Search: [security] - Fabians Bookmarks

An Illustrated Guide to OAuth - by Aditya Bhargava

oauth webdev security

December 5, 2025 at 18:53:07 GMT+1*

https://www.ducktyped.org/p/an-illustrated-guide-to-oauth

OAuth2 - OWASP Cheat Sheet Series

oauth security webdev webstandards

June 11, 2025 at 13:05:04 GMT+2*

https://cheatsheetseries.owasp.org/cheatsheets/OAuth2_Cheat_Sheet.html#pkce-proof-key-for-code-exchange-mechanism

Signing Git Commits with Your SSH Key

git security ssh encryption softwareengineering webdev

April 14, 2024 at 17:44:10 GMT+2*

https://calebhearth.com/sign-git-with-ssh

Data Pseudonymisation: Advanced Techniques and Use Cases — ENISA

This report, building on the basic pseudonymisation techniques, examines advanced solutions for more complex scenarios that can be based on asymmetric encryption, ring signatures and group pseudonyms, chaining mode, pseudonyms based on multiple identifiers, pseudonyms with proof of knowledge and secure multi-party computation. It then applies some of these techniques in the area of healthcare to discuss possible pseudonymisation options in different example cases. Lastly, it examines the application of basic pseudonymisation techniques in common cybersecurity use cases, such as the use of telemetry and reputation systems.

security cybersecurity infosec encryption pseudonymisation privacy anonymity data eu scrypt argon2 hashing

April 2, 2024 at 17:45:20 GMT+2*

https://www.enisa.europa.eu/publications/data-pseudonymisation-advanced-techniques-and-use-cases/

Compare strings the right way

python webdev security unicode

January 11, 2024 at 23:49:39 GMT+1*

https://www.b-list.org/weblog/2023/dec/23/compare-python-strings/

Password Storage - OWASP Cheat Sheet Series

This cheat sheet advises you on the proper methods for storing passwords for authentication. When passwords are stored, they must be protected from an attacker even if the application or database is compromised. Fortunately, a majority of modern languages and frameworks provide built-in functionality to help store passwords safely.

However, once an attacker has acquired stored password hashes, they are always able to brute force hashes offline. Defenders can slow down offline attacks by selecting hash algorithms that are as resource intensive as possible.

To sum up our recommendations:

Use Argon2id with a minimum configuration of 19 MiB of memory, an iteration count of 2, and 1 degree of parallelism.
If Argon2id is not available, use scrypt with a minimum CPU/memory cost parameter of (2^17), a minimum block size of 8 (1024 bytes), and a parallelization parameter of 1.
For legacy systems using bcrypt, use a work factor of 10 or more and with a password limit of 72 bytes.
If FIPS-140 compliance is required, use PBKDF2 with a work factor of 600,000 or more and set with an internal hash function of HMAC-SHA-256.
Consider using a pepper to provide additional defense in depth (though alone, it provides no additional secure characteristics).

hashing passwords security scrypt argon2

November 18, 2023 at 22:13:22 GMT+1*

https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#scrypt

Key derivation function - Wikipedia

As of May 2023, OWASP recommends the following KDFs for password hashing, listed in order of priority:

Argon2id
scrypt if Argon2id is unavailable
bcrypt for legacy systems
PBKDF2 if FIPS-140 compliance is required

https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html

security passwords hashing scrypt argon2 pbkdf2

November 18, 2023 at 22:12:31 GMT+1*

https://en.wikipedia.org/wiki/Key_derivation_function

Dangerzone

Take potentially dangerous PDFs, office documents, or images and convert them to safe PDFs.

pdf security

February 21, 2022 at 21:17:08 GMT+1

https://dangerzone.rocks/

Metadata Cleaner • View and clean metadata in your files.

Metadata within a file can tell a lot about you. Cameras record data about when and where a picture was taken and which camera was used. Office applications automatically add author and company information to documents and spreadsheets. This is sensitive information and you may not want to disclose it.

Metadata Cleaner allows you to view metadata in your files and to get rid of it, as much as possible.

security software linux

February 21, 2022 at 21:16:47 GMT+1

https://metadatacleaner.romainvigier.fr/

Romain / Metadata Cleaner · GitLab

Python GTK application to view and clean metadata in files, using mat2 · https://metadatacleaner.romainvigier.fr/

security python linux software

February 21, 2022 at 21:16:18 GMT+1

https://gitlab.com/rmnvgr/metadata-cleaner

jvoisin / mat2 · GitLab

mat2 is a metadata removal tool, supporting a wide range of commonly used file formats, written in python3: at its core, it's a library, used by an eponymous command-line interface, as well as several file manager extensions.

security privacy python

April 8, 2021 at 00:28:07 GMT+2

https://0xacab.org/jvoisin/mat2

Reproducible Builds — a set of software development practices that create an independently-verifiable path from source to binary code

development reproducible software code compilers programming security opensource freesoftware

August 14, 2020 at 20:03:58 GMT+2

https://reproducible-builds.org/

PKCE vs. Nonce: Equivalent or Not? - danielfett.de

Do PKCE and Nonce provide similar levels of protection? #OAuth #OIDC #Security

oauth

May 20, 2020 at 11:09:44 GMT+2

https://danielfett.de/2020/05/16/pkce-vs-nonce-equivalent-or-not/

Just Delete Me | A directory of direct links to delete your account from web services.

privacy internet security account delete via:popular

September 3, 2019 at 17:45:23 GMT+2

https://backgroundchecks.org/justdeleteme/

Security/Server Side TLS - MozillaWiki

The goal of this document is to help operational teams with the configuration of TLS. All Mozilla websites and deployments should follow the recommendations below.

Mozilla maintains this document as a reference guide for navigating the TLS landscape, as well as a configuration generator to assist system administrators. Changes are reviewed and merged by the Mozilla Operations Security and Enterprise Information Security teams.

security ssl sysadmin web tls

July 30, 2019 at 12:38:59 GMT+2

https://wiki.mozilla.org/Security/Server_Side_TLS

You (probably) don’t need ReCAPTCHA | kevv.net

spam captcha google recaptcha security webdev via:popular

June 13, 2019 at 13:10:13 GMT+2

https://kevv.net/you-probably-dont-need-recaptcha/

sts10/medic: A Rust CLI that checks the passwords of a KeePass database

rust keepass security passwords

May 8, 2019 at 11:40:05 GMT+2

https://github.com/sts10/medic

slides-104-secdispatch-the-masque-protocol-draft-schinazi-masque-00

ietf quic http privacy security vpn masque dns doh

April 23, 2019 at 22:15:45 GMT+2

https://datatracker.ietf.org/meeting/104/materials/slides-104-secdispatch-the-masque-protocol-draft-schinazi-masque-00

draft-schinazi-masque-00 - The MASQUE Protocol

This document describes MASQUE (Multiplexed Application Substrate
over QUIC Encryption). MASQUE is a mechanism that allows co-locating
and obfuscating networking applications behind an HTTPS web server.
The currently prevalent use-case is to allow running a VPN server
that is indistinguishable from an HTTPS server to any unauthenticated
observer. We do not expect major providers and CDNs to deploy this
behind their main TLS certificate, as they are not willing to take
the risk of getting blocked, as shown when domain fronting was
blocked. An expected use would be for individuals to enable this
behind their personal websites via easy to configure open-source
software.

ietf quic http privacy security vpn masque dns doh

April 23, 2019 at 22:15:35 GMT+2

https://tools.ietf.org/html/draft-schinazi-masque-00

Markus Holtermann — Logging Rethought

Alright @DjangoConEurope, here are my slides (), a write-up (), and t…

django python logging structlog security djangocon

April 10, 2019 at 13:30:36 GMT+2

https://markusholtermann.eu/2019/04/logging-rethought/