new security resources

mattmakai · mattmakai · commit d0b8b2bd0734 · 2018-12-11T10:20:39.000-05:00
diff --git a/content/pages/03-data/19-bokeh.markdown b/content/pages/03-data/19-bokeh.markdown
@@ -8,11 +8,11 @@ meta: Bokeh is a data visualization library that builds visuals in Python and ou
 
 
 # Bokeh
-[Bokeh](http://bokeh.pydata.org/en/latest/) is a data visualization
+[Bokeh](https://bokeh.pydata.org/en/latest/) is a data visualization
 library that allows a developer to code in Python and output 
 [JavaScript](/javascript.html) charts and visuals in web browsers.
 
-<img src="/img/logos/bokeh.jpg" width="100%" alt="Bokeh logo on a dark background." class="technical-diagram" style="border-radius:5px" />
+<img src="/img/logos/bokeh.jpg" width="100%" alt="Bokeh logo on a dark background." class="shot rnd outl">
 
 
 ## Why is Bokeh a useful library?
@@ -31,7 +31,7 @@ here is a screenshot of a bar chart created with the
 [figure](http://bokeh.pydata.org/en/latest/docs/reference/plotting.html)
 plot:
 
-<img src="/img/170526-bar-charts-bokeh-flask/chart-example-64.png" width="100%" class="technical-diagram img-rounded" style="border:1px solid #ccc" alt="Responsive Bokeh bar chart with 64 bars.">
+<img src="/img/170526-bar-charts-bokeh-flask/chart-example-64.png" width="100%" class="shot img rnd" alt="Responsive Bokeh bar chart with 64 bars.">
 
 For more references, including interactive live demonstrations, check out
 these sites:
@@ -53,12 +53,21 @@ basic syntax will change as the library's API is not yet stable.
   tutorial for those new to Bokeh who want to try out the library and get
   an example project running quickly with [Flask](/flask.html).
 
+* [Fun with NFL Stats, Bokeh, and Pandas](https://j253.github.io/blog/fun-with-nfl-stats.html)
+  takes an NFL play-by-play data set, shows how to wrangle the data into 
+  an appropriate format then explains the code that uses Bokeh to visualize
+  it.
+
 * [Data is beautiful: Visualizing Roman imperial dynasties](http://machineloveus.com/data-is-beautiful-visualizing-roman-imperial-dynasties/)
   provides a walkthrough for creating a gorgeous visualization based on
   historical Roman data. The post is about more than just the visual, it also
   goes into the ideation, data wrangling and analysis phases that came
   before using Bokeh to show the results.
 
+* [Interactive Data Visualization in Python With Bokeh](https://realpython.com/python-data-visualization-bokeh/)
+  is a great beginners tutorial that shows you how to structure your data,
+  draw your first figures and add interactivity to the visualizations.
+
 * [Creating Bar Chart Visuals with Bokeh, Bottle and Python 3](/blog/python-bottle-bokeh-bar-charts.html)
   is a tutorial that combines the [Bottle](/bottle.html) 
   [web framework](/web-frameworks.html)
diff --git a/content/pages/04-web-development/56-web-app-security.markdown b/content/pages/04-web-development/56-web-app-security.markdown
@@ -26,16 +26,18 @@ request forgery and usage of public-private keypairs.
 * [Charles](https://www.charlesproxy.com/) is an HTTP proxy for inspecting
   headers, requests and responses for all traffic that flows through it.
 
-* [quick NIX secure script](https://github.com/marshyski/quick-secure) for
-  securing Linux distributions.
-
 * [TLS Observatory](https://github.com/mozilla/tls-observatory) provides
   a suite of security tools for analyzing and inspecting Transport Layer
-  Security (TLS) services.
+  Security (TLS) services. There is also a hosted version you can use
+  at [observatory.mozilla.org](https://observatory.mozilla.org/).
 
 * [WIG](https://github.com/6e726d/WIG) contains tools for gathering wireless
   data via Wifi protocols.
 
+* [HTTP Evader](https://noxxi.de/research/http-evader.html) is an automated
+  testing tool for checking firewalls to ensure they are protecting the
+  appropriate ports and payloads.
+
 
 ### Specific vulnerabilities
 * [httpoxy](https://httpoxy.org/) is a set of vulnerabilities that can affect
@@ -50,6 +52,10 @@ request forgery and usage of public-private keypairs.
 
 
 ### HTTPS resources
+SSL over HTTP (HTTPS) is mandatory for securing web data traffic in transit.
+There is a [page dedicated to HTTPS](/https.html) and the following
+resources can also give you a good overview of how HTTPS works.
+
 * [How does HTTPS actually work?](http://robertheaton.com/2014/03/27/how-does-https-actually-work/)
   is a well-written overview of the protocol including certificates, 
   signatures, signing and related topics.
@@ -108,25 +114,27 @@ request forgery and usage of public-private keypairs.
   [fantastic curated list of security reading material](http://dfir.org/?q=node/8/)
   from beginning to advanced topics.
 
+* [How to protect your infrastructure against the basic attacker](https://www.mailgun.com/blog/security-guide-basic-infrastructure-security)
+  presents a good overview of what you need to think about when
+  hardening your system against reasonablely competent malicious attackers.
+
 * The [/r/netsec](http://www.reddit.com/r/netsec/) subreddit is one place to
   go to learn more about network and application security.
 
 * [Hacking Tools Repository](http://gexos.github.io/Hacking-Tools-Repository/)
   is a great list of password cracking, scanning, sniffing and other security
   penetration testing tools.
 
-* [Securing an Ubuntu Server](http://www.andrewault.net/2010/05/17/securing-an-ubuntu-server/)
-
-* [Securing Ubuntu](http://joshrendek.com/2013/01/securing-ubuntu/)
-
 * [Security Tips from Apache](http://httpd.apache.org/docs/current/misc/security_tips.html)
 
-* [Securing a Linux Server](http://spenserj.com/blog/2013/07/15/securing-a-linux-server/)
-
 * The EFF has a well written overview on 
   [what makes a good security audit](https://www.eff.org/deeplinks/2014/11/what-makes-good-security-audit). It's broad but contains some of their behind the
   scenes thinking on important considerations with security audits.
 
+* [Ubuntu system hardening guide](https://linux-audit.com/ubuntu-server-hardening-guide-quick-and-secure/)
+  provides step-by-step instructions for hardening the most recent 
+  three [Ubuntu LTS](/ubuntu.html) releases.
+
 * Ars Technica wrote posts on 
   [securing your website](http://arstechnica.com/security/2013/02/securing-your-website-a-tough-job-but-someones-got-to-do-it/)
   along with [how to set up a safe and secure web server: part 1](http://arstechnica.com/gadgets/2012/11/how-to-set-up-a-safe-and-secure-web-server/)
@@ -168,6 +176,7 @@ request forgery and usage of public-private keypairs.
   shows an implementation for securing thousands of sites with SSL 
   certificates to support HTTPS everywhere.
 
+
 ## Web security learning checklist
 1. Read and understand the major web application security flaws that are
    commonly exploited by malicious actors. These include cross-site request 
diff --git a/content/pages/05-deployment/14-ubuntu.markdown b/content/pages/05-deployment/14-ubuntu.markdown
@@ -13,7 +13,7 @@ meta: Ubuntu is a Debian Linux-based operating system distribution often used fo
 [Python development](/learning-programming.html) and 
 [web application deployment](/deployment.html).
 
-<a href="https://www.ubuntu.com/" style="border: none;"><img src="/img/logos/ubuntu-linux.png" width="100%" alt="Official Ubuntu logo. Copyright Canonical Ltd." class="shot rnd outl"></a>
+<a href="https://www.ubuntu.com/" style="border: none;"><img src="/img/logos/ubuntu-linux.png" width="100%" alt="Official Ubuntu logo. Copyright Canonical Ltd." class="shot rnd"></a>
 
 
 ## Why is Ubuntu important for Python?
