IT Security (MoC) - DeveloPassion

# IT Security (MoC) ## Overview ## Notes   - [[2FAS]] - [[Attack surface]] - [[Attack vectors]] - [[Authorization best practices (Article)]] - [[Automate the validation of the correspondence between the ID in the request URL (if present) and the ID in the payload]] - [[Dependency Confusion]] - [[Deploying TLS certificates for local development and production using Kubernetes, cert-manager, mkcert and Let’s Encrypt (Article)]] - [[Fail2Ban]] - [[frizbee (CLI)]] - [[How to use a proxy to bypass firewalls in corporate environments (Article)]] - [[Input validation with NestJS (Article)]] - [[Laravel Fortify]] - [[Laravel Socialite]] - [[Least Privilege Principle]] - [[Mulder effect]] - [[Namesquatting]] - [[Opt for simpler security controls over complex ones]] - [[Package Registry Security]] - [[Privileged Information Management (PIM)]] - [[Scully effect]] - [[Secret Operations (SOPS)]] - [[Slopsquatting]] - [[Slopsquatting, Typosquatting, and the New Software Supply Chain Attacks - How AI and Vibe Coding Are Making Package Registries Even More Dangerous (Article)]] - [[Software Composition Analysis (SCA)]] - [[Software Development Concepts e-book collection (Article)]] - [[Software Supply Chain Security]] - [[Starjacking]] - [[Typosquatting]] - [[Zero Trust Security]]  ## Quotes   - [[At best, an air gap is a high-latency connection]] - [[If you let your AI agents use skills you have not read, it's exactly like running unknown programs as root, but with potentially much worse risks]] - [[It's not because a client is authenticated (i.e., you know who they are) that they can do anything they fancy]]