A community curated list of application security resources for Vapor developers.
Contribute by submitting a pull request with changes or post resources in the #security channel in Vapor Discord.
- Tutorial: How to build Basic Auth with Session – Martin Lasek – Medium
- Basic Authentication with Vapor 3 – Rocket Fuel – Medium
- Token Authentication in Vapor 3 - Vapor Forums
- Username/Password Authentication in Vapor 3 - Vapor Forums
- HTTP Basic Authorization in Vapor 3 - Vapor Forums
- brokenhandsio/vapor-oauth-fluent - Fluent Implementations For Vapor OAuth
- brokenhandsio/vapor-oauth - OAuth2 Provider Library for Vapor
- brokenhandsio/VaporSecurityHeaders - Harden Your Security Headers For Vapor
- gotranseo/vapor-recaptcha - A Vapor 3 library for validating Google reCAPTCHA submissions
- vapor-community/bcrypt - Swift implementation of the BCrypt password hashing function
- vapor-community/CSRF - A package to add protection to Vapor against CSRF attacks
- vapor-community/Imperial - Federated Authentication with OAuth providers
- vapor-community/moat - A line of defense for your Vapor application including XSS attack filtering + extras.
- vapor-community/tls - Non-blocking, event-driven TLS built on OpenSSL & macOS security
- vapor/auth - Authentication and Authorization layer for Fluent
- Open Web Application Security Project (OWASP) - An open source community project that provides impartial, practical information about application security
- OWASP Top Ten Project - The top 10 most critical web application security risks
- paragonie/awesome-appsec - A curated list of resources for learning about application security
- qazbnm456/awesome-web-security - A curated list of Web Security materials and resources
- andriisoldatenko/awesome-security-testing - A collection of awesome Security testing resources
- PaulSec/awesome-sec-talks - A curated list of awesome Security talks
- The Web Application Hacker’s Handbook - Comprehensive guide to security testing web applications
- Web Hacking 101 by Peter Yaworski - Explains common web vulnerabilities and exploit techniques by analyzing publicly disclosed vulnerabilities.
- Breaking into Information by Andy Gill - Beginner guide to web application penetration testing
- Simpsonpt/AppSecEzine: AppSec Ezine - Overview of the latest topics in application security
- Zero Daily - HackerOne - Daily newsletter focusing on focus on application security and bug bounty topics
- danielmiessler/SecLists - A collection of multiple types of lists used during security assessments
- Using Burp to Test for the OWASP Top Ten - A tutorial on how to use Burp Suite to find the vulnerabilities listed in the OWASP Top 10
- OWASP Testing Guide v4 - A guide on how to perform Web Application Penetration Testing
- Application Security Weekly - Paul’s Security Weekly - Podcast that explains development to security professionals
- Application Security PodCast - Podcast that explain the fundamentals of application security
- Burp Suite - PortSwigger - Intercepting proxy and suite of web application security tools
- OWASP Zed Attack Proxy (ZAP) - Free and open source web application testing tool
- Let’s Encrypt - A free, automated, and open Certificate Authority.
- security.txt - A proposed standard which allows websites to define security policies