An open API service indexing awesome lists of open source software.

https://github.com/benjaminxscott/awesome-threats

A curated list of security threats and how to mitigate them
https://github.com/benjaminxscott/awesome-threats

List: awesome-threats

infosec security security-professionals

Last synced: 6 months ago
JSON representation

A curated list of security threats and how to mitigate them

Awesome Lists containing this project

README

          

# awesome-threats
A curated list of security threats and how to mitigate them

First, are you worried about [threats to the company you work for](#on-tech-company) or [threats to you personally](#what-kind-of-user-are-you)

## Non-tech company
TODO
- forcepatch windows and office
- work with sysadmins to fix servers
- sweep for unique services / processnames / dns lookups
- Lock down local admin and domain admin

## Tech company
TODO
- gsuite
- osquery
- endpoint management + malware detection

## Platform i.e. FB, Goog, Imgur
TODO
- iterate on abuse cases
- use AI to detect malware on platform

## Financial i.e. btc exchange or law firm
TODO
- Require 2FA for everyone
- Audit access

## What kind of user are you?
- [I am an average computer user and intel agencies aren't out to get me](#when-you-are-average)
- [I write code for a living](#when-you-develop-software)
- [I handle a lot of money on behalf of myself or my company](#when-you-handle-the-money)
- [BONUS: I'm worried intel agencies are out to get me](#when-youre-a-dissident)

## When You are Average
- [Get a Mac with Chrome or a Chromebook] (https://www.amazon.com/Chromebooks/b?ie=UTF8&node=2858603011)
- Use Google Drive or Dropbox instead of Word
- Install [AdBlockPlus](https://adblockplus.org/) and [DisconnectMe](https://disconnect.me/) and [Password Alert](https://chrome.google.com/webstore/detail/password-alert/noondiphcddnnabmjcihcjfbhfklnnep/)

## When You Develop Software
- Use input sanitization on any user-provided input
- Be careful when rendering HTML and doing redirects to mutable URLs
- Require valid API tokens for non-public endpoints and [rate limiting for public endpoints](https://nginx.org/en/docs/http/ngx_http_limit_req_module.html)
- Keep your servers and dependencies patched
- Give your webapp [end-to-end crypto](https://letsencrypt.org/getting-started/)

## When You Handle the Money
- Use a Mac or Chromebook
- Setup Two-Factor Authentication for wire transfers (if your bank supports it)

## When You're a Dissident
- Throw your phone away
- Make new freemail accounts from a library computer
- Contact a friendly embassy [or Amnesty Int'l](https://securitywithoutborders.org/)