight: bold; 58 | font-style: normal; 59 | } 60 | 61 | @font-face { 62 | font-family: 'Proxima Nova'; 63 | src: url('../fonts/hinted-ProximaNova-Light.eot'); 64 | src: local('Proxima Nova Light'), local('ProximaNova-Light'), 65 | url('../fonts/hinted-ProximaNova-Light.eot?#iefix') format('embedded-opentype'), 66 | url('../fonts/hinted-ProximaNova-Light.woff2') format('woff2'), 67 | url('../fonts/hinted-ProximaNova-Light.woff') format('woff'), 68 | url('../fonts/hinted-ProximaNova-Light.ttf') format('truetype'); 69 | font-weight: 300; 70 | font-style: normal; 71 | } 72 | 73 | @font-face { 74 | font-family: 'Proxima Nova'; 75 | src: url('../fonts/hinted-ProximaNova-Extrabld.eot'); 76 | src: local('Proxima Nova Extrabold'), local('ProximaNova-Extrabld'), 77 | url('../fonts/hinted-ProximaNova-Extrabld.eot?#iefix') format('embedded-opentype'), 78 | url('../fonts/hinted-ProximaNova-Extrabld.woff2') format('woff2'), 79 | url('../fonts/hinted-ProximaNova-Extrabld.woff') format('woff'), 80 | url('../fonts/hinted-ProximaNova-Extrabld.ttf') format('truetype'); 81 | font-weight: 800; 82 | font-style: normal; 83 | } 84 | 85 | 86 | @font-face { 87 | font-family: 'filson-soft'; 88 | src: url('../fonts/FilsonSoftBook.eot?#iefix') format('embedded-opentype'), 89 | url('../fonts/FilsonSoftBook.woff') format('woff'), 90 | url('../fonts/FilsonSoftBook.ttf') format('truetype'), 91 | url('../fonts/FilsonSoftBook.svg#FilsonSoftBook') format('svg'); 92 | font-weight: 300; 93 | font-style: normal; 94 | } 95 | 96 | 97 | @font-face { 98 | font-family: 'filson-soft'; 99 | src: url('../fonts/FilsonSoftMedium.eot?#iefix') format('embedded-opentype'), 100 | url('../fonts/FilsonSoftMedium.woff') format('woff'), 101 | url('../fonts/FilsonSoftMedium.ttf') format('truetype'), 102 | url('../fonts/FilsonSoftMedium.svg#FilsonSoftMedium') format('svg'); 103 | font-weight: 500; 104 | font-style: normal; 105 | } 106 | 107 | 108 | @font-face { 109 | font-family: 'filson-soft'; 110 | src: url('../fonts/FilsonSoftRegular.eot?#iefix') format('embedded-opentype'), 111 | url('../fonts/FilsonSoftRegular.woff') format('woff'), 112 | url('../fonts/FilsonSoftRegular.ttf') format('truetype'), 113 | url('../fonts/FilsonSoftRegular.svg#FilsonSoftRegular') format('svg'); 114 | font-weight: normal; 115 | font-style: normal; 116 | } 117 | -------------------------------------------------------------------------------- /_sass/design/_mixin.scss: -------------------------------------------------------------------------------- 1 | // REM calculator 2 | @function rem-calc($size) { 3 | $remSize: $size / 14px; 4 | @return #{$remSize}rem; 5 | }; 6 | -------------------------------------------------------------------------------- /_sass/design/_reset.scss: -------------------------------------------------------------------------------- 1 | /* http://meyerweb.com/eric/tools/css/reset/ 2 | v2.0 | 20110126 3 | License: none (public domain) 4 | */ 5 | 6 | html, body, div, span, applet, object, iframe, 7 | h1, h2, h3, h4, h5, h6, p, blockquote, pre, 8 | a, abbr, acronym, address, big, cite, code, 9 | del, dfn, em, img, ins, kbd, q, s, samp, 10 | small, strike, strong, sub, sup, tt, var, 11 | b, u, i, center, 12 | dl, dt, dd, ol, ul, li, 13 | fieldset, form, label, legend, 14 | table, caption, tbody, tfoot, thead, tr, th, td, 15 | article, aside, canvas, details, embed, 16 | figure, figcaption, footer, header, hgroup, 17 | menu, nav, output, ruby, section, summary, 18 | time, mark, audio, video { 19 | margin: 0; 20 | padding: 0; 21 | border: 0; 22 | font-size: 100%; 23 | font: inherit; 24 | vertical-align: baseline; 25 | } 26 | /* HTML5 display-role reset for older browsers */ 27 | article, aside, details, figcaption, figure, 28 | footer, header, hgroup, menu, nav, section { 29 | display: block; 30 | } 31 | body { 32 | line-height: 1; 33 | } 34 | ol, ul { 35 | list-style: none; 36 | } 37 | blockquote, q { 38 | quotes: none; 39 | } 40 | blockquote:before, blockquote:after, 41 | q:before, q:after { 42 | content: ''; 43 | content: none; 44 | } 45 | table { 46 | border-collapse: collapse; 47 | border-spacing: 0; 48 | } 49 | *, *::before, *::after { 50 | box-sizing: border-box; 51 | } 52 | -------------------------------------------------------------------------------- /_sass/design/_title.scss: -------------------------------------------------------------------------------- 1 | h1 { 2 | font-family: "filson-soft", sans-serif; 3 | font-size: rem-calc(42px); 4 | line-height: 1.17; 5 | color: $black; 6 | margin-top: 100px; 7 | margin-bottom: 30px; 8 | 9 | @media screen and (max-width: 960px) { 10 | margin-top: 0; 11 | font-size: rem-calc(28px); 12 | margin-bottom: 15px; 13 | text-align: left; 14 | } 15 | } 16 | 17 | h2 { 18 | display: block; 19 | margin-bottom: 20px; 20 | font-family: "filson-soft", sans-serif; 21 | font-size: rem-calc(24px); 22 | font-weight: 500; 23 | letter-spacing: 0.2px; 24 | color: $black; 25 | line-height: 1.5; 26 | 27 | @media screen and (max-width: 960px) { 28 | font-size: rem-calc(24px); 29 | line-height: 1.5; 30 | margin-bottom: 30px; 31 | } 32 | } 33 | 34 | h3 { 35 | font-family: "filson-soft", sans-serif; 36 | font-size: rem-calc(13px); 37 | font-weight: 500; 38 | line-height: 2.77; 39 | letter-spacing: 1px; 40 | color: #392d2d; 41 | text-transform: uppercase; 42 | } 43 | 44 | h4 { 45 | font-family: "filson-soft", sans-serif; 46 | font-size: rem-calc(22px); 47 | line-height: 1.3; 48 | color: $black; 49 | } 50 | -------------------------------------------------------------------------------- /_sass/elements/footer.scss: -------------------------------------------------------------------------------- 1 | footer { 2 | display: block; 3 | margin-bottom: 100px; 4 | 5 | & > span { 6 | font-family: "filson-soft", sans-serif; 7 | font-style: normal; 8 | font-stretch: normal; 9 | color: #9a9a9a; 10 | text-transform: uppercase; 11 | margin-bottom: 12px; 12 | display: block; 13 | font-size: rem-calc(14px); 14 | font-weight: 500; 15 | line-height: 2.57; 16 | } 17 | 18 | .gradient { 19 | padding: 40px; 20 | background-image: linear-gradient(105deg, #ff5858, #f09819); 21 | 22 | .logo-ctn { 23 | margin-bottom: 24px; 24 | display: inline-block; 25 | } 26 | 27 | h5 { 28 | font-size: rem-calc(24px); 29 | font-weight: normal; 30 | font-style: normal; 31 | font-stretch: normal; 32 | color: #ffffff; 33 | display: block; 34 | margin-bottom: 10px; 35 | } 36 | 37 | .subtitle { 38 | display: block; 39 | font-family: "Proxima Nova", sans-serif; 40 | font-size: rem-calc(15px); 41 | font-weight: 600; 42 | font-style: normal; 43 | font-stretch: normal; 44 | color: rgba(255, 255, 255, 0.54); 45 | margin-bottom: 32px; 46 | } 47 | 48 | a { 49 | display: inline-block; 50 | vertical-align: middle; 51 | font-size: rem-calc(15px); 52 | font-weight: 600; 53 | font-style: normal; 54 | font-stretch: normal; 55 | color: #ffffff; 56 | text-decoration: none; 57 | -moz-osx-font-smoothing: grayscale; 58 | -webkit-font-smoothing: antialiased; 59 | text-rendering: optimizeLegibility; 60 | 61 | &:hover { 62 | span { 63 | text-decoration: underline; 64 | } 65 | } 66 | 67 | img, 68 | span { 69 | display: inline-block; 70 | vertical-align: middle; 71 | } 72 | 73 | img { 74 | margin-right: 5px; 75 | } 76 | 77 | & + a { 78 | margin-left: 30px; 79 | } 80 | } 81 | } 82 | 83 | @media screen and (max-width: 960px) { 84 | margin-bottom: 50px; 85 | text-align: center; 86 | 87 | .gradient { 88 | padding: 30px; 89 | 90 | .logo-ctn { 91 | margin: 0 auto 24px; 92 | width: 100px; 93 | height: 18px; 94 | 95 | img { 96 | width: 100%; 97 | height: 100%; 98 | } 99 | } 100 | 101 | h5 { 102 | font-size: rem-calc(22px); 103 | margin-bottom: 15px; 104 | } 105 | 106 | .subtitle { 107 | font-size: rem-calc(16px); 108 | } 109 | 110 | a { 111 | display: block; 112 | 113 | & + a { 114 | margin-left: 0; 115 | margin-top: 20px; 116 | } 117 | } 118 | } 119 | }; 120 | } 121 | -------------------------------------------------------------------------------- /_sass/elements/github-corner.scss: -------------------------------------------------------------------------------- 1 | .github-corner { 2 | position: absolute; 3 | top: 0; 4 | right: 0; 5 | height: 80px; 6 | width: 80px; 7 | display: block; 8 | 9 | &:hover svg .octo-arm { 10 | animation: octocat-wave 560ms ease-in-out; 11 | } 12 | } 13 | @keyframes octocat-wave { 14 | 0% { 15 | transform: rotate(0deg); 16 | } 17 | 18 | 20% { 19 | transform: rotate(-25deg); 20 | } 21 | 22 | 40% { 23 | transform: rotate(10deg); 24 | } 25 | 26 | 60% { 27 | transform: rotate(-25deg); 28 | } 29 | 30 | 80% { 31 | transform: rotate(10deg); 32 | } 33 | 34 | 100% { 35 | transform: rotate(0deg); 36 | } 37 | } 38 | 39 | @media (max-width: 500px) { 40 | .github-corner:hover .octo-arm { 41 | animation: none; 42 | } 43 | 44 | .github-corner .octo-arm { 45 | animation: octocat-wave 560ms ease-in-out; 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /_sass/pages/home.scss: -------------------------------------------------------------------------------- 1 | // General typo 2 | 3 | *::selection { 4 | background-color: $violet; 5 | color: $white; 6 | } 7 | 8 | .fixed { 9 | position: fixed; 10 | top: 0; 11 | left: calc((100vw/2) - (960px/2)); 12 | padding-left: 20px; 13 | width: 220px; 14 | height: 100%; 15 | box-shadow: 1px 0 0 0 rgba(209, 209, 209, 0.5); 16 | 17 | .progression { 18 | margin-bottom: 25px; 19 | max-width: 145px; 20 | 21 | span { 22 | font-size: rem-calc(15px); 23 | font-weight: 500; 24 | line-height: normal; 25 | letter-spacing: 0.1px; 26 | color: #333; 27 | display: block; 28 | margin-bottom: 10px; 29 | } 30 | 31 | .progression-bar { 32 | display: block; 33 | width: 156px; 34 | height: 19px; 35 | padding: 0 5px; 36 | border-radius: 100px; 37 | background-color: #ebebeb; 38 | 39 | .barre { 40 | position: absolute; 41 | top: 5px; 42 | min-width: 1px; 43 | width: 1px; 44 | height: 9px; 45 | // max-width: calc(100% - 11px); 46 | border-radius: 100px; 47 | background-image: linear-gradient(to bottom, rgba(255, 88, 88, 0.0), rgba(0, 0, 0, 0.13)), linear-gradient(#ff5858, #ff5858); 48 | position: relative; 49 | transition: .2s ease; 50 | } 51 | } 52 | } 53 | 54 | @media screen and (max-width: 960px) { 55 | width: 100%; 56 | position: relative; 57 | left: 0; 58 | padding-left: 0; 59 | height: auto; 60 | box-shadow: none; 61 | 62 | .progression { 63 | max-width: 100%; 64 | 65 | .progression-bar { 66 | width: 100%; 67 | } 68 | } 69 | } 70 | } 71 | 72 | .main-content { 73 | padding-right: 20px; 74 | width: 69%; 75 | 76 | @media screen and (max-width: 960px) { 77 | padding-right: 0; 78 | width: 100%; 79 | } 80 | } 81 | 82 | .burger { 83 | position: absolute; 84 | top: 38px; 85 | left: 18px; 86 | display: none; 87 | padding: 10px; 88 | cursor: pointer; 89 | @media screen and (max-width: 960px) { 90 | display: block; 91 | } 92 | } 93 | 94 | .logo { 95 | margin: 100px 0 25px; 96 | 97 | @media screen and (max-width: 960px) { 98 | width: 50px; 99 | margin: 30px 0; 100 | } 101 | } 102 | 103 | .description { 104 | font-family: "Proxima Nova", sans-serif; 105 | font-size: rem-calc(17px); 106 | line-height: 1.85; 107 | color: $grey; 108 | 109 | @media screen and (max-width: 960px) { 110 | margin: 30px auto; 111 | font-size: rem-calc(16px); 112 | line-height: 1.4; 113 | margin-top: 0; 114 | text-align: left; 115 | } 116 | } 117 | 118 | .filter-bar { 119 | margin: 46px 0 40px; 120 | 121 | h3 { 122 | margin-right: 17px; 123 | display: inline-block; 124 | } 125 | 126 | .select-block { 127 | display: inline-block; 128 | position: relative; 129 | border-radius: 2px; 130 | background: linear-gradient(99deg, #ff5858, #f09819); 131 | 132 | &.selected-one { 133 | .progress-bar { 134 | width: 221px; 135 | } 136 | 137 | .seriesb, .post-seriesb { 138 | color: $grey; 139 | } 140 | 141 | .post-seriesb { 142 | border-left: 1px solid #e5e5e5; 143 | } 144 | } 145 | 146 | &.selected-two { 147 | .progress-bar { 148 | width: 130px; 149 | } 150 | 151 | .post-seriesb { 152 | color: $grey; 153 | } 154 | } 155 | 156 | &.selected-three { 157 | .progress-bar { 158 | width: 0; 159 | } 160 | 161 | li { 162 | color: #fff; 163 | } 164 | } 165 | 166 | ul { 167 | position: relative; 168 | z-index: 10; 169 | 170 | li { 171 | font-family: "filson-soft", sans-serif; 172 | font-size: rem-calc(16px); 173 | font-weight: 500; 174 | font-style: normal; 175 | font-stretch: normal; 176 | line-height: 2.5; 177 | letter-spacing: normal; 178 | color: $white; 179 | display: inline-block; 180 | padding: 0 13px; 181 | transition: 0.2s ease; 182 | cursor: pointer; 183 | text-align: center; 184 | z-index: 20; 185 | position: relative; 186 | 187 | &.post-seriesb { 188 | border-left: 1px solid transparent; 189 | } 190 | } 191 | } 192 | 193 | .progress-bar { 194 | position: absolute; 195 | z-index: 5; 196 | right: 0; 197 | top: 0; 198 | height: 100%; 199 | width: 100%; 200 | background-color: #f6f6f6; 201 | transition: .2s ease; 202 | } 203 | } 204 | 205 | @media screen and (max-width: 960px) { 206 | h3 { 207 | display: none; 208 | } 209 | 210 | .select-block { 211 | width: 100%; 212 | 213 | &.selected-one { 214 | .progress-bar { 215 | height: 82px; 216 | width: 100%; 217 | } 218 | 219 | .post-seriesb { 220 | border-top: 1px solid #e5e5e5; 221 | border-left: none; 222 | } 223 | } 224 | 225 | &.selected-two { 226 | .progress-bar { 227 | height: 41px; 228 | width: 100%; 229 | } 230 | } 231 | 232 | &.selected-three { 233 | .progress-bar { 234 | height: 0; 235 | width: 100%; 236 | } 237 | } 238 | 239 | ul { 240 | li { 241 | display: block; 242 | 243 | &.post-seriesb { 244 | border-left: none; 245 | } 246 | } 247 | } 248 | 249 | .progress-bar { 250 | position: absolute; 251 | z-index: 5; 252 | right: 0; 253 | top: auto; 254 | bottom: 0; 255 | height: 0; 256 | width: 100%; 257 | background-color: #f6f6f6; 258 | transition: .2s ease; 259 | } 260 | } 261 | } 262 | } 263 | 264 | nav { 265 | li { 266 | display: block; 267 | 268 | &.active a { 269 | color: $violet; 270 | } 271 | 272 | a { 273 | font-family: "filson-soft", sans-serif; 274 | font-size: rem-calc(17px); 275 | font-weight: 500; 276 | font-style: normal; 277 | font-stretch: normal; 278 | line-height: 2.12; 279 | letter-spacing: 0.1px; 280 | color: $grey-light; 281 | display: inline-block; 282 | text-decoration: none; 283 | transition: 0.2s ease; 284 | 285 | &:hover { 286 | color: $violet; 287 | } 288 | } 289 | } 290 | @media screen and (max-width: 960px) { 291 | display: none; 292 | } 293 | } 294 | 295 | .social { 296 | margin-top: 40px; 297 | margin-bottom: 40px; 298 | 299 | h3 { 300 | margin-bottom: 10px; 301 | } 302 | 303 | li { 304 | display: inline-block; 305 | vertical-align: middle; 306 | margin-right: 20px; 307 | 308 | a { 309 | display: block; 310 | 311 | svg { 312 | path { 313 | fill: #C9C9C9; 314 | transition: 0.2s ease; 315 | } 316 | } 317 | 318 | &:hover svg path { 319 | fill: $violet; 320 | } 321 | } 322 | } 323 | @media screen and (max-width: 960px) { 324 | display: none; 325 | } 326 | } 327 | 328 | .checklist { 329 | margin-bottom: 50px; 330 | border-top: solid 1px $grey-lighter; 331 | border-left: solid 1px $grey-lighter; 332 | border-right: solid 1px $grey-lighter; 333 | 334 | li { 335 | width: 100%; 336 | 337 | &.expend { 338 | .body { 339 | display: block; 340 | } 341 | 342 | .arrow { 343 | transform: rotateZ(180deg); 344 | } 345 | } 346 | 347 | .header { 348 | background-color: $white; 349 | box-shadow: inset 0 -1px 0 $grey-lighter; 350 | font-size: 0; 351 | 352 | &:hover { 353 | background-color: darken($white, 2%); 354 | } 355 | 356 | .check { 357 | height: 61px; 358 | width: 61px; 359 | line-height: 61px; 360 | text-align: center; 361 | cursor: pointer; 362 | display: inline-block; 363 | vertical-align: middle; 364 | 365 | &.checked { 366 | &:hover { 367 | circle { 368 | stroke: $violet; 369 | } 370 | } 371 | 372 | path { 373 | stroke-dashoffset: 0; 374 | } 375 | 376 | circle { 377 | stroke: $violet; 378 | } 379 | } 380 | 381 | svg { 382 | display: inline-block; 383 | vertical-align: middle; 384 | 385 | path { 386 | stroke-dasharray: 50; 387 | stroke-dashoffset: 50; 388 | transition: 0.2s ease; 389 | } 390 | 391 | circle { 392 | stroke: $grey-lighter; 393 | transition: 0.2s ease; 394 | } 395 | } 396 | } 397 | 398 | .expend-bar { 399 | width: calc(100% - 120px); 400 | cursor: pointer; 401 | display: inline-block; 402 | vertical-align: middle; 403 | text-align: left; 404 | padding: 20px 0; 405 | 406 | &.checked p { 407 | color: $grey-light; 408 | 409 | &::after { 410 | width: 100%; 411 | } 412 | 413 | @media screen and (max-width: 960px) { 414 | &::after { 415 | display: none; 416 | } 417 | } 418 | } 419 | 420 | p { 421 | font-family: "filson-soft", sans-serif; 422 | font-size: rem-calc(18px); 423 | font-weight: 500; 424 | line-height: 1.67; 425 | color: $black; 426 | display: inline; 427 | transition: 0.2s ease; 428 | margin-right: 14px; 429 | position: relative; 430 | 431 | &::after { 432 | content: ""; 433 | width: 0; 434 | height: 1px; 435 | background-color: $grey-light; 436 | position: absolute; 437 | top: 50%; 438 | left: 0; 439 | transition: .2s ease; 440 | } 441 | } 442 | 443 | .category { 444 | font-family: "filson-soft", sans-serif; 445 | font-size: rem-calc(16px); 446 | font-style: italic; 447 | line-height: 1.88; 448 | color: $grey-light; 449 | display: inline; 450 | white-space: nowrap; 451 | } 452 | } 453 | 454 | .btn { 455 | padding: 17px 20px; 456 | display: inline-block; 457 | vertical-align: middle; 458 | cursor: pointer; 459 | 460 | .arrow { 461 | display: inline-block; 462 | vertical-align: middle; 463 | transition: 0.2s ease; 464 | } 465 | } 466 | } 467 | 468 | .body { 469 | background-color: $grey-lighter2; 470 | padding: 26px 29px; 471 | display: none; 472 | box-shadow: inset 0 -1px 0 $grey-lighter; 473 | 474 | p { 475 | font-family: "Proxima Nova", sans-serif; 476 | font-size: rem-calc(17px); 477 | line-height: 1.65; 478 | color: #808080; 479 | display: block; 480 | margin-bottom: 15px; 481 | } 482 | 483 | strong { 484 | font-weight: 600; 485 | } 486 | 487 | a { 488 | font-family: "Proxima Nova", sans-serif; 489 | font-size: rem-calc(17px); 490 | line-height: 1.65; 491 | color: $violet; 492 | text-decoration: none; 493 | word-break: break-word; 494 | 495 | &:hover { 496 | text-decoration: underline; 497 | } 498 | } 499 | 500 | @media screen and (max-width: 960px) { 501 | padding: 20px 23px; 502 | text-align: left; 503 | 504 | p { 505 | font-size: rem-calc(17px); 506 | margin-bottom: 10px; 507 | } 508 | 509 | a { 510 | font-size: rem-calc(17px); 511 | } 512 | } 513 | } 514 | } 515 | } 516 | 517 | .by-sqreen { 518 | margin-bottom: 115px; 519 | 520 | span { 521 | font-family: "BG regular"; 522 | font-size: rem-calc(16px); 523 | letter-spacing: -0.5px; 524 | color: #c8c8c8; 525 | display: inline-block; 526 | vertical-align: middle; 527 | margin-right: 10px; 528 | } 529 | 530 | a { 531 | display: inline-block; 532 | vertical-align: middle; 533 | } 534 | } 535 | 536 | .mobile-menu { 537 | display: none; 538 | position: fixed; 539 | z-index: 1000; 540 | top: 0; 541 | left: 0; 542 | width: 100vw; 543 | height: 100vh; 544 | background-color: $violet; 545 | text-align: center; 546 | overflow: auto; 547 | opacity: 0; 548 | transition: 0.2s ease; 549 | @supports ( clip-path: fill-box ) { 550 | clip-path: circle(0px at 57px 55px); 551 | transition: clip-path 0.4s ease, opacity 0.5s ease; 552 | } 553 | 554 | &.open { 555 | opacity: 1; 556 | @supports ( clip-path: fill-box ) { 557 | clip-path: circle(0px at 57px 55px); 558 | transition: clip-path 0.4s ease, opacity 0.5s ease; 559 | } 560 | } 561 | 562 | .close { 563 | position: absolute; 564 | top: 38px; 565 | left: 38px; 566 | padding: 10px; 567 | cursor: pointer; 568 | } 569 | 570 | .nav { 571 | margin: 30px auto; 572 | 573 | li { 574 | text-align: center; 575 | font-family: "filson-soft", sans-serif; 576 | font-size: rem-calc(19px); 577 | line-height: 2.6; 578 | letter-spacing: 0.1px; 579 | text-align: center; 580 | 581 | a { 582 | color: $white; 583 | text-decoration: none; 584 | } 585 | } 586 | } 587 | 588 | .divider { 589 | display: block; 590 | margin: 15px auto; 591 | width: 97px; 592 | height: 1px; 593 | background-color: rgba(255, 255, 255, 0.23); 594 | } 595 | 596 | .newsletter-mob { 597 | margin-bottom: 15px; 598 | 599 | .subtitle { 600 | margin-bottom: 15px; 601 | font-family: "filson-soft", sans-serif; 602 | font-size: rem-calc(16px); 603 | color: rgba(255, 255, 255, 0.5); 604 | } 605 | 606 | #mc_embed_signup { 607 | font-size: 0; 608 | 609 | label { 610 | display: none; 611 | } 612 | 613 | #mc-embedded-subscribe, 614 | .clear, 615 | .mc-field-group { 616 | display: inline-block; 617 | vertical-align: middle; 618 | } 619 | 620 | .mc-field-group { 621 | width: calc(100% - 64px); 622 | max-width: 244px; 623 | } 624 | 625 | #mce-EMAIL { 626 | font-family: "filson-soft", sans-serif; 627 | font-size: rem-calc(16px); 628 | background-color: darken($violet, 10%); 629 | border: none; 630 | border-top-left-radius: 4px; 631 | border-bottom-left-radius: 4px; 632 | border-top-right-radius: 0; 633 | border-bottom-right-radius: 0; 634 | padding: 8px 18px; 635 | outline: none; 636 | width: calc(100% - 90px); 637 | display: inline-block; 638 | vertical-align: middle; 639 | height: 42px; 640 | color: $white; 641 | 642 | &::-webkit-input-placeholder { 643 | color: rgba(255, 255, 255, 0.5); 644 | } 645 | &::-moz-placeholder { 646 | color: rgba(255, 255, 255, 0.5); 647 | } 648 | &:-ms-input-placeholder { 649 | color: rgba(255, 255, 255, 0.5); 650 | } 651 | &:-moz-placeholder { 652 | color: rgba(255, 255, 255, 0.5); 653 | } 654 | } 655 | 656 | .check { 657 | position: relative; 658 | 659 | &::after { 660 | position: absolute; 661 | top: 14px; 662 | right: 15px; 663 | display: block; 664 | content: ""; 665 | width: 17px; 666 | height: 17px; 667 | background-image: url('/images/icon-check.svg'); 668 | background-size: contain; 669 | background-repeat: no-repeat; 670 | } 671 | } 672 | 673 | #mc-embedded-subscribe { 674 | background-color: lighten($violet, 10%); 675 | color: lighten($violet, 10%); 676 | font-family: "BG bold"; 677 | font-size: rem-calc(12px); 678 | text-transform: uppercase; 679 | border: none; 680 | border-top-right-radius: 4px; 681 | border-bottom-right-radius: 4px; 682 | border-top-left-radius: 0; 683 | border-bottom-left-radius: 0; 684 | padding: 0 18px; 685 | position: relative; 686 | height: 42px; 687 | width: 47px; 688 | cursor: pointer; 689 | transition: 0.2s ease; 690 | appearance: none; 691 | 692 | &:hover { 693 | background-color: lighten($violet, 5%); 694 | } 695 | } 696 | } 697 | } 698 | 699 | .social-mob { 700 | h3 { 701 | display: inline-block; 702 | vertical-align: middle; 703 | margin-right: 10px; 704 | color: rgba(255, 255, 255, 0.5); 705 | } 706 | 707 | ul { 708 | display: inline-block; 709 | vertical-align: middle; 710 | } 711 | 712 | li { 713 | display: inline-block; 714 | vertical-align: middle; 715 | margin-right: 20px; 716 | 717 | a { 718 | display: block; 719 | 720 | svg { 721 | path { 722 | fill: rgba(255, 255, 255, 0.5); 723 | transition: 0.2s ease; 724 | } 725 | } 726 | 727 | &:hover svg path { 728 | fill: #fff; 729 | } 730 | } 731 | } 732 | } 733 | 734 | .by-sqreen { 735 | margin-bottom: 30px; 736 | 737 | span { 738 | font-family: "filson-soft", sans-serif; 739 | color: rgba(255, 255, 255, 0.5); 740 | margin-right: 10px; 741 | } 742 | 743 | a { 744 | display: inline-block; 745 | vertical-align: middle; 746 | } 747 | } 748 | 749 | @media screen and (min-width: 961px) { 750 | display: none !important; 751 | } 752 | } 753 | 754 | .newsletter-middle { 755 | background: linear-gradient(99deg, #ff5858, #f09819); 756 | text-align: center; 757 | padding: 20px 0; 758 | margin-bottom: 30px; 759 | 760 | > span { 761 | font-family: "Proxima Nova", sans-serif; 762 | font-size: rem-calc(23px); 763 | font-weight: 600; 764 | line-height: 1.57; 765 | color: #fff; 766 | display: block; 767 | margin-bottom: 10px; 768 | } 769 | 770 | .contact-form { 771 | fieldset > input { 772 | max-width: 250px; 773 | width: 100%; 774 | border-radius: 4px; 775 | background-color: #ffffff; 776 | border: none; 777 | font-family: 'Proxima Nova', sans-serif; 778 | font-size: rem-calc(16px); 779 | padding: 14px 18px; 780 | display: block; 781 | margin: 0 auto 10px; 782 | outline: none; 783 | } 784 | 785 | label { 786 | max-width: 250px; 787 | width: 100%; 788 | display: flex; 789 | justify-content: flex-start; 790 | align-items: center; 791 | align-content: center; 792 | margin: 0 auto 10px; 793 | 794 | input { 795 | flex: none; 796 | } 797 | 798 | span { 799 | flex-grow: 1; 800 | text-align: left; 801 | font-size: rem-calc(13px); 802 | } 803 | } 804 | 805 | .submit-button { 806 | border-radius: 4px; 807 | background-color: #383838; 808 | font-family: 'filson-soft', sans-serif; 809 | font-size: rem-calc(12px); 810 | font-weight: 500; 811 | color: #fff; 812 | text-transform: uppercase; 813 | border: none; 814 | padding: 14px 18px; 815 | display: inline-block; 816 | vertical-align: middle; 817 | cursor: pointer; 818 | transition: .2s ease; 819 | 820 | &:hover { 821 | background-color: lighten(#383838, 3%); 822 | } 823 | } 824 | 825 | .clear { 826 | display: inline-block; 827 | vertical-align: middle; 828 | position: relative; 829 | left: -4px; 830 | } 831 | } 832 | 833 | @media screen and (max-width: 960px) { 834 | display: none; 835 | } 836 | } 837 | 838 | .newsletter { 839 | margin-bottom: 30px; 840 | 841 | .subtitle { 842 | font-family: "filson-soft", sans-serif; 843 | font-size: rem-calc(16px); 844 | line-height: 2; 845 | color: $grey-light; 846 | margin-bottom: 10px; 847 | } 848 | 849 | .contact-form { 850 | fieldset > input { 851 | font-family: "filson-soft", sans-serif; 852 | font-size: rem-calc(16px); 853 | background-color: $grey-lighter; 854 | border: none; 855 | border-radius: 4px; 856 | padding: 8px 18px; 857 | outline: none; 858 | display: block; 859 | margin-bottom: 10px; 860 | } 861 | 862 | label { 863 | max-width: 300px; 864 | width: 100%; 865 | display: flex; 866 | justify-content: flex-start; 867 | align-items: center; 868 | align-content: center; 869 | margin-bottom: 10px; 870 | 871 | input { 872 | flex: none; 873 | } 874 | 875 | span { 876 | flex-grow: 1; 877 | text-align: left; 878 | font-size: rem-calc(13px); 879 | } 880 | } 881 | 882 | .submit-button { 883 | background-color: $violet; 884 | font-family: "filson-soft", sans-serif; 885 | font-weight: 500; 886 | font-size: rem-calc(12px); 887 | color: $white; 888 | text-transform: uppercase; 889 | border: none; 890 | border-radius: 4px; 891 | padding: 10px 18px; 892 | position: relative; 893 | cursor: pointer; 894 | transition: .2s ease; 895 | 896 | &:hover { 897 | background-color: lighten($violet, 5%); 898 | } 899 | } 900 | } 901 | 902 | @media screen and (max-width: 960px) { 903 | display: none; 904 | } 905 | } 906 | -------------------------------------------------------------------------------- /_sass/pages/layout.scss: -------------------------------------------------------------------------------- 1 | html, body { 2 | font-size: 14px; 3 | -moz-osx-font-smoothing: grayscale; 4 | -webkit-font-smoothing: antialiased; 5 | min-width: 300px; 6 | text-rendering: optimizeLegibility; 7 | font-family: "filson-soft", sans-serif; 8 | background-color: $white; 9 | position: relative; 10 | } 11 | 12 | .wrapper { 13 | display: block; 14 | margin: 0 auto; 15 | width: 100%; 16 | max-width: 960px; 17 | position: relative; 18 | 19 | @media screen and (max-width: 960px) { 20 | display: block; 21 | margin: 0 auto; 22 | width: 100%; 23 | padding: 0 20px; 24 | text-align: center; 25 | } 26 | } 27 | 28 | // Grid 29 | @for $i from 1 through 12 { 30 | .col-#{$i} { 31 | width: ($i * 100%)/12; 32 | flex: none; 33 | 34 | @media screen and (max-width: 960px) { 35 | width: 100%; 36 | } 37 | } 38 | } 39 | 40 | .columns { 41 | display: flex; 42 | justify-content: flex-end; 43 | 44 | @media screen and (max-width: 960px) { 45 | display: block; 46 | margin: 0 auto; 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /_tips/audit-your-infrastructure-on-a-regular-basis.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Audit your infrastructure on a regular basis 3 | stage: Series A 4 | category: Monitoring 5 | --- 6 | With cloud providers, it’s easy to start instances and forget about them. You will need to create and maintain a list of your assets (servers, network devices, services exposed etc…), and review it regularly to determine if you still need them, keep them up to date, and ensure that they benefit from your latest deployments. 7 | 8 | [http://docs.aws.amazon.com/general/latest/gr/aws-security-audit-guide.html](http://docs.aws.amazon.com/general/latest/gr/aws-security-audit-guide.html) 9 | 10 | [http://searchenterpriselinux.techtarget.com/tip/Creating-an-inventory-with-nmap-network-scanning](http://searchenterpriselinux.techtarget.com/tip/Creating-an-inventory-with-nmap-network-scanning) 11 | 12 | [https://github.com/Netflix/security_monkey](https://github.com/Netflix/security_monkey) 13 | -------------------------------------------------------------------------------- /_tips/automatically-configure-and-update-your-servers.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Automatically configure & update your servers 3 | stage: Series B 4 | category: Infrastructure 5 | --- 6 | An automated configuration management tool helps you ensure that your servers are updated and secured. 7 | 8 | **Chef:** [https://learn.chef.io/tutorials/](https://learn.chef.io/tutorials/) 9 | 10 | **Puppet:** [https://www.digitalocean.com/community/tutorials/how-to-install-puppet-4-in-a-master-agent-setup-on-ubuntu-14-04](https://www.digitalocean.com/community/tutorials/how-to-install-puppet-4-in-a-master-agent-setup-on-ubuntu-14-04) 11 | 12 | **Ansible:** [http://docs.ansible.com/ansible/intro_getting_started.html](http://docs.ansible.com/ansible/intro_getting_started.html) 13 | 14 | **Salt:** [https://docs.saltstack.com/en/latest/topics/tutorials/walkthrough.html](https://docs.saltstack.com/en/latest/topics/tutorials/walkthrough.html) 15 | -------------------------------------------------------------------------------- /_tips/backup-regurlarly.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Backup regularly 3 | stage: Series A 4 | category: Infrastructure 5 | --- 6 | Your data is likely to be your business’s most precious asset. Be sure not to lose it. Implement proper backups and check for backup integrity. 7 | 8 | **MongoDB Backup:** [https://docs.mongodb.com/manual/core/backups/](https://docs.mongodb.com/manual/core/backups/) 9 | 10 | **Postgresql:** [https://www.postgresql.org/docs/current/static/backup.html](https://www.postgresql.org/docs/current/static/backup.html) 11 | 12 | **Linux:** [http://www.tecmint.com/linux-system-backup-tools/](http://www.tecmint.com/linux-system-backup-tools/) 13 | 14 | [https://www.dataone.org/best-practices/ensure-integrity-and-accessibility-when-making-backups-data](https://www.dataone.org/best-practices/ensure-integrity-and-accessibility-when-making-backups-data) 15 | -------------------------------------------------------------------------------- /_tips/check-that-tls-certificates-are-not-set-to-expire.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Renew your certificates on time 3 | stage: Series A 4 | category: Monitoring 5 | --- 6 | You should be using TLS certificates. It can be a hassle to configure and monitor but don’t forget to renew them! 7 | 8 | [https://www.ssllabs.com/](https://www.ssllabs.com/) 9 | 10 | [https://serverlesscode.com/post/ssl-expiration-alerts-with-lambda/](https://serverlesscode.com/post/ssl-expiration-alerts-with-lambda/) 11 | -------------------------------------------------------------------------------- /_tips/check-your-ssl-tls-configurations.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Check your SSL / TLS configurations 3 | stage: Series A 4 | category: Infrastructure 5 | --- 6 | Use free tools to scan your infrastructure regularly and make sure the SSL configurations are correct. 7 | 8 | [https://observatory.mozilla.org/](https://observatory.mozilla.org/) 9 | 10 | [https://www.ssllabs.com/](https://www.ssllabs.com/) 11 | 12 | [https://diogomonica.com/2015/12/29/from-double-f-to-double-a/](https://diogomonica.com/2015/12/29/from-double-f-to-double-a/) 13 | -------------------------------------------------------------------------------- /_tips/control-access-on-your-cloud-providers.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Control access on your cloud providers 3 | stage: Series A 4 | category: Infrastructure 5 | --- 6 | The best way to protect your services (database, file storage) is to not use passwords at all. Use the built-in Identity and Access Management (IAM) functions to securely control access to your ressources. 7 | 8 | [http://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html](http://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html) 9 | 10 | [https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances](https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances) 11 | -------------------------------------------------------------------------------- /_tips/cover-your-ass.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Cover your ass 3 | stage: Series B 4 | category: Culture 5 | --- 6 | It is not a question of “if” but “when”. Evaluate your risks, prepare a proper action plan in case of a breach and communicate properly after the fact. 7 | 8 | [https://blog.serverdensity.com/how-to-write-a-postmortem/](https://blog.serverdensity.com/how-to-write-a-postmortem/) 9 | 10 | [https://codeascraft.com/2012/05/22/blameless-postmortems/](https://codeascraft.com/2012/05/22/blameless-postmortems/) 11 | 12 | [https://blog.sqreen.io/cybersecurity-risk-assessment-for-startup-cto/](https://blog.sqreen.io/cybersecurity-risk-assessment-for-startup-cto/) 13 | -------------------------------------------------------------------------------- /_tips/detect-insider-threats.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Detect insider threats 3 | stage: Series A 4 | category: Monitoring 5 | --- 6 | The most important attacks will come from insider threats. Those can be users or attackers gaining access to privileged user accounts. Make sure you monitor your users to detect attackers before an attack happens. 7 | 8 | [https://www.sqreen.io/ ](https://www.sqreen.io/ ) 9 | -------------------------------------------------------------------------------- /_tips/dont-implement-your-own-crypto.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Don't implement your own crypto 3 | stage: Post Series B 4 | category: Code 5 | --- 6 | The problem with cryptography is, that you don’t know you are wrong until you are hacked. So don’t do your own crypto. Use standards instead. 7 | 8 | [https://en.wikipedia.org/wiki/Bcrypt](https://en.wikipedia.org/wiki/Bcrypt) 9 | 10 | [http://crypto.stackexchange.com/questions/43272/why-is-writing-your-own-encryption-discouraged](http://crypto.stackexchange.com/questions/43272/why-is-writing-your-own-encryption-discouraged) 11 | 12 | [https://download.libsodium.org/doc/](https://download.libsodium.org/doc/) 13 | 14 | [https://blogs.dropbox.com/tech/2016/09/how-dropbox-securely-stores-your-passwords/](https://blogs.dropbox.com/tech/2016/09/how-dropbox-securely-stores-your-passwords/) 15 | -------------------------------------------------------------------------------- /_tips/dont-store-credit-card-information.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Don’t store credit card information (if you don’t need to) 3 | stage: Series A 4 | category: Protection 5 | --- 6 | Use third-party services to store credit card information to avoid having to manage and protect them. 7 | 8 | [https://stripe.com/](https://stripe.com/) 9 | 10 | [https://www.braintreepayments.com](https://www.braintreepayments.com) 11 | 12 | [https://www.pcisecuritystandards.org/pdfs/pciscc_ten_common_myths.pdf](https://www.pcisecuritystandards.org/pdfs/pciscc_ten_common_myths.pdf) 13 | 14 | [https://medium.com/@folsen/accepting-payments-is-getting-harder-1b2f342e4ea#.897akko4q](https://medium.com/@folsen/accepting-payments-is-getting-harder-1b2f342e4ea#.897akko4q) 15 | -------------------------------------------------------------------------------- /_tips/encrypted-all-the-things.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Encrypt all the things 3 | stage: Post Series B 4 | category: Infrastructure 5 | --- 6 | SSL performance problems are a myth and you don’t have any good reasons not to use SSL on all your public services. 7 | 8 | [https://letsencrypt.org/](https://letsencrypt.org/) 9 | 10 | [https://certbot.eff.org/](https://certbot.eff.org/) 11 | 12 | [https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04) 13 | 14 | [https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04](https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04) 15 | -------------------------------------------------------------------------------- /_tips/enforce-two-factor-authentification.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Enforce Two-factor authentication (2FA) 3 | stage: Post Series B 4 | category: Protection 5 | --- 6 | Enforce 2FA on all the services used (whenever possible). 7 | 8 | [https://duo.com/](https://duo.com/) 9 | 10 | [https://auth0.com/](https://auth0.com/) 11 | 12 | [https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/](https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/) 13 | -------------------------------------------------------------------------------- /_tips/ensure-compliance-with-relevant-industry-standards.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Ensure Compliance with Relevant Industry Standards 3 | stage: Post Series B 4 | category: Protection 5 | --- 6 | Comply to standards to ensure you follow industry best practices and answer your customer needs. But simple compliance will never protect your apps. 7 | 8 | [https://cloudsecurityalliance.org/](https://cloudsecurityalliance.org/) 9 | 10 | [https://en.wikipedia.org/wiki/ISO/IEC_27001:2013](https://en.wikipedia.org/wiki/ISO/IEC_27001:2013) 11 | 12 | [https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard](https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard) 13 | -------------------------------------------------------------------------------- /_tips/ensure-you-are-using-security-headers.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Ensure you are using security headers 3 | stage: Series A 4 | category: Code 5 | --- 6 | Modern browsers support a set of headers dedicated to block certain types of attacks. Make sure you properly implemented all security headers. Don’t forget about the CSP. 7 | 8 | [https://securityheaders.io/](https://securityheaders.io/) 9 | 10 | [https://myheaders.sqreen.io/](https://myheaders.sqreen.io/) 11 | 12 | [https://blog.appcanary.com/2017/http-security-headers.html](https://blog.appcanary.com/2017/http-security-headers.html) 13 | -------------------------------------------------------------------------------- /_tips/follow-an-onboarding-offboarding-checklist.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Follow an onboarding / offboarding checklist 3 | stage: Post Series B 4 | category: Culture 5 | --- 6 | This checklist should contain a list of all the steps you need to enforce when an employee, contractor, intern, etc… joins your company. A similar list can also be used when the someone is leaving your team. 7 | 8 | [https://www.rippling.com/](https://www.rippling.com/) 9 | 10 | [https://about.gitlab.com/handbook/general-onboarding/](https://about.gitlab.com/handbook/general-onboarding/) 11 | 12 | [https://about.gitlab.com/handbook/offboarding/](https://about.gitlab.com/handbook/offboarding/) 13 | -------------------------------------------------------------------------------- /_tips/gamify-security-and-train-employees-on-a-regular-basis.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Gamify security and train employees on a regular basis 3 | stage: Series B 4 | category: Culture 5 | --- 6 | Humans are the weakest links in the security chain. DevOps contribute to the security awareness of all the employees in a company. By explaining how an attacker could infiltrate your company, you will increase the awareness and thus minimize the chance of a hack. Don’t forget fishing and spear-fishing attacks. 7 | 8 | [https://www.schneier.com/blog/archives/2008/03/the_security_mi_1.html](https://www.schneier.com/blog/archives/2008/03/the_security_mi_1.html) 9 | 10 | [http://www.govtech.com/blogs/lohrmann-on-cybersecurity/Ten-Recommendations-for-Security-Awareness-Programs.html](http://www.govtech.com/blogs/lohrmann-on-cybersecurity/Ten-Recommendations-for-Security-Awareness-Programs.html) 11 | 12 | [http://lifehacker.com/5933296/how-can-i-protect-against-hackers-who-use-sneaky-social-engineering-techniques-to-get-into-my-accounts](http://lifehacker.com/5933296/how-can-i-protect-against-hackers-who-use-sneaky-social-engineering-techniques-to-get-into-my-accounts) 13 | -------------------------------------------------------------------------------- /_tips/get-notified-when-your-app-is-under-attack.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Get notified when your app is under attack 3 | stage: Series B 4 | category: Monitoring 5 | --- 6 | You will be attacked. Make sure you have a monitoring system in place that will detect security events targeting your application before it’s too late. Knowing when your application is starting to get massively scanned is key to stop more advanced attacks. 7 | 8 | [https://www.linode.com/docs/security/using-fail2ban-for-security#email-alerts](https://www.linode.com/docs/security/using-fail2ban-for-security#email-alerts) 9 | 10 | [https://www.sqreen.io/](https://www.sqreen.io/) 11 | 12 | [http://alerta.io/](http://alerta.io/) 13 | -------------------------------------------------------------------------------- /_tips/go-hack-yourself.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Go hack yourself 3 | stage: Post Series B 4 | category: Code 5 | --- 6 | If your company doesn’t have yet a structured security team, help create a multidisciplinary Red Team to stress your application and infrastructure. Providing an easy environment for the Red Team to attack the application should be part of the scope of DevOps. 7 | 8 | [http://www.devsecops.org/blog/2015/12/10/red-team-pwning-the-hearts-and-minds-one-ticket-at-a-time](http://www.devsecops.org/blog/2015/12/10/red-team-pwning-the-hearts-and-minds-one-ticket-at-a-time) 9 | -------------------------------------------------------------------------------- /_tips/harden-ssh-configuration.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Harden SSH configurations 3 | stage: Post Series B 4 | category: Infrastructure 5 | --- 6 | SSH is the defacto remote login mechanism on Linux environments. It’s also the de facto penetration vector for hackers. Make sure you have proper SSH configurations. 7 | 8 | [https://devops.profitbricks.com/tutorials/secure-the-ssh-server-on-ubuntu/](https://devops.profitbricks.com/tutorials/secure-the-ssh-server-on-ubuntu/) 9 | 10 | [https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2](https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2) 11 | -------------------------------------------------------------------------------- /_tips/have-a-public-bug-bounty-program.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Have a public bug bounty program 3 | stage: Series B 4 | category: Protection 5 | --- 6 | A bug bounty program will allow external hackers to report vulnerabilities. Most of the bug bounties program set rewards in place. You need security aware people inside your development teams to evaluate any reports you receive. 7 | 8 | [https://www.tripwire.com/state-of-security/vulnerability-management/launching-an-efficient-and-cost-effective-bug-bounty-program/](https://www.tripwire.com/state-of-security/vulnerability-management/launching-an-efficient-and-cost-effective-bug-bounty-program/) 9 | 10 | [https://www.hackerone.com/](https://www.hackerone.com/) 11 | 12 | [https://bountyfactory.io/en/index.html](https://bountyfactory.io/en/index.html) 13 | -------------------------------------------------------------------------------- /_tips/have-a-public-security-policy.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Have a public security policy 3 | stage: Series A 4 | category: Protection 5 | --- 6 | This is a page on your corporate website describing how you plan to respond to external security reports. You should advise you support [responsible disclosure](https://en.wikipedia.org/wiki/Responsible_disclosure). Keep in mind that most of the reports that you receive probably won't be relevant. 7 | 8 | [https://www.intercom.com/security ](https://www.intercom.com/security ) 9 | 10 | [https://www.zendesk.com/product/zendesk-security/ ](https://www.zendesk.com/product/zendesk-security/ ) 11 | 12 | [https://www.apple.com/support/security/](https://www.apple.com/support/security/) 13 | -------------------------------------------------------------------------------- /_tips/integrate-security-scanners-in-your-ci-pipeline.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Integrate security scanners in your CI pipeline 3 | stage: Series B 4 | category: Code 5 | --- 6 | Integrate a Dynamic Application Security Testing (DAST) tool in your CI, but just like SAST be aware of the high number of false positives. 7 | 8 | [http://www.arachni-scanner.com/](http://www.arachni-scanner.com/) 9 | 10 | [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) 11 | 12 | [https://www.acunetix.com/vulnerability-scanner/](https://www.acunetix.com/vulnerability-scanner/) 13 | -------------------------------------------------------------------------------- /_tips/keep-your-containers-protected.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Keep your containers protected 3 | stage: Series B 4 | category: Infrastructure 5 | --- 6 | Use Docker (or Kubernetes), and ensure that they are patched and secure. 7 | Use tools to automatically update and scan your containers for security vulnerabilities. 8 | 9 | [https://www.docker.com/docker-security](https://www.docker.com/docker-security) 10 | 11 | [https://docs.docker.com/docker-cloud/builds/image-scan/](https://docs.docker.com/docker-cloud/builds/image-scan/) 12 | 13 | [https://jpetazzo.github.io/2015/05/27/docker-images-vulnerabilities/](https://jpetazzo.github.io/2015/05/27/docker-images-vulnerabilities/) 14 | 15 | [https://www.slideshare.net/MichaelCherny/security-best-practices-for-kubernetes-deployment](https://www.slideshare.net/MichaelCherny/security-best-practices-for-kubernetes-deployment) 16 | -------------------------------------------------------------------------------- /_tips/keep-your-dependencies-up-to-date.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Keep your dependencies up to date 3 | stage: Series A 4 | category: Code 5 | --- 6 | Third-party libraries can put your application at risk. Make sure you track your vulnerable packages and update them regularly. 7 | 8 | [https://www.sqreen.io/](https://www.sqreen.io/) 9 | 10 | [https://pyup.io/](https://pyup.io/) 11 | 12 | [https://snyk.io/](https://snyk.io/) 13 | 14 | [https://nodesource.com/products/certified-modules](https://nodesource.com/products/certified-modules) 15 | -------------------------------------------------------------------------------- /_tips/log-all-the-things.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Log all the things 3 | stage: Series A 4 | category: Infrastructure 5 | --- 6 | Infrastructure logs and application logs are your most precious allies for investigating a data breach. Make sure your logs are stored somewhere safe and central. Also make sure you whitelist- or blacklist-specific incoming data to avoid storing personally identifiable information (PII) data. 7 | 8 | [https://qbox.io/blog/welcome-to-the-elk-stack-elasticsearch-logstash-kibana](https://qbox.io/blog/welcome-to-the-elk-stack-elasticsearch-logstash-kibana) 9 | 10 | [https://www.loggly.com/](https://www.loggly.com/) 11 | -------------------------------------------------------------------------------- /_tips/manage-secrets-with-dedicated-tools-and-vaults.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Manage secrets with dedicated tools and vaults 3 | stage: Post Series B 4 | category: Infrastructure 5 | --- 6 | When you need to store cryptographic secrets (other than database password, TLS certificate, …) and perform encryption with them, you should use dedicated tools. This way the cryptographic secret never leaves the tool and you get auditing features. 7 | 8 | [https://www.vaultproject.io/](https://www.vaultproject.io/) 9 | 10 | [https://github.com/square/keywhiz](https://github.com/square/keywhiz) 11 | 12 | [https://aws.amazon.com/cloudhsm/](https://aws.amazon.com/cloudhsm/) 13 | 14 | [https://aws.amazon.com/kms/](https://aws.amazon.com/kms/) 15 | -------------------------------------------------------------------------------- /_tips/monitor-third-party-vendors.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Monitor third party vendors 3 | stage: Series A 4 | category: Monitoring 5 | --- 6 | You’re likely to use third party products to manage your servers / payrolls / logs or even just social media. Just like you’re likely to be hacked, they can be too. Make sure you follow the news and react immediately after a breach. 7 | 8 | [https://haveibeenpwned.com/](https://haveibeenpwned.com/) 9 | 10 | [https://twitter.com/SecurityNewsbot](https://twitter.com/SecurityNewsbot) 11 | -------------------------------------------------------------------------------- /_tips/monitor-your-authorizations.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Monitor your authorizations 3 | stage: Series B 4 | category: Monitoring 5 | --- 6 | Be proactive and be alerted when authorizations or keys binary are changed in your production. 7 | 8 | [http://techblog.netflix.com/2017/03/netflix-security-monkey-on-google-cloud.html](http://techblog.netflix.com/2017/03/netflix-security-monkey-on-google-cloud.html) 9 | 10 | [https://cloudsploit.com/events](https://cloudsploit.com/events) 11 | 12 | [http://ossec.github.io/](http://ossec.github.io/) 13 | 14 | [https://security.stackexchange.com/a/19386](https://security.stackexchange.com/a/19386) 15 | -------------------------------------------------------------------------------- /_tips/monitoring-your-dns-expiration-date.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Monitor your DNS expiration date 3 | stage: Series A 4 | category: Monitoring 5 | --- 6 | Just like TLS certificates, DNS can expire. Make sure you monitor your DNS expiration automatically. 7 | 8 | [https://github.com/glensc/monitoring-plugin-check_domain](https://github.com/glensc/monitoring-plugin-check_domain) 9 | -------------------------------------------------------------------------------- /_tips/protect-against-denial-of-service.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Protect against Denial Of Service (DoS) 3 | stage: Series B 4 | category: Protection 5 | --- 6 | DoS attacks are meant to break your application and make it unavailable to your customers. Use a specific service to protect your app against Distributed Denial Of Service attacks. 7 | 8 | [https://www.akamai.com/](https://www.akamai.com/) 9 | 10 | [https://www.cloudflare.com/ddos/](https://www.cloudflare.com/ddos/) 11 | 12 | [https://www.ovh.com/us/news/articles/a1171.protection-anti-ddos-service-standard](https://www.ovh.com/us/news/articles/a1171.protection-anti-ddos-service-standard) 13 | -------------------------------------------------------------------------------- /_tips/protect-your-application-against-breaches.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Protect your applications against breaches 3 | stage: Series A 4 | category: Protection 5 | --- 6 | Detect and block attacks in real-time using a protection solution. All the OWASP top-10 vulnerabilities (SQL injections, NoSQL injections, cross-site scripting attacks, code/command injections, etc.) are covered. 7 | 8 | [https://www.sqreen.io/](https://www.sqreen.io/) 9 | 10 | [https://en.wikipedia.org/wiki/Web_application_firewall](https://en.wikipedia.org/wiki/Web_application_firewall) 11 | -------------------------------------------------------------------------------- /_tips/protect-your-ci-cd-tools-like-your-product.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Protect your CI/CD tools like your product 3 | stage: Post Series B 4 | category: Code 5 | --- 6 | Your continuous deployment pipeline is the backbone of your IT. Security should be checked at each step. Your CI builds should fail if you detect a security vulnerability. Store your CI configuration for traceability and audit. 7 | 8 | [https://wiki.jenkins-ci.org/display/JENKINS/JobConfigHistory+Plugin](https://wiki.jenkins-ci.org/display/JENKINS/JobConfigHistory+Plugin) 9 | 10 | [https://www.slideshare.net/kponiatowski/if-cicd-teams-have-time-for-security-so-do-you](https://www.slideshare.net/kponiatowski/if-cicd-teams-have-time-for-security-so-do-you) 11 | -------------------------------------------------------------------------------- /_tips/protect-your-servers-and-infrastructure.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Protect your servers and infrastructure 3 | stage: Series A 4 | category: Protection 5 | --- 6 | Your servers will be scanned in order to fingerprint your application and locate open services, misconfiguration, etc. You can setup tools to keep these scanners away from your servers. 7 | 8 | [https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04](https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04) 9 | -------------------------------------------------------------------------------- /_tips/protect-your-users-against-account-takeovers.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Protect your users against account takeovers 3 | stage: Series A 4 | category: Protection 5 | --- 6 | Account takeovers or brute force attacks are easy to setup. You should make sure your users are protected against account takeovers. 7 | 8 | [https://www.owasp.org/index.php/Blocking_Brute_Force_Attacks](https://www.owasp.org/index.php/Blocking_Brute_Force_Attacks) 9 | 10 | [https://security.stackexchange.com/questions/94432/should-i-implement-incorrect-password-delay-in-a-website-or-a-webservice](https://security.stackexchange.com/questions/94432/should-i-implement-incorrect-password-delay-in-a-website-or-a-webservice) 11 | 12 | [https://www.sqreen.io/](https://www.sqreen.io/) 13 | -------------------------------------------------------------------------------- /_tips/run-security-tests-on-your-code.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Run Security tests on your code 3 | stage: Series A 4 | category: Code 5 | --- 6 | Static Application Security Testing (SAST) is an easy and fast way to find security vulnerabilities in your code. You can enforce SAST security checks in your CI, but be aware of the high number of false positives that can frustrate developers. 7 | 8 | [https://www.owasp.org/index.php/Source_Code_Analysis_Tools](https://www.owasp.org/index.php/Source_Code_Analysis_Tools) 9 | 10 | [https://github.com/mre/awesome-static-analysis](https://github.com/mre/awesome-static-analysis) 11 | 12 | [https://docs.travis-ci.com/user/coverity-scan](https://docs.travis-ci.com/user/coverity-scan) 13 | -------------------------------------------------------------------------------- /_tips/stay-on-top-of-best-practices.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Stay on top of best practices 3 | stage: Series A 4 | category: Culture 5 | --- 6 | DevOps is an ever-changing landscape. Ensure that you stay up to date in terms of new technologies, vulnerabilities or best practices. 7 | 8 | [https://aws.amazon.com/whitepapers/architecting-for-the-aws-cloud-best-practices/](https://aws.amazon.com/whitepapers/architecting-for-the-aws-cloud-best-practices/) 9 | 10 | [https://docs.microsoft.com/en-us/azure/security/azure-security-network-security-best-practices](https://docs.microsoft.com/en-us/azure/security/azure-security-network-security-best-practices) 11 | 12 | [http://webopsweekly.com/](http://webopsweekly.com/) 13 | -------------------------------------------------------------------------------- /_tips/store-encrypted-passwords-in-your-configuration-management.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Store encrypted passwords in your configuration management 3 | stage: Series B 4 | category: Infrastructure 5 | --- 6 | Storing passwords (like databases ones) can be done on a dedicated database with restricted access. An other solution is to store them encrypted in your Source Code Management (SCM) system. That way, you just need the master key to decrypt them. 7 | 8 | **Chef:** [https://github.com/chef/chef-vault](https://github.com/chef/chef-vault) 9 | 10 | **Puppet:** [https://puppet.com/blog/encrypt-your-data-using-hiera-eyaml](https://puppet.com/blog/encrypt-your-data-using-hiera-eyaml) 11 | 12 | **Salt:** [https://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.gpg.html](https://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.gpg.html) 13 | 14 | **Ansible:** [http://docs.ansible.com/ansible/playbooks_vault.html](http://docs.ansible.com/ansible/playbooks_vault.html) 15 | -------------------------------------------------------------------------------- /_tips/understand-the-risk.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Understand the risk 3 | stage: Series A 4 | category: Culture 5 | --- 6 | The cost of breaches is drastically increasing and security should be taken seriously inside an organization. DevOps engineers should play an important role in advocating for better security practices 7 | 8 | [http://www.nttcomsecurity.com/us/uploads/documentdatabase/US_Report_Risk_Value_Public_Approved_v2.pdf](http://www.nttcomsecurity.com/us/uploads/documentdatabase/US_Report_Risk_Value_Public_Approved_v2.pdf) 9 | 10 | [http://fortune.com/2016/06/15/data-breach-cost-study-ibm/](http://fortune.com/2016/06/15/data-breach-cost-study-ibm/) 11 | 12 | [https://www.troyhunt.com/the-emergence-of-historical-mega-breaches/](https://www.troyhunt.com/the-emergence-of-historical-mega-breaches/) 13 | -------------------------------------------------------------------------------- /_tips/upgrade-yours-servers-regurlarly.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Upgrade your servers regularly 3 | stage: Series A 4 | category: Infrastructure 5 | --- 6 | Server packages and libraries are often updated when security vulnerabilities are found. You should update them as soon as a security vulnerability is found. 7 | 8 | [https://www.ubuntu.com/usn/](https://www.ubuntu.com/usn/) 9 | 10 | [https://help.ubuntu.com/community/AutomaticSecurityUpdates](https://help.ubuntu.com/community/AutomaticSecurityUpdates) 11 | 12 | [https://access.redhat.com/security/vulnerabilities](https://access.redhat.com/security/vulnerabilities) 13 | -------------------------------------------------------------------------------- /_tips/use-an-immutable-infrastructure.markdown: -------------------------------------------------------------------------------- 1 | --- 2 | title: Use an immutable infrastructure 3 | stage: Post Series B 4 | category: Infrastructure 5 | --- 6 | Use immutable infrastructures to avoid having to manage and update your servers. 7 | 8 | [https://martinfowler.com/bliki/ImmutableServer.html](https://martinfowler.com/bliki/ImmutableServer.html) 9 | 10 | [https://hackernoon.com/configuration-management-is-an-antipattern-e677e34be64c#.n68b1i3eo](https://hackernoon.com/configuration-management-is-an-antipattern-e677e34be64c#.n68b1i3eo) 11 | -------------------------------------------------------------------------------- /android-chrome-192x192.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/android-chrome-192x192.png -------------------------------------------------------------------------------- /android-chrome-512x512.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/android-chrome-512x512.png -------------------------------------------------------------------------------- /apple-touch-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/apple-touch-icon.png -------------------------------------------------------------------------------- /assets/main.scss: -------------------------------------------------------------------------------- 1 | --- 2 | # Only the main Sass file needs front matter (the dashes are enough) 3 | --- 4 | 5 | 6 | // 7 | // ___ __ _ _ __ ___ ___ _ __ 8 | // / __|/ _` | '__/ _ \/ _ \ '_ \ 9 | // \__ \ (_| | | | __/ __/ | | | 10 | // |___/\__, |_| \___|\___|_| |_| 11 | // |_| 12 | // 13 | 14 | @charset "utf-8"; 15 | 16 | // Design 17 | @import "design/_reset"; 18 | @import "design/_colors"; 19 | @import "design/_font"; 20 | @import "design/_mixin"; 21 | @import "design/_title"; 22 | 23 | //Pages 24 | @import "pages/layout"; 25 | @import "pages/home"; 26 | 27 | // Elements 28 | @import "elements/github-corner"; 29 | @import "elements/footer"; 30 | -------------------------------------------------------------------------------- /browserconfig.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | #ffffff 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /develop.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | set -x 5 | 6 | 7 | jekyll s -wV 8 | -------------------------------------------------------------------------------- /favicon-16x16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/favicon-16x16.png -------------------------------------------------------------------------------- /favicon-32x32.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/favicon-32x32.png -------------------------------------------------------------------------------- /favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/favicon.ico -------------------------------------------------------------------------------- /fonts/FilsonSoftBook.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/FilsonSoftBook.eot -------------------------------------------------------------------------------- /fonts/FilsonSoftBook.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/FilsonSoftBook.ttf -------------------------------------------------------------------------------- /fonts/FilsonSoftBook.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/FilsonSoftBook.woff -------------------------------------------------------------------------------- /fonts/FilsonSoftMedium.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/FilsonSoftMedium.eot -------------------------------------------------------------------------------- /fonts/FilsonSoftMedium.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/FilsonSoftMedium.ttf -------------------------------------------------------------------------------- /fonts/FilsonSoftMedium.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/FilsonSoftMedium.woff -------------------------------------------------------------------------------- /fonts/FilsonSoftRegular.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/FilsonSoftRegular.eot -------------------------------------------------------------------------------- /fonts/FilsonSoftRegular.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/FilsonSoftRegular.ttf -------------------------------------------------------------------------------- /fonts/FilsonSoftRegular.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/FilsonSoftRegular.woff -------------------------------------------------------------------------------- /fonts/hinted-ProximaNova-Black.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/hinted-ProximaNova-Black.eot -------------------------------------------------------------------------------- /fonts/hinted-ProximaNova-Black.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/hinted-ProximaNova-Black.ttf -------------------------------------------------------------------------------- /fonts/hinted-ProximaNova-Black.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/hinted-ProximaNova-Black.woff -------------------------------------------------------------------------------- /fonts/hinted-ProximaNova-Black.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/hinted-ProximaNova-Black.woff2 -------------------------------------------------------------------------------- /fonts/hinted-ProximaNova-Bold.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/hinted-ProximaNova-Bold.eot -------------------------------------------------------------------------------- /fonts/hinted-ProximaNova-Bold.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/hinted-ProximaNova-Bold.ttf -------------------------------------------------------------------------------- /fonts/hinted-ProximaNova-Bold.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/hinted-ProximaNova-Bold.woff -------------------------------------------------------------------------------- /fonts/hinted-ProximaNova-Bold.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/hinted-ProximaNova-Bold.woff2 -------------------------------------------------------------------------------- /fonts/hinted-ProximaNova-Extrabld.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/hinted-ProximaNova-Extrabld.eot -------------------------------------------------------------------------------- /fonts/hinted-ProximaNova-Extrabld.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/hinted-ProximaNova-Extrabld.ttf -------------------------------------------------------------------------------- /fonts/hinted-ProximaNova-Extrabld.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/hinted-ProximaNova-Extrabld.woff -------------------------------------------------------------------------------- /fonts/hinted-ProximaNova-Extrabld.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/hinted-ProximaNova-Extrabld.woff2 -------------------------------------------------------------------------------- /fonts/hinted-ProximaNova-Light.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/hinted-ProximaNova-Light.eot -------------------------------------------------------------------------------- /fonts/hinted-ProximaNova-Light.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/hinted-ProximaNova-Light.ttf -------------------------------------------------------------------------------- /fonts/hinted-ProximaNova-Light.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/hinted-ProximaNova-Light.woff -------------------------------------------------------------------------------- /fonts/hinted-ProximaNova-Light.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/hinted-ProximaNova-Light.woff2 -------------------------------------------------------------------------------- /fonts/hinted-ProximaNova-Regular.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/hinted-ProximaNova-Regular.eot -------------------------------------------------------------------------------- /fonts/hinted-ProximaNova-Regular.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/hinted-ProximaNova-Regular.ttf -------------------------------------------------------------------------------- /fonts/hinted-ProximaNova-Regular.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/hinted-ProximaNova-Regular.woff -------------------------------------------------------------------------------- /fonts/hinted-ProximaNova-Regular.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/hinted-ProximaNova-Regular.woff2 -------------------------------------------------------------------------------- /fonts/hinted-ProximaNova-Semibold.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/hinted-ProximaNova-Semibold.eot -------------------------------------------------------------------------------- /fonts/hinted-ProximaNova-Semibold.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/hinted-ProximaNova-Semibold.ttf -------------------------------------------------------------------------------- /fonts/hinted-ProximaNova-Semibold.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/hinted-ProximaNova-Semibold.woff -------------------------------------------------------------------------------- /fonts/hinted-ProximaNova-Semibold.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/hinted-ProximaNova-Semibold.woff2 -------------------------------------------------------------------------------- /fonts/hinted-ProximaNovaT-Thin.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/hinted-ProximaNovaT-Thin.eot -------------------------------------------------------------------------------- /fonts/hinted-ProximaNovaT-Thin.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/hinted-ProximaNovaT-Thin.ttf -------------------------------------------------------------------------------- /fonts/hinted-ProximaNovaT-Thin.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/hinted-ProximaNovaT-Thin.woff -------------------------------------------------------------------------------- /fonts/hinted-ProximaNovaT-Thin.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/fonts/hinted-ProximaNovaT-Thin.woff2 -------------------------------------------------------------------------------- /images/arrow-bottom.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /images/burger.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /images/cross.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /images/icon-check.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /images/icon-facebook.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /images/icon-linkedin.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /images/icon-twitter-white.svg: -------------------------------------------------------------------------------- 1 | 2 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /images/icon-twitter.svg: -------------------------------------------------------------------------------- 1 | 2 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /images/logo-csc.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /images/scsc-logo.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 94D55B56-0ADD-4D59-B9EF-27EC8B41D2E0 5 | Created with sketchtool. 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 46 | 47 | 48 | -------------------------------------------------------------------------------- /images/share-pic.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqreen/DevOpsSecurityChecklist/568f21fb6b0b35e7df0721097ae2fd378f78053d/images/share-pic.jpg -------------------------------------------------------------------------------- /images/sqreen-logo-grey.svg: -------------------------------------------------------------------------------- 1 | 315D4C2C-4C6C-43C4-B8EF-4DF868EC0911 -------------------------------------------------------------------------------- /images/sqreen-logo.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | EA5A8D33-64B9-4923-A21A-115BBE6DDA8A 5 | Created with sketchtool. 6 | 7 | 8 | 9 | 17 | 18 | 19 | -------------------------------------------------------------------------------- /index.md: -------------------------------------------------------------------------------- 1 | --- 2 | # You don't need to edit this file, it's empty on purpose. 3 | # Edit theme's home layout instead if you wanna make some changes 4 | # See: https://jekyllrb.com/docs/themes/#overriding-theme-defaults 5 | layout: home 6 | --- 7 | -------------------------------------------------------------------------------- /js/main.js: -------------------------------------------------------------------------------- 1 | // Isotope filtering 2 | //======================================== 3 | var $grid = $('.checklist').isotope(); 4 | setTimeout(function(){ 5 | $grid.isotope({ 6 | transitionDuration: 0, 7 | filter: ".series-b, .series-a, .post-series-b" 8 | }); 9 | }, 0); 10 | 11 | var currentStage = 'post-series-b'; 12 | var currentClickId = ''; 13 | var liChecked = []; 14 | var hash = ''; 15 | 16 | // Show series-a items 17 | $('.filter-bar .seriesa').on( 'click', function() { 18 | $(this).parent().parent().removeClass('selected-two selected-three').addClass('selected-one'); 19 | $grid.isotope({ 20 | transitionDuration: 300, 21 | filter: ".series-a" 22 | }); 23 | currentStage = 'series-a'; 24 | countCheck(currentStage); 25 | changeHash(); 26 | }); 27 | // Show series-b items 28 | $('.filter-bar .seriesb').on( 'click', function() { 29 | $(this).parent().parent().removeClass('selected-one selected-three').addClass('selected-two'); 30 | $grid.isotope({ 31 | transitionDuration: 300, 32 | filter: ".series-b, .series-a" 33 | }); 34 | currentStage = 'series-b'; 35 | countCheck(currentStage); 36 | changeHash(); 37 | }); 38 | // Show post-series-b item 39 | $('.filter-bar .post-seriesb').on( 'click', function() { 40 | $(this).parent().parent().removeClass('selected-two selected-one').addClass('selected-three'); 41 | $grid.isotope({ 42 | transitionDuration: 300, 43 | filter: '*' 44 | }) 45 | currentStage = 'post-series-b'; 46 | countCheck(currentStage); 47 | changeHash(); 48 | }); 49 | 50 | // Smooth scrolling 51 | //======================================== 52 | $('nav a').click(function(e){ 53 | e.preventDefault(); 54 | $('nav li').removeClass('active'); 55 | $(this).parent().addClass('active'); 56 | var target = $(this).attr('href'); 57 | 58 | $('html, body').animate({ 59 | scrollTop: $(target).offset().top - 100 60 | }, 1000); 61 | }); 62 | 63 | // Check 64 | //======================================== 65 | $('.check').click(function(){ 66 | var liClicked = $(this).parent().parent().attr('id'); 67 | currentClickId = liClicked; 68 | if ($(this).hasClass('checked')) { 69 | $(this).removeClass('checked'); 70 | $(this).parent().find('.expend-bar').removeClass('checked'); 71 | for ( var i = 0; i < liChecked.length; i++ ) { 72 | if ( liChecked[i] === liClicked ) { 73 | var index = liChecked.indexOf(liChecked[i]); 74 | liChecked.splice(index, 1); 75 | } 76 | } 77 | } 78 | else { 79 | $(this).addClass('checked'); 80 | $(this).parent().find('.expend-bar').addClass('checked'); 81 | liChecked.push(liClicked); 82 | } 83 | countCheck(currentStage); 84 | changeHash(); 85 | }); 86 | 87 | // Expend/collapse 88 | //======================================== 89 | $('.btn, .expend-bar').click(function(){ 90 | var parent = $(this).parent().parent(); 91 | var body = $(parent).find(".body"); 92 | 93 | if ($(parent).hasClass('expend')) { 94 | $(parent).removeClass('expend'); 95 | $(body).slideUp(300); 96 | $grid.isotope(); 97 | } 98 | else { 99 | $(parent).addClass('expend'); 100 | $(body).slideDown(300); 101 | $grid.isotope(); 102 | } 103 | }); 104 | 105 | // Open/close menu mobile 106 | //======================================== 107 | $('.burger').click(function(){ 108 | $('.mobile-menu').show(); 109 | setTimeout(function(){ 110 | $('.mobile-menu').addClass('open'); 111 | }, 100); 112 | }); 113 | $('.close, .mobile-menu .nav a').click(function(){ 114 | $('.mobile-menu').removeClass('open'); 115 | 116 | setTimeout(function(){ 117 | $('.mobile-menu').hide(); 118 | }, 600); 119 | }); 120 | 121 | // Open share links in a popup 122 | //======================================== 123 | $('.social a, .social-mob a').click(function(e){ 124 | e.preventDefault(); 125 | function mypopup(link) { 126 | mywindow = window.open(link, "Share it!", "location=1,status=1,scrollbars=1,width=900,height=700"); 127 | mywindow.moveTo(window.innerWidth/4, 100); 128 | } 129 | mypopup($(this).attr('href')); 130 | }); 131 | 132 | // Scrollspy 133 | //======================================== 134 | $(function() { 135 | var lastId, 136 | topMenu = $("nav ul"), 137 | topMenuHeight = topMenu.outerHeight()+200, 138 | menuItems = topMenu.find("a"), 139 | scrollItems = menuItems.map(function(){ 140 | var item = $($(this).attr("href")); 141 | if (item.length) { return item; } 142 | }); 143 | menuItems.click(function(e){ 144 | var href = $(this).attr("href"), 145 | offsetTop = href === "#" ? 0 : $(href).offset().top - 120; 146 | $('html, body').stop().animate({ 147 | scrollTop: offsetTop 148 | }, 1000); 149 | e.preventDefault(); 150 | }); 151 | 152 | $(window).scroll(function(){ 153 | var fromTop = $(this).scrollTop()+topMenuHeight; 154 | var cur = scrollItems.map(function(){ 155 | if ($(this).offset().top < fromTop) 156 | return this; 157 | }); 158 | cur = cur[cur.length-1]; 159 | var id = cur && cur.length ? cur[0].id : ""; 160 | 161 | if (lastId !== id) { 162 | lastId = id; 163 | menuItems 164 | .parent().removeClass("active") 165 | .end().filter("[href='#"+id+"']").parent().addClass("active"); 166 | } 167 | }); 168 | }); 169 | 170 | // Progress bar 171 | //======================================== 172 | var checkedItems = 0; 173 | var items = 0; 174 | function countCheck ( stage ) { 175 | if ( stage === "series-a" ) { 176 | items = $('.series-a .check').length; 177 | checkedItems = $('.series-a .check.checked').length; 178 | } 179 | else if ( stage === "series-b" ) { 180 | items = $('.series-a .check').length; 181 | items = items + $('.series-b .check').length; 182 | checkedItems = $('.series-a .check.checked').length; 183 | checkedItems = checkedItems + $('.series-b .check.checked').length; 184 | } 185 | else { 186 | items = $('.header .check').length; 187 | checkedItems = $('.header .check.checked').length; 188 | } 189 | 190 | var progressBar = Math.round((checkedItems * 100) / items); 191 | $('.progression span').text('Progress: '+progressBar+'%'); 192 | $('.barre').css('width', progressBar+'%'); 193 | } 194 | 195 | // Add unique id to checks 196 | //======================================== 197 | $(window).on( 'load', function() { 198 | var liLength = $('.checklist li').length; 199 | for ( var i = 0; i < liLength; i++ ) { 200 | var li = $('.checklist li')[i]; 201 | $(li).attr('id', i); 202 | } 203 | }); 204 | 205 | // Change hash 206 | //======================================== 207 | function changeHash() { 208 | if ( liChecked.length === 0 ) { 209 | location.hash = 'stage='+ currentStage; 210 | } 211 | else { 212 | location.hash = 'stage='+ currentStage +'#check='+ liChecked.toString(); 213 | } 214 | } 215 | function populateWithHash() { 216 | var hasFilter = location.hash.match( /[a-zA-Z]+/i ); 217 | if ( hasFilter === null ) { 218 | $('.select-block').addClass('selected-three'); 219 | currentStage = 'post-series-b'; 220 | return; 221 | } 222 | else { 223 | hasFilter = hasFilter.input.split("#"); 224 | if ( hasFilter[1] === 'stage=series-a' | hasFilter[1] === 'stage=series-b' | hasFilter[1] === 'stage=post-series-b' ) { 225 | var stage = hasFilter[1].replace("stage=", ""); 226 | currentStage = stage; 227 | if ( stage === 'series-a') { 228 | $('.select-block').addClass('selected-one'); 229 | } 230 | else if ( stage === 'series-b' ) { 231 | $('.select-block').addClass('selected-two'); 232 | $grid.isotope({ 233 | transitionDuration: 300, 234 | filter: ".series-a, .series-b" 235 | }); 236 | } 237 | else { 238 | $('.select-block').addClass('selected-three'); 239 | $grid.isotope({ 240 | transitionDuration: 300, 241 | filter: "*" 242 | }); 243 | } 244 | if ( hasFilter[2] != null ) { 245 | var checks = hasFilter[2].replace("check=", ""); 246 | checks = checks.split(','); 247 | liChecked = checks; 248 | for ( var i = 0; i < checks.length; i++ ) { 249 | $('#'+checks[i]).find('.check').addClass('checked'); 250 | $('#'+checks[i]).find('.expend-bar').addClass('checked'); 251 | } 252 | countCheck(stage); 253 | } 254 | } 255 | else { 256 | $('.select-block').addClass('selected-one'); 257 | currentStage = 'series-a'; 258 | location.hash = '/'; 259 | } 260 | } 261 | } 262 | $(window).on( 'load', populateWithHash ); 263 | -------------------------------------------------------------------------------- /js/vendors/scrollspy.js: -------------------------------------------------------------------------------- 1 | /** 2 | * Extend jquery with a scrollspy plugin. 3 | * This watches the window scroll and fires events when elements are scrolled into viewport. 4 | * 5 | * throttle() and getTime() taken from Underscore.js 6 | * https://github.com/jashkenas/underscore 7 | * 8 | * @author Copyright 2013 John Smart 9 | * @license https://raw.github.com/thesmart/jquery-scrollspy/master/LICENSE 10 | * @see https://github.com/thesmart 11 | * @version 0.1.2 12 | */ 13 | (function($) { 14 | 15 | var jWindow = $(window); 16 | var elements = []; 17 | var elementsInView = []; 18 | var isSpying = false; 19 | var ticks = 0; 20 | var offset = { 21 | top : 0, 22 | right : 0, 23 | bottom : 0, 24 | left : 0, 25 | } 26 | 27 | /** 28 | * Find elements that are within the boundary 29 | * @param {number} top 30 | * @param {number} right 31 | * @param {number} bottom 32 | * @param {number} left 33 | * @return {jQuery} A collection of elements 34 | */ 35 | function findElements(top, right, bottom, left) { 36 | var hits = $(); 37 | $.each(elements, function(i, element) { 38 | var elTop = element.offset().top, 39 | elLeft = element.offset().left, 40 | elRight = elLeft + element.width(), 41 | elBottom = elTop + element.height(); 42 | 43 | var isIntersect = !(elLeft > right || 44 | elRight < left || 45 | elTop > bottom || 46 | elBottom < top); 47 | 48 | if (isIntersect) { 49 | hits.push(element); 50 | } 51 | }); 52 | 53 | return hits; 54 | } 55 | 56 | /** 57 | * Called when the user scrolls the window 58 | */ 59 | function onScroll() { 60 | // unique tick id 61 | ++ticks; 62 | 63 | // viewport rectangle 64 | var top = jWindow.scrollTop(), 65 | left = jWindow.scrollLeft(), 66 | right = left + jWindow.width(), 67 | bottom = top + jWindow.height(); 68 | 69 | // determine which elements are in view 70 | var intersections = findElements(top+offset.top, right+offset.right, bottom+offset.bottom, left+offset.left); 71 | $.each(intersections, function(i, element) { 72 | var lastTick = element.data('scrollSpy:ticks'); 73 | if (typeof lastTick != 'number') { 74 | // entered into view 75 | element.triggerHandler('scrollSpy:enter'); 76 | } 77 | 78 | // update tick id 79 | element.data('scrollSpy:ticks', ticks); 80 | }); 81 | 82 | // determine which elements are no longer in view 83 | $.each(elementsInView, function(i, element) { 84 | var lastTick = element.data('scrollSpy:ticks'); 85 | if (typeof lastTick == 'number' && lastTick !== ticks) { 86 | // exited from view 87 | element.triggerHandler('scrollSpy:exit'); 88 | element.data('scrollSpy:ticks', null); 89 | } 90 | }); 91 | 92 | // remember elements in view for next tick 93 | elementsInView = intersections; 94 | } 95 | 96 | /** 97 | * Called when window is resized 98 | */ 99 | function onWinSize() { 100 | jWindow.trigger('scrollSpy:winSize'); 101 | } 102 | 103 | /** 104 | * Get time in ms 105 | * @license https://raw.github.com/jashkenas/underscore/master/LICENSE 106 | * @type {function} 107 | * @return {number} 108 | */ 109 | var getTime = (Date.now || function () { 110 | return new Date().getTime(); 111 | }); 112 | 113 | /** 114 | * Returns a function, that, when invoked, will only be triggered at most once 115 | * during a given window of time. Normally, the throttled function will run 116 | * as much as it can, without ever going more than once per `wait` duration; 117 | * but if you'd like to disable the execution on the leading edge, pass 118 | * `{leading: false}`. To disable execution on the trailing edge, ditto. 119 | * @license https://raw.github.com/jashkenas/underscore/master/LICENSE 120 | * @param {function} func 121 | * @param {number} wait 122 | * @param {Object=} options 123 | * @returns {Function} 124 | */ 125 | function throttle(func, wait, options) { 126 | var context, args, result; 127 | var timeout = null; 128 | var previous = 0; 129 | options || (options = {}); 130 | var later = function () { 131 | previous = options.leading === false ? 0 : getTime(); 132 | timeout = null; 133 | result = func.apply(context, args); 134 | context = args = null; 135 | }; 136 | return function () { 137 | var now = getTime(); 138 | if (!previous && options.leading === false) previous = now; 139 | var remaining = wait - (now - previous); 140 | context = this; 141 | args = arguments; 142 | if (remaining <= 0) { 143 | clearTimeout(timeout); 144 | timeout = null; 145 | previous = now; 146 | result = func.apply(context, args); 147 | context = args = null; 148 | } else if (!timeout && options.trailing !== false) { 149 | timeout = setTimeout(later, remaining); 150 | } 151 | return result; 152 | }; 153 | }; 154 | 155 | /** 156 | * Enables ScrollSpy using a selector 157 | * @param {jQuery|string} selector The elements collection, or a selector 158 | * @param {Object=} options Optional. 159 | throttle : number -> scrollspy throttling. Default: 100 ms 160 | offsetTop : number -> offset from top. Default: 0 161 | offsetRight : number -> offset from right. Default: 0 162 | offsetBottom : number -> offset from bottom. Default: 0 163 | offsetLeft : number -> offset from left. Default: 0 164 | * @returns {jQuery} 165 | */ 166 | $.scrollSpy = function(selector, options) { 167 | selector = $(selector); 168 | selector.each(function(i, element) { 169 | elements.push($(element)); 170 | }); 171 | options = options || { 172 | throttle: 100 173 | }; 174 | 175 | offset.top = options.offsetTop || 0; 176 | offset.right = options.offsetRight || 0; 177 | offset.bottom = options.offsetBottom || 0; 178 | offset.left = options.offsetLeft || 0; 179 | 180 | var throttledScroll = throttle(onScroll, options.throttle || 100); 181 | var readyScroll = function(){ 182 | $(document).ready(throttledScroll); 183 | }; 184 | 185 | if (!isSpying) { 186 | jWindow.on('scroll', readyScroll); 187 | jWindow.on('resize', readyScroll); 188 | isSpying = true; 189 | } 190 | 191 | // perform a scan once, after current execution context, and after dom is ready 192 | setTimeout(readyScroll, 0); 193 | 194 | return selector; 195 | }; 196 | 197 | /** 198 | * Listen for window resize events 199 | * @param {Object=} options Optional. Set { throttle: number } to change throttling. Default: 100 ms 200 | * @returns {jQuery} $(window) 201 | */ 202 | $.winSizeSpy = function(options) { 203 | $.winSizeSpy = function() { return jWindow; }; // lock from multiple calls 204 | options = options || { 205 | throttle: 100 206 | }; 207 | return jWindow.on('resize', throttle(onWinSize, options.throttle || 100)); 208 | }; 209 | 210 | /** 211 | * Enables ScrollSpy on a collection of elements 212 | * e.g. $('.scrollSpy').scrollSpy() 213 | * @param {Object=} options Optional. 214 | throttle : number -> scrollspy throttling. Default: 100 ms 215 | offsetTop : number -> offset from top. Default: 0 216 | offsetRight : number -> offset from right. Default: 0 217 | offsetBottom : number -> offset from bottom. Default: 0 218 | offsetLeft : number -> offset from left. Default: 0 219 | * @returns {jQuery} 220 | */ 221 | $.fn.scrollSpy = function(options) { 222 | return $.scrollSpy($(this), options); 223 | }; 224 | 225 | })(jQuery); 226 | -------------------------------------------------------------------------------- /js/vendors/viewport-units-buggyfill.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * viewport-units-buggyfill v0.6.0 3 | * @web: https://github.com/rodneyrehm/viewport-units-buggyfill/ 4 | * @author: Rodney Rehm - http://rodneyrehm.de/en/ 5 | */ 6 | 7 | (function (root, factory) { 8 | 'use strict'; 9 | if (typeof define === 'function' && define.amd) { 10 | // AMD. Register as an anonymous module. 11 | define([], factory); 12 | } else if (typeof exports === 'object') { 13 | // Node. Does not work with strict CommonJS, but 14 | // only CommonJS-like enviroments that support module.exports, 15 | // like Node. 16 | module.exports = factory(); 17 | } else { 18 | // Browser globals (root is window) 19 | root.viewportUnitsBuggyfill = factory(); 20 | } 21 | }(this, function () { 22 | 'use strict'; 23 | /*global document, window, navigator, location, XMLHttpRequest, XDomainRequest, CustomEvent*/ 24 | 25 | var initialized = false; 26 | var options; 27 | var userAgent = window.navigator.userAgent; 28 | var viewportUnitExpression = /([+-]?[0-9.]+)(vh|vw|vmin|vmax)/g; 29 | var forEach = [].forEach; 30 | var dimensions; 31 | var declarations; 32 | var styleNode; 33 | var isBuggyIE = /MSIE [0-9]\./i.test(userAgent); 34 | var isOldIE = /MSIE [0-8]\./i.test(userAgent); 35 | var isOperaMini = userAgent.indexOf('Opera Mini') > -1; 36 | 37 | var isMobileSafari = /(iPhone|iPod|iPad).+AppleWebKit/i.test(userAgent) && (function() { 38 | // Regexp for iOS-version tested against the following userAgent strings: 39 | // Example WebView UserAgents: 40 | // * iOS Chrome on iOS8: "Mozilla/5.0 (iPad; CPU OS 8_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) CriOS/39.0.2171.50 Mobile/12B410 Safari/600.1.4" 41 | // * iOS Facebook on iOS7: "Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Mobile/11D201 [FBAN/FBIOS;FBAV/12.1.0.24.20; FBBV/3214247; FBDV/iPhone6,1;FBMD/iPhone; FBSN/iPhone OS;FBSV/7.1.1; FBSS/2; FBCR/AT&T;FBID/phone;FBLC/en_US;FBOP/5]" 42 | // Example Safari UserAgents: 43 | // * Safari iOS8: "Mozilla/5.0 (iPhone; CPU iPhone OS 8_0 like Mac OS X) AppleWebKit/600.1.3 (KHTML, like Gecko) Version/8.0 Mobile/12A4345d Safari/600.1.4" 44 | // * Safari iOS7: "Mozilla/5.0 (iPhone; CPU iPhone OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A4449d Safari/9537.53" 45 | var iOSversion = userAgent.match(/OS (\d)/); 46 | // viewport units work fine in mobile Safari and webView on iOS 8+ 47 | return iOSversion && iOSversion.length>1 && parseInt(iOSversion[1]) < 10; 48 | })(); 49 | 50 | var isBadStockAndroid = (function() { 51 | // Android stock browser test derived from 52 | // http://stackoverflow.com/questions/24926221/distinguish-android-chrome-from-stock-browser-stock-browsers-user-agent-contai 53 | var isAndroid = userAgent.indexOf(' Android ') > -1; 54 | if (!isAndroid) { 55 | return false; 56 | } 57 | 58 | var isStockAndroid = userAgent.indexOf('Version/') > -1; 59 | if (!isStockAndroid) { 60 | return false; 61 | } 62 | 63 | var versionNumber = parseFloat((userAgent.match('Android ([0-9.]+)') || [])[1]); 64 | // anything below 4.4 uses WebKit without *any* viewport support, 65 | // 4.4 has issues with viewport units within calc() 66 | return versionNumber <= 4.4; 67 | })(); 68 | 69 | // added check for IE10, IE11 and Edge < 20, since it *still* doesn't understand vmax 70 | // http://caniuse.com/#feat=viewport-units 71 | if (!isBuggyIE) { 72 | isBuggyIE = !!navigator.userAgent.match(/MSIE 10\.|Trident.*rv[ :]*1[01]\.| Edge\/1\d\./); 73 | } 74 | 75 | // Polyfill for creating CustomEvents on IE9/10/11 76 | // from https://github.com/krambuhl/custom-event-polyfill 77 | try { 78 | new CustomEvent('test'); 79 | } catch(e) { 80 | var CustomEvent = function(event, params) { 81 | var evt; 82 | params = params || { 83 | bubbles: false, 84 | cancelable: false, 85 | detail: undefined 86 | }; 87 | 88 | evt = document.createEvent('CustomEvent'); 89 | evt.initCustomEvent(event, params.bubbles, params.cancelable, params.detail); 90 | return evt; 91 | }; 92 | CustomEvent.prototype = window.Event.prototype; 93 | window.CustomEvent = CustomEvent; // expose definition to window 94 | } 95 | 96 | function debounce(func, wait) { 97 | var timeout; 98 | return function() { 99 | var context = this; 100 | var args = arguments; 101 | var callback = function() { 102 | func.apply(context, args); 103 | }; 104 | 105 | clearTimeout(timeout); 106 | timeout = setTimeout(callback, wait); 107 | }; 108 | } 109 | 110 | // from http://stackoverflow.com/questions/326069/how-to-identify-if-a-webpage-is-being-loaded-inside-an-iframe-or-directly-into-t 111 | function inIframe() { 112 | try { 113 | return window.self !== window.top; 114 | } catch (e) { 115 | return true; 116 | } 117 | } 118 | 119 | function initialize(initOptions) { 120 | if (initialized) { 121 | return; 122 | } 123 | 124 | if (initOptions === true) { 125 | initOptions = { 126 | force: true 127 | }; 128 | } 129 | 130 | options = initOptions || {}; 131 | options.isMobileSafari = isMobileSafari; 132 | options.isBadStockAndroid = isBadStockAndroid; 133 | 134 | if (options.ignoreVmax && !options.force && !isOldIE) { 135 | // modern IE (10 and up) do not support vmin/vmax, 136 | // but chances are this unit is not even used, so 137 | // allow overwriting the "hacktivation" 138 | // https://github.com/rodneyrehm/viewport-units-buggyfill/issues/56 139 | isBuggyIE = false; 140 | } 141 | 142 | if (isOldIE || (!options.force && !isMobileSafari && !isBuggyIE && !isBadStockAndroid && !isOperaMini && (!options.hacks || !options.hacks.required(options)))) { 143 | // this buggyfill only applies to mobile safari, IE9-10 and the Stock Android Browser. 144 | if (window.console && isOldIE) { 145 | console.info('viewport-units-buggyfill requires a proper CSSOM and basic viewport unit support, which are not available in IE8 and below'); 146 | } 147 | 148 | return { 149 | init: function () {} 150 | }; 151 | } 152 | 153 | // fire a custom event that buggyfill was initialize 154 | window.dispatchEvent(new CustomEvent('viewport-units-buggyfill-init')); 155 | 156 | options.hacks && options.hacks.initialize(options); 157 | 158 | initialized = true; 159 | styleNode = document.createElement('style'); 160 | styleNode.id = 'patched-viewport'; 161 | document.head.appendChild(styleNode); 162 | 163 | // Issue #6: Cross Origin Stylesheets are not accessible through CSSOM, 164 | // therefore download and inject them as