Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 8 Jun 2015 13:32:19 -0400
From: Scott Arciszewski <scott@...agonie.com>
To: oss-security@...ts.openwall.com
Subject: Re: Suggestions Sought for Appsec Reading List

------------------------------

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 08.06.2015 05:09, Scott Arciszewski wrote:

Hi oss-sec readers!

Earlier this year, we decided to start a curated list for learning
about application security and host it on Github.

Currently, we have a good spread of general topics and
PHP-specific security pitfalls, but we'd like to gather more
resources to help developers with experience in a particular
language learn how to build more resilient applications.
https://github.com/paragonie/awesome-appsec

The list lives at that URL, please send pull requests. It's as easy
as creating a .json file somewhere appropriately within the data/
directory; I'll take care of the rest.

Scott Arciszewski Chief Development Officer Paragon Initiative
Enterprises <https://paragonie.com>


Is this intended just for programmers or also system administrators?

if so, you might want to add the recommendations ofhttps://bettercrypto.org

their recommendations can be found here as a
pdf:https://bettercrypto.org/static/applied-crypto-hardening.pdf

and on github as latex source (I believe).

if this is not about save configuration of services, please feel
free to ignore this message.

kind regards

Sven
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQGcBAEBCAAGBQJVdcN+AAoJEAq0kGAWDrqlpZcL/2uQfEpiXTMt7BHxRlXrHJXp
lQs0T7z9dsPjeibU5/XXhe9zX8r3EjrjwkJVVlBqH3rr6LZOyiNnzVWIUrzLPqSq
A7PLlKLEKGAW3W4i+/txQWd4atYt2xIVEwv52qpmoB0zFBhQ+hqszq7nnwHlkNO2
fTEuziDNv2iohTYrm6MC4+faJcobLLZzxz32/7kgXvyJfiGxUrnDAbiRcAo1L1Dh
j44GCbOo7YaQtayaQn9wYnclnrq76w0qfDHfxzIQXVyTyDAvrZAeevF34bYxcdWF
IRif1H4llhq8DXoFt49fmtKkyGXUtnJ73NOkcdizakRllX/+I1uU4n9Dk9zsLwpN
4I1wlxWasryCx2qxdSxc3mN8Ru7T35tRYrh0OJU7T1S7Z5XzrWfxAkbPv81FFJvk
nVwjBnTZ+Hq6wjyNLv/p7ZlVRnvrX9QbV7bv2u4C8y8HGjV0ZbbOnC5+uJPSMkF4
SfwpoawTe6JDBxFaQGV7TcVhn4Fi5shwJxlZiPAZcQ==
=oaHM
-----END PGP SIGNATURE-----


My intended audience at the outset was programmers. However, the reality of
the situation is that programmers are often responsible for configuring
systems.

So thank you. I'll check it out tonight and consider its inclusion.

Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.