#python#security#security_tools#vulnerability#vulnerability_databases#vulnerability_management#vulnerability_scanners
OSV is a free, open-source database and toolset that helps you find and manage security vulnerabilities in open source software you use. It collects vulnerability data from many sources, including official advisories and automated scans, and presents it in a clear, machine-readable format. You can use the OSV scanner tool to automatically check your software dependencies for known security issues, helping you fix them quickly. This improves your software’s security by focusing on real risks and making vulnerability management easier and more efficient. OSV also offers APIs and integrates with other tools for automation and alerts.
https://github.com/google/osv.dev
http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
#security
This should have been obvious to me for a longer time, but until earlier today I did not really realize the severity of the issues caused by str.format on untrusted user input. It came up as a way to bypass the Jinja2 Sandbox in a way that would permit retrieving information that you should not have access to which is why I just pushed out a security release for it.
However I think the general issue is quite severe and needs to be a discussed because most people are most likely not aware of how easy it is to exploit.
#security
page 1 - 2 - 3 - 4
Click here to return to the ⚒ Resource Index ⚒
Security Culture - Basics for Protests
https://t.me/RevToolboxRedux/2165
https://t.me/RevToolboxRedux/2166 - PDF version
Security and Counter-Surveillance - Information Against the Police State
https://t.me/RevToolboxRedux/2559
What To Do When You're Arrested
https://t.me/RevToolboxRedux/2585
Surveillance Self Defense in Public Spaces
https://t.me/RevToolboxRedux/2755
Movement Defense Means All of Us - A guide to building resilient movements and countering repression.
https://t.me/RevToolboxRedux/2070
No Badjacketing - The State Wants To Kill Us, Let's Not Cooperate (important article)
https://t.me/RevToolboxRedux/2915
Why Misogynists Make Great Informants
https://t.me/RevToolboxRedux/2916
Digital Communication Protocols Beyond Telegram
https://t.me/RevToolboxRedux/3338
Police Infiltrators - the ultimate betrayal
https://t.me/RevToolboxRedux/2502
Privacy/Security Resource list
https://t.me/RevToolboxRedux/12
Some tips on staying secure online
https://t.me/RevToolboxRedux/157
Elicitation - subtly soliciting information
https://t.me/RevToolboxRedux/167
Telegram tips for group/channel admins (old)
https://t.me/RevToolboxRedux/198
Breaking News Consumer's Handbook
https://t.me/RevToolboxRedux/209
Antifascism is Self Defense
https://t.me/RevToolboxRedux/264
Digital security resources for activists
https://t.me/RevToolboxRedux/267
Know Your Rights - A Crashcourse 4 Protesters (Don't Shoot PDX)
https://t.me/RevToolboxRedux/273
Best Practices for Signal Threads
https://t.me/RevToolboxRedux/280
The Riot is One Night But Metadata is Forever
https://t.me/RevToolboxRedux/293
Never Talk to the Cops
https://t.me/RevToolboxRedux/294
Before Posting Ask Yourself - does this pose a risk?
https://t.me/RevToolboxRedux/295
Surveillance Self Defense (EFF)
https://t.me/RevToolboxRedux/309
How To Make It Harder for Cops to Do Their Jobs
https://t.me/RevToolboxRedux/310
Beating FBI Surveillance
https://t.me/RevToolboxRedux/319
How To Find Hidden Cameras
https://t.me/RevToolboxRedux/334
DIY Faraday Bag (untested)
https://t.me/RevToolboxRedux/327
Guide to IMSI Catchers (Fake Cell Towers)
https://t.me/RevToolboxRedux/337
Covering Cameras w/ Umbrellas
https://t.me/RevToolboxRedux/369
Getting Started - Telegram Anonymity
https://t.me/RevToolboxRedux/370
Tails OS Leaflet
https://t.me/RevToolboxRedux/378
Car Brigade Techniques
https://t.me/RevToolboxRedux/407
Beware Swoopers
https://t.me/RevToolboxRedux/431
Spread Good Info! S.A.L.U.T.E.
https://t.me/RevToolboxRedux/436
Anarchist Direct Actions - A Challenge for Law Enforcement
https://t.me/RevToolboxRedux/462
What To Do If You Are Stopped by the Police
https://t.me/RevToolboxRedux/465
Criptica. Resistencia Digital (espanol)
https://t.me/RevToolboxRedux/467
Which Apps Are Secure and End-to-End Encrypted?
https://t.me/RevToolboxRedux/495
When the Police Knock on Your Door
https://t.me/RevToolboxRedux/517
Dress for Success - Disguise without Bloc
https://t.me/RevToolboxRedux/518
Look Out for Fascist Entryism
https://t.me/RevToolboxRedux/520
What to Do If You Receive an Unsolicited Message
https://t.me/RevToolboxRedux/528
PDX Decentralized Comms Ruleset
https://t.me/RevToolboxRedux/536
Only Networks Can Defeat Networks - decentralized digital struggle
https://t.me/RevToolboxRedux/607
The Basics of Firearm Safety
https://t.me/RevToolboxRedux/643
Assertive Intervention and Deescalation Tools and Tips
https://t.me/RevToolboxRedux/646
Faraday Bag from CLDC
https://t.me/RevToolboxRedux/652
How to Lock Your SIM Card
https://t.me/RevToolboxRedux/683
How to Spot NYPD Unmarked Cars
https://t.me/RevToolboxRedux/685
Digital Safety at Protests
https://t.me/RevToolboxRedux/687
Crossing the U.S. Border - crimethinc
https://t.me/RevToolboxRedux/742
Gentleman's Guide to Forum Spies and Spooks
https://t.me/RevToolboxRedux/750
Atlas of Surveillance - Documenting Police Tech
https://t.me/RevToolboxRedux/784
2 Twitter Alternatives
https://t.me/RevToolboxRedux/786
mitmproxy, a swiss-army knife for debugging, testing, privacy measurements, and penetration testing.
#tools#coding#security#python
@thedevs
https://kutt.it/iJs5WX
http://www.aparat.com/v/6qnbm
The Hacker Spectrum_Pycon 2016_Parisa Tabriz_“#Security"
Parisa Tabriz has worked on information security for over a decade and as a (self-appointed) “Security Princess” of #Google for the last 8+ years. She started as a “hired hacker” software engineer for Google’s security team. As an engineer, she found and closed security holes in many of Google’s products, and taught other engineers how to do the same. https://telegram.me/djangoproject