Image from needpix.com
This digital handbook was crafted by the GuideSmith team in order to provide a simple and easy guide for newcomers.
This handbook was made based in our current stack and needs in our day to day activities…
Stack in scope
For this guide the current stack in scope is:
- HTML, CSS, JS (up to es2020)
- React
- Nodejs
- NPM
- Docker
- Express
- Git/GitHub/Gitlab…
- JWT, Sessions, etc…
Roadmap
This handbook is under construction. We have two main releases in scope:
- Release v0.1.0 (Cap’n Crunch whistle)
- Release v1.0.0 (Blue Box)
The most critical sections will be covered in the v0.1.0. The rest of the sections will be finished for v1.0.0.
Important
Sections
1. About Cybersecurity
ℹ️ This section will be part of 0.1.0 Release
2. Notable Security Incidents
A great collection of security incidents that happened in the Node.js, JavaScript and npm related communities from lirantal/awesome-nodejs-security and other resources.
3. OWASP Top 10
The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.
OWASP Top 10
This section customized for our stack using/mixing/re-writing the following guides:
4. Attacks explained
5. Security Design
6. OWASP Proactive Controls
ℹ️ This section will be part of 1.0.0 Release
The OWASP Top Ten Proactive Controls 2018 is a list of security techniques that should be included in every software development project. They are ordered by importance, with control number 1 being the most important. This document was written by developers for developers to assist those new to secure development practices.
OWASP Top Ten Proactive Controls 2018
This is section customized for our stack using/mixing/re-writing the following guides:
We simply adapted and extended the Official documentation from Helmet. We also included extra headers that are not present in the Helmet middleware
8. Best practices
ℹ️ This section will be part of 0.1.0 Release
9. Tooling
This section is a selection of relevant tools for cybersecurity, we extended several awesome lists in order to get the most complete list of tools.
10. Checklists
ℹ️ This section will be part of 1.0.0 Release
11. Testing Guides
ℹ️ This section will be part of 1.0.0 Release
12. Cheat Sheets
We made a great list of useful cheatsheets to use in our day to day activities. We expect to create our own soon.
13. Resources
Great resources to learn more about cybersecurity for our stack.
14. Acknowledgments and credits
This guide was only possible because a lot of people have made a huge effort to share their knowledge with the community. ❤️
🎉 This Guide is open to contributions! 🎉
Please follow the Code of Conduct and read the Contributing guide.