This description is totally incorrect:

LunaSec - Database for PII with automatic encryption/tokenization, sandboxed components for handling data, and centralized authorization controls.

Best regards
Yuli

Is it worth including the canonicle list in your list? Seems like it would make sense.

This API has been unmaintained for several years, I'm the new owner and keeping it maintained now

• The API code
• Now official
• Official announcement
• Main issue
• Main PR
• What's changed

Interested in a PR?

BusKill is an open-source hardware and software project that uses a hardware tripwire/dead-man-switch (a usb cable with a magnetic breakaway) to trigger your computer to lock or shutdown if the user is physically separated from their machine.

• https://github.com/BusKill/buskill-app

The following guide describes how BusKill can be configured to wipe the LUKS Header (containing the FDE key) and its metadata. It shows a video demo where the machine wiped the keys & powered-off in <6 seconds, and it includes a post-execution forensic analysis in Kali with bulk_extractor

• https://www.buskill.in/luks-self-destruct/

Please consider adding this tool to your list. I'd recommend adding it under Forensics or under a new category Anti-Forensics or Hardware.

Thanks for your great list. It made me decide to fully delegate to this repo for Security-related stuff (related issue: humanetech-community/awesome-humane-tech#35). The curation needs expertise I do not have, and the field is way larger than what I'd wish to include.

This inclusion means that you are now eligible to wear our 'humanetech' badge - if you like that - by placing this somewhere on your README:

[![Awesome Humane Tech](https://raw.githubusercontent.com/humanetech-community/awesome-humane-tech/main/humane-tech-badge.svg?sanitize=true)](https://github.com/humanetech-community/awesome-humane-tech)

Which yields:

The change also means entries have been removed from awesome-humane-tech. Some of them don't exist here but seem a good fit, and if you could indicate if they are good candidates I can PR them. These projects are:

• NoScript Security Suite - Mozilla-based browser plugin to only allow active content from white-listed websites.
• PRISM Break - Security and privacy-aware alternatives to proprietary software.
• Security Checklist - Checklist of resources designed to improve your online privacy and security.

An unknown error occurred.
APT was unable to find this package.
Please try refreshing your sources
Error = 2 Permission denied No such
file or directory
/var/jb/usr/bin/apt-get

And this also,
An unknown error occurred.
APT was unable to find this package.
Please try refreshing your sources
Error = 2 No such file or directorv No
such file or directory
/var/jb/usr/bin/apt-get

Originally posted by @TnmSarun in pinauten/Fugu15#81

AWS Web Application Firewalls (WAFs) protect web applications and APIs from typical attacks from the Internet that can compromise security and availability, and put undue strain on servers and resources. The AWS WAF provides prebuilt security rules that help control bot traffic and block attack patterns. You can also create your own rules based on your own requirements. In simple scenarios and for smaller applications, this is very easy to implement on an individual basis. However, in larger environments with tens or even hundreds of applications, it is advisable to aim for central governance and automation. This simple solution helps you deploy, update and stage your Web Application Firewalls while managing them centrally via AWS Firewall Manager.

https://github.com/globaldatanet/aws-firewall-factory/tree/master

https://github.com/certtools/intelmq/

The following links are broken in the README.md

In ./README.md on line 254, link: http://mig.mozilla.org/
In ./README.md on line 272, link: http://torstatus.blutmagie.de/
In ./README.md on line 306, link: https://spyse.com/
In ./README.md on line 337, link: https://api.github.com/repos/apps/guardrails
In ./README.md on line 429, link: https://amzn.to/2uWh1Up
In ./README.md on line 268, link: https://www.dshield.org/reports.html
In ./README.md on line 265, link: http://doc.emergingthreats.net/bin/view/Main/EmergingFAQ

The info above was generated from the workflow I pull requested in #225. Thought you would find it useful to have this list whether or not you accept the PR.

Hi, we just developed a tool for developers to be aware of Supply Chain Security - Overlay:

Since there is no specific awesome list for Supply Chain Security, I'm thinking about adding it here.

Under which category should I add it?

@

Hello, I wrote a tool that can validate README links (valid URLs, not duplicate). It can be run when someone submits a pull request.

It is currently being used by

• https://github.com/vsouza/awesome-ios
• https://github.com/matteocrippa/awesome-swift
• https://github.com/dkhamsing/open-source-ios-apps

Examples

• https://travis-ci.org/matteocrippa/awesome-swift/builds/96526196 ok ✅
• https://travis-ci.org/matteocrippa/awesome-swift/builds/96722421 link redirected / rename 🔴
• https://travis-ci.org/dkhamsing/open-source-ios-apps/builds/96763135 bad link / project deleted 🔴
• https://travis-ci.org/dkhamsing/open-source-ios-apps/builds/95754715 dupe 🔴

If you are interested, connect this repo to https://travis-ci.org/ and add a .travis.yml file to the project.

See https://github.com/dkhamsing/awesome_bot for options, more information
Feel free to leave a comment 😄

#191

https://github.com/khast3x/Redcloud

https://www.enisa.europa.eu/publications/smartphone-secure-development-guidelines-2016

Good document to include here I'd say.

Adding SecApps would be nice. Alternatively, it would be possible to go through and add some the individual tools referenced there.

https://github.com/owasp/nodegoat has a docker image which I've done quite a bit of work on and works well, may be worth adding. Let me know if you would rather have a PR?

Here is the wiki around security regression testing for NodeGoat <-> ZAP that has a video teaser also.

Hi,

You can add Karma to your list.

Karma is a free web solution that can be used to add the organization assets (domains, websites, networks, etc), and Karma periodically search this assets on various Threat Intelligence Feeds and reports if any of this assets is listed.

Also, Karma alerts on bad configurations, like DNS open zone transfers, bad SSL configurations and more.

Link: https://karma.securetia.com

Regards!

Hi,

I just noticed this list and linked to it from my awesome-sysadmin repo.

There were some duplicates, but my list had some tools which are not already on here. I'm not sure where to sort them though – here's the list, in italics behind the entries are my suggestions on where to sort it.

Please tell me where these tools belong (or if they're not awesome enough) and I come up with a short description and create a PR.

• Blackbox - Safely store secrets in Git/Mercurial. Provides tooling to automatically encrypt secrets like passwords. _DevOps?_
• Denyhosts - Thwart SSH dictionary based attacks and brute force attacks. _IPS_
• Fail2Ban - Scans log files and takes action on IPs that show malicious behavior. _IPS_
• FIR - Fast Incident Response, a cybersecurity incident management platform. _SIEM_
• fwknop - Protects ports via Single Packet Authorization in your firewall. _IPS/Firewall?_
• Linux Malware Detect - A malware scanner for Linux designed around the threats faced in shared hosted environments. _Scanner_
• Nmap - Nmap is a free and open source utility for network discovery and security auditing. _Scanner_
• OSQuery - Query your servers status and info using a SQL like interface. _DevOps?_
• pfSense - Firewall and Router FreeBSD distribution. _IPS/Firewall?_
• SpamAssassin - A powerful and popular email spam filter employing a variety of detection technique. _not sure_
• SSHGuard - A software to protect services in addition to SSH, written in C _IPS_

I suggest to add a new category "Firewall" to distinguish that from IDS/IPS.

I'd love to see and be able to contribute to a VPS section. Items like OSSEC are really Host IDS rather than Network IDS. There are also other offerings very similar to Snyk that are free and open source.

Source for my books:
https://github.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle0
https://github.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1

Just wondering where stealth is on the list of HIDS?

I've had very good success with it, and have tried a bunch of HIDS and evaluated them based on use within my networks.

With clear guidelines when and how to contribute.

See https://github.com/sindresorhus/awesome/blob/master/awesome.md#include-contribution-guidelines

Under https://github.com/sbilly/awesome-security#mobile--android--ios adding project "hardened_malloc" would be nice.

Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-based platforms. It will gain more portability / integration over time.

https://github.com/GrapheneOS/hardened_malloc

Amass is the most In-depth subdomain enumeration tool and performs DNS OSINT. This could fall under 'Scanning / Pentesting' on your awesome list. The Amass project can be found using the link below:

https://github.com/caffix/amass

Thanks in advance!

C-Shopping-RN APP

This is a complete App developed by React Native (Expo). It is a beautiful e-commerce shopping application.

Use technology

• React Native
• Redux Toolkit
• RTK Query
• Expo Router
  -NativeWind

App open source address: https://github.com/huanghanzhilian/c-shopping-rn
Full stack open source address: https://github.com/huanghanzhilian/c-shopping

🚀 Claim Your $1000 in $PYTH

• 🌐 600,000,000 PYTH Tokens Up for Grabs!
• 🔗 Pyth Network: Your Gateway to Reliable Market Data

🔍 Eligible Participants:

• EVM Ecosystem (Ethereum)

📌 Follow the Step-by-Step Guide to Claim Your PYTH Tokens!

1. Share on Social Media:

   • Twitter:
     Share on Twitter

   • Reddit:
     Share on Reddit

2. Connect Your Wallet:

   • Visit the $PYTH Airdrop.
   • Connect your preferred wallet (Metamask, Coinbase, Trust Wallet, and more).

3. Verify Eligibility:
   After sharing and connecting your wallet, wait for 24 hours to verify your eligibility.