Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/rustcohlnikov/awesome-frontend-security
☔️A curated list of tools, articles & resources to help take your frontend security to the next level. Feel free to contribute!
https://github.com/rustcohlnikov/awesome-frontend-security
List: awesome-frontend-security
appsec awesome awesome-list best-practices content-security-policy csp fe-sec frontend frontend-security npm-audit security
Last synced: about 2 months ago
JSON representation
☔️A curated list of tools, articles & resources to help take your frontend security to the next level. Feel free to contribute!
- Host: GitHub
- URL: https://github.com/rustcohlnikov/awesome-frontend-security
- Owner: rustcohlnikov
- License: cc0-1.0
- Created: 2019-10-16T07:47:22.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2022-07-29T03:44:10.000Z (over 2 years ago)
- Last Synced: 2024-05-20T20:43:37.753Z (7 months ago)
- Topics: appsec, awesome, awesome-list, best-practices, content-security-policy, csp, fe-sec, frontend, frontend-security, npm-audit, security
- Homepage:
- Size: 195 KB
- Stars: 65
- Watchers: 6
- Forks: 5
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE.md
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
- awesome-security-awesome - awesome-frontend-security
- ultimate-awesome - awesome-frontend-security - ☔️A curated list of tools, articles & resources to help take your frontend security to the next level. Feel free to contribute!. (Other Lists / Monkey C Lists)
README
[![Awesome](https://awesome.re/badge-flat2.svg)](https://github.com/sindresorhus/awesome)
## Contents
- [Code](#code)
- [Linters](#linters)
- [Sanitizers](#sanitizers)
- [Serializers](#serializers)
- [Dependencies](#dependencies)
- [Headers](#headers)
- [Content-Security-Policy](#content-security-policy)
- [X-XSS-Protection](#x-xss-protection)
- [X-Frame-Options](#x-frame-options)
- [Articles](#articles)
- [Other lists](#other-lists)## Code
- [JavaScript Secure Coding Practices](https://checkmarx.gitbooks.io/js-scp/content/) - A guide written for anyone who is using the JavaScript for web development.
- [Security Policy](https://help.github.com/en/articles/adding-a-security-policy-to-your-repository) - How to add a security policy to your Github repository.
- [AJAX Security Cheatsheet](https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/AJAX_Security_Cheat_Sheet.md) - A starting point for AJAX security.### Linters
- [`eslint-plugin-security`](https://github.com/nodesecurity/eslint-plugin-security) - ESLint rules for Node Security.
- [`eslint-plugin-no-unsanitized`](https://github.com/mozilla/eslint-plugin-no-unsanitized) - ESLint rules to disallows unsafe innerHTML, outerHTML, insertAdjacentHTML and alike.
- [`eslint-config-sec`](https://github.com/rustcohlnikov/eslint-config-sec) - ESLint rules for writing safe and secure client code.### Sanitizers
- [`dompurify`](https://github.com/cure53/DOMPurify) - XSS sanitizer for HTML, MathML and SVG
- [`sanitize-html`](https://github.com/apostrophecms/sanitize-html) - Clean up user-submitted HTML.### Serializers
- [`serialize-javascript`](https://github.com/yahoo/serialize-javascript) - Serialize JavaScript safely - HTML characters and JS line terminators are escaped automatically.## Dependencies
- [`audit-ci`](https://github.com/IBM/audit-ci) - NPM and Yarn dependencies audit for CI/CD.
- [`dtrack-audit`](https://github.com/ozonru/dtrack-audit) - OWASP Dependency Track API client for CI/CD.
- [Github Automated Security Fixes](https://help.github.com/en/articles/configuring-automated-security-fixes) - How to use automated or manual pull requests to easily update vulnerable dependencies.
- [Vulnerable Dependency Management](https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Vulnerable_Dependency_Management_Cheat_Sheet.md#tools) - About tools for detecting vulnerable third-party dependencies.## Headers
- [Security Headers](https://securityheaders.com/) - Check your website's HTTP response headers for security.### Content-Security-Policy
#### 📚Learn
- [MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) - An article on MDN.
- [CSP Is Dead, Long Live CSP!](https://storage.googleapis.com/pub-tools-public-publication-data/pdf/45542.pdf) - On the Insecurity of Whitelists and the Future of Content Security Policy.
- [Strict CSP](https://csp.withgoogle.com/docs/strict-csp.html) - To get real value out of CSP, your policy must prevent the execution of untrusted scripts.#### 🧪Create
- [Webpack CSP configuration](https://webpack.js.org/guides/csp/) - Webpack is capable of adding nonce(number used once) to all scripts that it loads.
- [`csp-html-webpack-plugin`](https://github.com/slackhq/csp-html-webpack-plugin) - Generates meta content for your Content Security Policy tag.
- [CSP Hash Generator](https://report-uri.com/home/hash) - Script and style hasher for `script-src` and `style-src` directives to disallow inline scripts and styles. More [here](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#Unsafe_inline_script).#### 🔍Validate
- [CSP Evaluator](https://csp-evaluator.withgoogle.com/) - Paste your policy and check if its safe and strong enough.
- [CSP Header Inspector](https://cspvalidator.org) - Validate your policies as served from the given URL.
- [CSP Tester](https://github.com/yandex/csp-tester) - Browser extension for testing Content Security Policy (CSP).#### 🤔Analyse
- [CSP WTF?](https://github.com/nico3333fr/CSP-useful/blob/master/csp-wtf/explained.md) - Explanations for strange CSP Report notifications.### X-XSS-Protection
#### 📚Learn
- [MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection) - An article on MDN.### X-Frame-Options
#### 📚Learn
- [MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options) - An article on MDN.## Articles
- [Trusted Types help prevent Cross-Site Scripting](https://developers.google.com/web/updates/2019/02/trusted-types) - About new browser API that might help obliterate DOM XSS.
- [Cybersecurity threatscape](https://www.ptsecurity.com/ww-en/analytics/cybersecurity-threatscape-2019-q2/) - Positive Technologies' quarter report on cyber threats and recommendations on how to stay safe.
- [The Most Common XSS Vulnerability in React.js Applications](https://medium.com/node-security/the-most-common-xss-vulnerability-in-react-js-applications-2bdffbcc1fa0)## Other lists
- [CSP useful](https://github.com/nico3333fr/CSP-useful) - A collection of parsers, examples and tips for Content Security Policy.
- [Awesome Web Security](https://github.com/qazbnm456/awesome-web-security) - A curated list of Web Security materials and resources.## License
[![CC0](http://mirrors.creativecommons.org/presskit/buttons/88x31/svg/cc-zero.svg)](http://creativecommons.org/publicdomain/zero/1.0)