Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SKF Training content has broken links. #811

Open
Quadr0N opened this issue Nov 6, 2022 · 0 comments
Open

SKF Training content has broken links. #811

Quadr0N opened this issue Nov 6, 2022 · 0 comments

Comments

@Quadr0N
Copy link

Quadr0N commented Nov 6, 2022

All the broken links are listed as below with steps to find them and text sample that contains the broken link:

Broken link steps: Training > Secure Development >EASY > What is Privacy and Why it is important
Broken Link: https://www.linuxfoundation.org/wp-content/uploads/2018/05/lf_gdpr_052418.pdf
Text containing the broken link:
European General Data Protection Regulation (GDPR)
The European General Data Protection Regulation (GDPR) protects the personal data of subjects who are in the European Union (EU). It applies whether or not the data processing occurs within the EU, and it applies whether or not the subjects are European citizens. As a result, the GDPR applies in many circumstances. The Linux Foundation has a summary of the GDPR that highlights issues important to software developers. Below we point out some GDPR basics from the Linux Foundation’s GDPR summary.

Broken link steps : Training > Secure Development > EASY > What is Privacy and Why it is important
Broken Link-1: https://www.cnil.fr/sites/default/files/atoms/files/cnil_guide_securite_personnelle_gb_web.pdf
Broken Link-2: https://www.linuxfoundation.org/wp-content/uploads/2018/05/lf_gdpr_052418.pdf
Text containing the broken link:
Under the GDPR, profiling is any form of automated processing that involves using personal data to evaluate aspects of that person. Profiling will usually require getting explicit consent
from the individual, which means also that the individual will be able to withdraw that consent at any time. Therefore, profiling activities will typically require a greater degree of review and protections for the applicable personal data.
Here are some resources for learning more about the GDPR:
• The [official EU site for the GDPR text]
• [“The Guide to the General Data Protection Regulation (GDPR)”]
• [“Solutions for a responsible use of the blockchain in the context of personal data”]
“Security of Personal Data
• The Linux Foundation, Summary of GDPR Concepts For Free and Open Source Software Projects
[California Online Privacy Protection Act, Chapter 22. Internet Privacy Requirements [22575-22579]]

Broken link steps: Training > Secure Development > EASY > Reusing External Software > Basics of Reusing Software
Broken Link: https://safecode.org/principles-of-software-assurance-assessment/
Text containing the broken link:
Consider using SAFECode’s guide Principles for Software Assurance Assessment (2019), which has a multi-tiered approach for examining the security characteristics of software.

Broken link steps: Training > Hacking web & API > EASY > Introduction > The OWASP Testing Project
Broken Link: https://www.it-cisq.org/the-cost-of-poor-quality-software-in-the-us-a-2018-report/The-Cost-of-Poor-Quality-Software-in-the-US-2018-Report.pdf
Text containing the broken link:
While estimating the cost of insecure software may appear a daunting task, there has been a significant amount of work in this direction. In 2018 the Consortium for IT Software Quality summarized:
...the cost of poor quality software in the US in 2018 is approximately $2.84 trillion…

Broken link steps: Training >Hacking web & API > EASY > Information Gathering > Enumerate Applications on webserver
Broken Link: https://www.domaintools.com/reverse-ip/
Text containing the broken link:
Reverse-IP services are similar to DNS inverse queries, with the difference that the testers query a web-based application instead of a name server. There are a number of such services available. Since they tend to return partial (and often different) results, it is better to use multiple services to obtain a more comprehensive analysis.
Domain Tools Reverse IP (requires free membership)
• DNSstuff (multiple services available)

Broken link steps: Training > Hacking web & API > EASY > Error handling testing >Test for improper error handling
Broken Link: https://secureby.design/assets/training/security_testing/slides/6-Appendix/C-Fuzz_Vectors.md
Text containing the broken link:
References
• **_WSTG: Appendix C - Fuzz Vectors_**
• Proactive Controls C10: Handle All Errors and Exceptions

Broken link Steps: Training > Hacking web & API > Competent > Input Validation Testing > Test for SQL injection approach SQL Server
Broken Link: https://secureby.design/assets/training/security_testing/slides/6-Appendix/C-Fuzz_Vectors.md
Text containing the broken link:
Alternatively, one may play lucky. That is the attacker may assume that there is a blind or out-of-band SQL injection vulnerability in a the web application. He will then select an attack vector (e.g., a web entry), use fuzz vectors against this channel and watch the response. For example, if the web application is looking for a book using a query

Broken link Steps: Training > Hacking web & API > Competent > Reporting pentesting >Reporting of findings
Broken Link: https://github.com/OWASP/wstg/tree/master/checklist
Text containing the broken link:
Appendices
Multiple appendices can be added, such as:
• Test methodology used.
• Severity and risk rating explanations.
• Relevant output from tools used.
○ Make sure to clean the output and not just dump it.
• A checklist of all the tests conducted, such as the WSTG checklist.

Broken link Steps: Training > Hacking web & API > Advaanced > Client-side Testing >Test for CSS Injection
Broken Link: http://eaea.sirdarckcat.net/cssar/v2/
Text containing the broken link:
The following pages provide examples of CSS injection vulnerabilities:
• Password "cracker" via CSS and HTML5
CSS attribute reading
• JavaScript based attacks using CSSStyleDeclaration with unescaped input

Broken link Steps: Training > OWASP > OWASP TOP 10 2021 > The OWASP top 10 2021 >Test for CSS Injection
Broken link Steps (same as above): Training > OWASP > OWASP TOP 10 2021 > Introduction > About OWASP >Test for CSS Injection
Broken Link: https://secureby.design/assets/training/owasp_top10/slides/TBA
Text containing the broken link:
The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications and APIs that can be trusted.
At OWASP, you'll find free and open:
• Application security tools and standards
• Cutting edge research
• Standard security controls and libraries
• Complete books on application security testing, secure code development, and secure code review
• Presentations and videos
• Cheat sheets
• Chapters meetings
• Events, training, and conferences
Google Groups

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant