Cybersecurity Handbook
WelcomeScopeContentContributing
About Cybersecurity
Notable Security Incidents
OWASP Top 10
Attacks explained
Security Design
OWASP Proactive Controls
HTTP Headers
Best practices
Tooling
Checklists
Testing GuidesCheat SheetsResourcesAcknowledgments and credits

Cybersecurity handbook

Cover image Image from needpix.com

Scope

This digital handbook was crafted by the GuideSmith team in order to provide a simple and easy guide for newcomers.

This handbook was made based in our current stack and needs in our day to day activities...

Stack in scope

For this guide the current stack in scope is:

  • HTML, CSS, JS (up to es2020)
  • React
  • Nodejs
  • NPM
  • Docker
  • Express
  • Git/GitHub/Gitlab...
  • JWT, Sessions, etc...

Content

Roadmap

This handbook is under construction. We have two main releases in scope:

  • Release v0.1.0 (Cap'n Crunch whistle)
  • Release v1.0.0 (Blue Box)

The most critical sections will be covered in the v0.1.0. The rest of the sections will be finished for v1.0.0.

Important

Sections

1. About Cybersecurity

ℹ️ This section will be part of 0.1.0 Release

2. Notable Security Incidents

A great collection of security incidents that happened in the Node.js, JavaScript and npm related communities from lirantal/awesome-nodejs-security and other resources.

3. OWASP Top 10

The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications. OWASP Top 10

This section customized for our stack using/mixing/re-writing the following guides:

4. Attacks explained

5. Security Design

6. OWASP Proactive Controls

ℹ️ This section will be part of 1.0.0 Release

The OWASP Top Ten Proactive Controls 2018 is a list of security techniques that should be included in every software development project. They are ordered by importance, with control number 1 being the most important. This document was written by developers for developers to assist those new to secure development practices. OWASP Top Ten Proactive Controls 2018

This is section customized for our stack using/mixing/re-writing the following guides:

7. HTTP Headers

We simply adapted and extended the Official documentation from Helmet. We also included extra headers that are not present in the Helmet middleware

8. Best practices

ℹ️ This section will be part of 0.1.0 Release

9. Tooling

This section is a selection of relevant tools for cybersecurity, we extended several awesome lists in order to get the most complete list of tools.

10. Checklists

ℹ️ This section will be part of 1.0.0 Release

11. Testing Guides

ℹ️ This section will be part of 1.0.0 Release

12. Cheat Sheets

We made a great list of useful cheatsheets to use in our day to day activities. We expect to create our own soon.

13. Resources

Great resources to learn more about cybersecurity for our stack.

14. Acknowledgments and credits

This guide was only possible because a lot of people have made a huge effort to share their knowledge with the community. ❤️

Contributing

🎉 This Guide is open to contributions! 🎉

Please follow the Code of Conduct and read the Contributing guide.