Resources
- “OWASP Top 10 Web Security Risks”
- Try the XSS example on the transcript server (Try it in Edge!) This link might be annoying, but is not malicious.
- “Bypassing Airport Security via SQL Injection”
- A good video on public and private keys
- Report on the eslint 2018 Attack
- “Reflections on Trusting Trust” (1984)
- “Running the “Reflections on Trusting Trust” Compiler” (2023)
- “What are Weak Links in the npm Supply Chain?”
- “Why secret detection tools are not enough: It’s not just about false positives - An industrial case study”
- “A comparative study of vulnerability reporting by software composition analysis tools”
- “Practical Automated Detection of Malicious npm Packages”
- Podcast on SolarWinds attack
- Security awareness/training activity: OWASP Juice Shop, online demo