Bust-A-Kube CTF: attacking and defending Kubernetes https://www.youtube.com/watch?v=2fmAuR3rnBo
Modern password security for system designers https://cloud.google.com/solutions/modern-password-security-for-system-designers.pdf
Small Python library that makes it easy to exploit race conditions in web apps with Requests https://github.com/nccgroup/requests-racer
Free hackademy from Intigriti launches today https://twitter.com/intigriti/status/1171787597124947968?s=08
Some start measures one can take to mitigate the possibility of getting servers hacked https://askubuntu.com/questions/1139459/is-someone-trying-to-hack-my-server/1139463#1139463
Mozilla Tutorial for Django web application security: https://developer.mozilla.org/en-US/docs/Learn/Server-side/Django/web_application_security
Dlint is a tool for encouraging best coding practices and helping ensure we're writing secure Python code: https://github.com/duo-labs/dlint
A collection of Django security-related tools and topics. If you are concerned about security and use django for productivity, this can be of help. https://github.com/vintasoftware/awesome-django-security
Google's extension to check for breached credentials https://www.blog.google/technology/safety-security/google-password-checkup-cross-account-protection/
Asim Hussain's very educative talk on ng-conf: 3 web app hacking cases. https://www.youtube.com/watch?v=C7D4WTLNEUQ
Python Security Best Practices Cheat Sheet https://snyk.io/blog/python-security-best-practices-cheat-sheet/
Awesome Python Security https://github.com/guardrailsio/awesome-python-security/blob/master/README.md
Awesome Python Security resources https://github.com/guardrailsio/awesome-python-security
An awesome security checklist written by Sqreen folks that you should definitely take a look into https://www.sqreen.io/checklists/saas-cto-security-checklisthttps://www.sqreen.io/checklists/saas-cto-security-checklist
Very good talk about security on web apps https://www.youtube.com/watch?v=C7D4WTLNEUQ
You should try this lib in order to keep your Rest API safe https://github.com/flipkart-incubator/Astra
You should be careful when naming your heroku apps https://www.varvet.com/blog/the-oh-shit-moment/
New browser features to secure Single Page Applications: https://techblog.commercetools.com/web-security-for-single-page-applications-great-impact-with-little-effort-a7a506cec20b
10 common security gotchas in Python and how to avoid them: https://hackernoon.com/10-common-security-gotchas-in-python-and-how-to-avoid-them-e19fbe265e03
Auto-incremented primary keys are not very safe, consider using uuid https://medium.com/@jdedek/using-uuids-as-primary-keys-ca1fb409bb7c
BinaryAlert: Serverless, Real-time & Retroactive Malware Detection https://github.com/airbnb/binaryalert
Process untrusted XML safely with defusedxml Python lib: https://github.com/tiran/defusedxml
Let users paste passwords: https://www.ncsc.gov.uk/blog-post/let-them-paste-passwords
Hacking your own password hashes to test security: https://blog.codinghorror.com/hacker-hack-thyself/
HTTPOnly flag on the session cookies helps to prevent XSSs from escalating to session hijack: https://docs.djangoproject.com/en/1.10/ref/settings/#std:setting-SESSION_COOKIE_HTTPONLY
SHA1 first collision was generated. You should be using SHA256: https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
Use this lib to estimate password strength in Python: https://github.com/dwolfhub/zxcvbn-python