Announcing the OWASP Top 10 for Large Language Models (AI) Project
arge Language Models (LLMs) are the underlying technology powering transformative AI technologies like OpenAI's ChatGPT and Google's Bard. These technologies have stormed onto the scene over the last few months. One thing that's become clear is that organizations developing using these technologies will have a new and dangerous set of security headaches to contend with.
Official page
GitHub
#useful
arge Language Models (LLMs) are the underlying technology powering transformative AI technologies like OpenAI's ChatGPT and Google's Bard. These technologies have stormed onto the scene over the last few months. One thing that's become clear is that organizations developing using these technologies will have a new and dangerous set of security headaches to contend with.
Official page
GitHub
#useful
👍4
Wireshark Display Filter HD.png
2.2 MB
Wireshark Mindmap pack
👍5
OWASP Web Application Penetration Checklist
his comprehensive checklist, from the Open Web Application Security Project (OWASP), is a valuable tool for penetration testers and developers alike.
It provides a systematic approach to identifying vulnerabilities, and can be used as a guide to help ensure that your web applications are as secure as possible.
#docs #web
his comprehensive checklist, from the Open Web Application Security Project (OWASP), is a valuable tool for penetration testers and developers alike.
It provides a systematic approach to identifying vulnerabilities, and can be used as a guide to help ensure that your web applications are as secure as possible.
#docs #web
🤔4👍1
OWASP Web Application Penetration Checklist.pdf
413.4 KB
OWASP Web Application Penetration Checklist
👍5
Forwarded from CyberSecBastion
DevSecOps Guides
Our guides cover a wide range of topics related to DevSecOps, including:
🔹Secure coding practices: Learn how to write code that is resistant to common security threats such as SQL injection, cross-site noscripting, and buffer overflow.
🔹Threat modeling: Learn how to identify potential security vulnerabilities in your applications and prioritize them based on their impact and likelihood of occurrence.
🔹Security testing: Learn about different types of security testing, such as penetration testing, vulnerability scanning, and code review, and how to incorporate them into your DevSecOps workflow.
🔹Infrastructure security: Learn about securing the infrastructure that supports your applications, including servers, networks, and databases.
🔹 Compliance and regulations: Learn about compliance requirements and regulations such as GDPR, HIPAA, and PCI-DSS
Our guides cover a wide range of topics related to DevSecOps, including:
🔹Secure coding practices: Learn how to write code that is resistant to common security threats such as SQL injection, cross-site noscripting, and buffer overflow.
🔹Threat modeling: Learn how to identify potential security vulnerabilities in your applications and prioritize them based on their impact and likelihood of occurrence.
🔹Security testing: Learn about different types of security testing, such as penetration testing, vulnerability scanning, and code review, and how to incorporate them into your DevSecOps workflow.
🔹Infrastructure security: Learn about securing the infrastructure that supports your applications, including servers, networks, and databases.
🔹 Compliance and regulations: Learn about compliance requirements and regulations such as GDPR, HIPAA, and PCI-DSS
👍5🔥3
Неплохо для новичков о базе построения DevSecOps
В статей дается обзор стадий базового workflow, ключевых инструментах анализа безопасности CD/CI процесса и некоторых контролях secure pipeline, которые must have
Источник
#SecDevOps
В статей дается обзор стадий базового workflow, ключевых инструментах анализа безопасности CD/CI процесса и некоторых контролях secure pipeline, которые must have
Источник
#SecDevOps
Хабр
Как превратить DevOps-пайплайн в DevSecOps-пайплайн. Обзор концепции Shift Left
Привет, Хабр! Меня зовут Алексей Колосков, я DevOps/Cloud-инженер в Hilbert Team. Вместе с моим коллегой Михаилом Кажемским в этой статье мы расскажем об особенностях DevSecOps-пайплайна и концепции...
👍4
Изменилась ли оплата труда в отечественном ИТ секторе за последние 6 - 9 месяцев (после начала санкций в РФ, миграции спецов зарубеж, курса на импортозамещение, инициатив правительтсва по стимуляции отраслии т.д.)?
Anonymous Poll
17%
Да, выросли ЗП, есть скачок спроса на кадры в отечественные компании
12%
ЗП поднялись только в некоторых компаниях, остальные на том же уровне что и было до зимы 2022
19%
Ничего не поменялось абсолютно - Москва в шоколаде, регионы в G@вне
9%
Стало только хуже, количество позиций уменьшилось, ЗП упали, конкуренция за вакансию больше
23%
Работаю за еду как и раньше
20%
Свой вариант (пиши в чат)
🔥7
Active Directory Security Assessment, 2023
Microsoft provides Active Directory Security Assessments for their customers, which is great, but unfortunately not everyone has the money nor the people to do these kind of Security Assess-ment, and since AD is the backbone of identities for many organizations.
Different examples from real world experience has been covered, where I have managed to see these misconfigurations in production environments.
#windows #audit
Microsoft provides Active Directory Security Assessments for their customers, which is great, but unfortunately not everyone has the money nor the people to do these kind of Security Assess-ment, and since AD is the backbone of identities for many organizations.
Different examples from real world experience has been covered, where I have managed to see these misconfigurations in production environments.
#windows #audit
👍4
Certified Ethical Hacker v 12 Exam Preparation. Sample Questions with Answers, Compiled by Mohammad Alkhudari
#useful
#useful
👍2🔥2
Certified Ethical Hacker Exam Preparation_CEH12_PDF.pdf
1.5 MB
Certified Ethical Hacker v 12 Exam Preparation. Sample Questions with Answers, Compiled by Mohammad Alkhudari
👍7