DESIGN_REVIEW_QUERY = """ As a security expert, analyze the provided technical specification and perform the following steps in order:
STEP 1: Component Identification Carefully identify and list:
For each identified component, briefly describe:
| # GitHub Copilot Instructions for React and Next.js Projects | |
| This file provides guidelines for GitHub Copilot to ensure consistent, clean, and performant code generation for React and Next.js applications. | |
| ## General Principles | |
| - **Clean Code:** Prioritize **readability, maintainability, and reusability**. | |
| - **Conciseness:** Aim for concise and expressive code. | |
| - **Descriptive Naming:** Use clear and descriptive names for variables, functions, components, and files (e.g., `getUserProfile`, `ProductCard`, `useAuth`). | |
| - **DRY (Don't Repeat Yourself):** Extract reusable logic into functions, custom hooks, or components. |
| #!/bin/bash | |
| # 🚀 Discover More: Testing Your Firewall in 60 Seconds: A Lightweight WAF Testing Script That Anyone Can Use | |
| # Learn how this script works and the best practices for WAF testing. | |
| # Read the full article here: | |
| # 👉 https://medium.com/@kochuraa/testing-your-firewall-in-60-seconds-a-lightweight-waf-testing-script-that-anyone-can-use-a7a725fefcb7 | |
| # Safe WAF Tester Script | |
| # Usage: ./waf-smoke-test.sh <URL> [-o output.md] [-H "Header: Value"] | |
| # Examples: |
| # Dockerfile with Bad Security Practices | |
| # 1. Using a root user to run the container | |
| FROM ubuntu:latest | |
| USER root | |
| # 2. Installing all tools with one command | |
| # This approach often installs more than needed, increasing attack surface | |
| RUN apt-get update && apt-get install -y \ | |
| curl \ |
| # Requires: curl, jq | |
| # Download MITRE ATT&CK data from GitHub repository | |
| curl -o enterprise-attack.json https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json | |
| # List all ATT&CK object types | |
| jq -r '[ .objects[].type ] | unique | .[]' enterprise-attack.json | |
| # List all ATT&CK technique identifiers | |
| jq -r '[ .objects[] | select(.type == "attack-pattern") | .external_references[] | select(.source_name == "mitre-attack") | .external_id ] | sort | .[]' enterprise-attack.json |
| - Threat Modelling / Code Review — | |
| Resources-for-Application-Security | |
| How to prepare for a security engineer interview by Eray Mitrani | |
| Security_Engineer_Interview_Questions by Tad Whitaker | |
| Security Engineer - Interview Questions by Namish |
| :: Windows 10 Hardening Script | |
| :: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering. | |
| :: Obligatory 'views are my own'. :) | |
| :: Thank you @jaredhaight for the Win Firewall config recommendations! | |
| :: Thank you @ricardojba for the DLL Safe Order Search reg key! | |
| :: Thank you @jessicaknotts for the help on testing Exploit Guard configs and checking privacy settings! | |
| :: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater | |
| : |
| <!DOCTYPE html> | |
| <html lang="en"> | |
| <head> | |
| <!-- BLATANTLY STOLEN FROM https://getbootstrap.com/docs/4.1/examples/cover/ --> | |
| <title>Docker Workshop</title> | |
| <meta charset="utf-8"> | |
| <meta name="viewport" content="width=device-width, initial-scale=1"> | |
| <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css" integrity="sha384-MCw98/SFnGE8fJT3GXwEOngsV7Zt27NXFoaoApmYm81iuXoPkFOJwJ8ERdknLPMO" crossorigin="anonymous"> | |
| <style> | |
| /* |
You will need Docker installed! Here is a link to get you started. Proceed after you are done installing.
A list of interesting conferences for vulnerability researchers. See also: https://twitter.com/i/lists/1543557448123957249
| Name | Dates | Location | Site |
|---|---|---|---|
| DEF CON | 10-13/08/2023 | Las Vegas, USA | https://defcon.org/ |
| Black Hat USA | 09-10/08/2023 | Las Vegas, USA | https://www.blackhat.com/ |
| REcon | 03-05/06/2023 | Montreal, Canada | https://recon.cx/ |
| OffensiveCon | 19-20/05/2023 | Berlin, Germany | https://www.offensivecon.org/ |