working on security resources

mattmakai · mattmakai · commit f50a03f0aff2 · 2014-12-22T09:18:53.000-06:00
diff --git a/all.html b/all.html
@@ -3839,17 +3839,12 @@ <h2>Security open source projects</h2>
 securing Linux distributions.</p>
 </li>
 </ul>
-<h2>Security resources</h2>
+<h2>HTTPS resources</h2>
 <ul>
 <li>
-<p>The Open Web Application Security Project (OWASP) has 
-  <a href="https://www.owasp.org/index.php/Cheat_Sheets">cheat sheets for security</a> 
-  topics.</p>
-</li>
-<li>
-<p>This page contains a
-  <a href="http://dfir.org/?q=node/8/">fantastic currated list of security reading material</a>
-  from beginning to advanced topics.</p>
+<p>This question asking <a href="http://security.stackexchange.com/questions/5126/whats-the-difference-between-ssl-tls-and-https">what is the difference between TLS and SSL?</a>
+  explains that TLS is a newer version of SSL and should be used because
+  SSL through version 3.0 is insecure.</p>
 </li>
 <li>
 <p>If you're having users submit sensitive information to your site you need
@@ -3858,11 +3853,6 @@ <h2>Security resources</h2>
   over some of the nuances of the subject.</p>
 </li>
 <li>
-<p><a href="http://gexos.github.io/Hacking-Tools-Repository/">Hacking Tools Repository</a>
-  is a great list of password cracking, scanning, sniffing and other security
-  penetration testing tools.</p>
-</li>
-<li>
 <p><a href="https://hynek.me/talks/tls/">The Sorry State of SSL</a> details the 
   history and evolution of SSL/TLS. There are important differences between
   the versions and Hynek explains why TLS should always be used. The
@@ -3871,6 +3861,37 @@ <h2>Security resources</h2>
   <a href="https://developer.rackspace.com/blog/the-not-so-sorry-state-of-ssl-in-python/">The not-so-sorry state of SSL in Python</a>.</p>
 </li>
 <li>
+<p><a href="http://blog.hartleybrody.com/https-certificates/">How HTTPS Secures Connections</a>
+  is a guide for what HTTPS does and does not secure against.</p>
+</li>
+<li>
+<p><a href="http://erik.io/blog/2013/06/08/a-basic-guide-to-when-and-how-to-deploy-https/">When and How to Deploy HTTPS</a></p>
+</li>
+<li>
+<p><a href="http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html">The first few milliseconds of an HTTPS connection</a>
+  provides a detailed look at the SSL handshake process that is implemented
+  by browsers based on the <a href="http://tools.ietf.org/html/rfc2818">RFC 2818</a>
+  specification.</p>
+</li>
+</ul>
+<h2>General security resources</h2>
+<ul>
+<li>
+<p>The Open Web Application Security Project (OWASP) has 
+  <a href="https://www.owasp.org/index.php/Cheat_Sheets">cheat sheets for security</a> 
+  topics.</p>
+</li>
+<li>
+<p>This page contains a
+  <a href="http://dfir.org/?q=node/8/">fantastic currated list of security reading material</a>
+  from beginning to advanced topics.</p>
+</li>
+<li>
+<p><a href="http://gexos.github.io/Hacking-Tools-Repository/">Hacking Tools Repository</a>
+  is a great list of password cracking, scanning, sniffing and other security
+  penetration testing tools.</p>
+</li>
+<li>
 <p><a href="http://www.andrewault.net/2010/05/17/securing-an-ubuntu-server/">Securing an Ubuntu Server</a></p>
 </li>
 <li>
@@ -3880,9 +3901,6 @@ <h2>Security resources</h2>
 <p><a href="http://httpd.apache.org/docs/current/misc/security_tips.html">Security Tips from Apache</a></p>
 </li>
 <li>
-<p><a href="http://erik.io/blog/2013/06/08/a-basic-guide-to-when-and-how-to-deploy-https/">When and How to Deploy HTTPS</a></p>
-</li>
-<li>
 <p><a href="http://spenserj.com/blog/2013/07/15/securing-a-linux-server/">Securing a Linux Server</a></p>
 </li>
 <li>
@@ -3894,23 +3912,10 @@ <h2>Security resources</h2>
 <p><a href="http://arstechnica.com/security/2013/02/securing-your-website-a-tough-job-but-someones-got-to-do-it/">Securing Your Website</a></p>
 </li>
 <li>
-<p><a href="http://blog.hartleybrody.com/https-certificates/">How HTTPS Secures Connections: What Every Web Dev Should Know</a></p>
-</li>
-<li>
-<p><a href="http://blog.hartleybrody.com/https-certificates/">How HTTPS Secures Connections</a>
-  is a guide for what HTTPS does and does not secure against.</p>
-</li>
-<li>
 <p><a href="https://www.crypto101.io/">Crypto 101</a> is an introductory course on
   cryptography for programmers.</p>
 </li>
 <li>
-<p><a href="http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html">The first few milliseconds of an HTTPS connection</a>
-  provides a detailed look at the SSL handshake process that is implemented
-  by browsers based on the <a href="http://tools.ietf.org/html/rfc2818">RFC 2818</a>
-  specification.</p>
-</li>
-<li>
 <p><a href="http://getprismatic.com/story/1409447605839">An in-depth analysis of SSH attacks on Amazon EC2</a>
   shows how important it is to secure your web servers, especially when they are
   hosted in IP address ranges that are commonly scanned by malicious actors.</p>
@@ -4267,6 +4272,8 @@ <h1>Change Log</h1>
 <h2>2014</h2>
 <h3></h3>
 <ul>
+<li>Adding new security resources and splitting HTTPS resources into their own
+  section.</li>
 <li>Split out Djangular resources into a separate section.</li>
 <li>New NoSQL Python client resources.</li>
 <li>Added new API resources for integration and creation.</li>
diff --git a/change-log.html b/change-log.html
@@ -46,6 +46,8 @@ <h1>Change Log</h1>
 <h2>2014</h2>
 <h3></h3>
 <ul>
+<li>Adding new security resources and splitting HTTPS resources into their own
+  section.</li>
 <li>Split out Djangular resources into a separate section.</li>
 <li>New NoSQL Python client resources.</li>
 <li>Added new API resources for integration and creation.</li>
diff --git a/feeds/all.atom.xml b/feeds/all.atom.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="utf-8"?>
-<feed xmlns="http://www.w3.org/2005/Atom"><title>Matt Makai</title><link href="http://www.fullstackpython.com/" rel="alternate"></link><link href="http://www.fullstackpython.com/feeds/all.atom.xml" rel="self"></link><id>http://www.fullstackpython.com/</id><updated>2014-12-21T17:28:03Z</updated></feed>
+<feed xmlns="http://www.w3.org/2005/Atom"><title>Matt Makai</title><link href="http://www.fullstackpython.com/" rel="alternate"></link><link href="http://www.fullstackpython.com/feeds/all.atom.xml" rel="self"></link><id>http://www.fullstackpython.com/</id><updated>2014-12-22T08:11:00Z</updated></feed>
diff --git a/source/content/pages/10-security/1001-web-security.markdown b/source/content/pages/10-security/1001-web-security.markdown
@@ -30,39 +30,53 @@ request forgery and usage of public-private keypairs.
 securing Linux distributions.
 
 
-## Security resources
-* The Open Web Application Security Project (OWASP) has 
-  [cheat sheets for security](https://www.owasp.org/index.php/Cheat_Sheets) 
-  topics.
-
-* This page contains a
-  [fantastic currated list of security reading material](http://dfir.org/?q=node/8/)
-  from beginning to advanced topics.
+## HTTPS resources
+* This question asking [what is the difference between TLS and SSL?](http://security.stackexchange.com/questions/5126/whats-the-difference-between-ssl-tls-and-https)
+  explains that TLS is a newer version of SSL and should be used because
+  SSL through version 3.0 is insecure.
 
 * If you're having users submit sensitive information to your site you need
   to use SSL/TLS. Anything before TLS is now insecure. Check out this
   [handy guide](http://wingolog.org/archives/2014/10/17/ffs-ssl) that goes
   over some of the nuances of the subject.
 
-* [Hacking Tools Repository](http://gexos.github.io/Hacking-Tools-Repository/)
-  is a great list of password cracking, scanning, sniffing and other security
-  penetration testing tools.
-
 * [The Sorry State of SSL](https://hynek.me/talks/tls/) details the 
   history and evolution of SSL/TLS. There are important differences between
   the versions and Hynek explains why TLS should always be used. The
   talk prompted work to improve Python's SSL in 2.7.9 based on the upgrades
   in Python 3 outlined in 
   [The not-so-sorry state of SSL in Python](https://developer.rackspace.com/blog/the-not-so-sorry-state-of-ssl-in-python/).
 
+* [How HTTPS Secures Connections](http://blog.hartleybrody.com/https-certificates/)
+  is a guide for what HTTPS does and does not secure against.
+
+* [When and How to Deploy HTTPS](http://erik.io/blog/2013/06/08/a-basic-guide-to-when-and-how-to-deploy-https/)
+
+* [The first few milliseconds of an HTTPS connection](http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html)
+  provides a detailed look at the SSL handshake process that is implemented
+  by browsers based on the [RFC 2818](http://tools.ietf.org/html/rfc2818)
+  specification.
+
+
+## General security resources
+* The Open Web Application Security Project (OWASP) has 
+  [cheat sheets for security](https://www.owasp.org/index.php/Cheat_Sheets) 
+  topics.
+
+* This page contains a
+  [fantastic currated list of security reading material](http://dfir.org/?q=node/8/)
+  from beginning to advanced topics.
+
+* [Hacking Tools Repository](http://gexos.github.io/Hacking-Tools-Repository/)
+  is a great list of password cracking, scanning, sniffing and other security
+  penetration testing tools.
+
 * [Securing an Ubuntu Server](http://www.andrewault.net/2010/05/17/securing-an-ubuntu-server/)
 
 * [Securing Ubuntu](http://joshrendek.com/2013/01/securing-ubuntu/)
 
 * [Security Tips from Apache](http://httpd.apache.org/docs/current/misc/security_tips.html)
 
-* [When and How to Deploy HTTPS](http://erik.io/blog/2013/06/08/a-basic-guide-to-when-and-how-to-deploy-https/)
-
 * [Securing a Linux Server](http://spenserj.com/blog/2013/07/15/securing-a-linux-server/)
 
 * The EFF has a well written overview on 
@@ -71,19 +85,9 @@ securing Linux distributions.
 
 * [Securing Your Website](http://arstechnica.com/security/2013/02/securing-your-website-a-tough-job-but-someones-got-to-do-it/)
 
-* [How HTTPS Secures Connections: What Every Web Dev Should Know](http://blog.hartleybrody.com/https-certificates/)
-
-* [How HTTPS Secures Connections](http://blog.hartleybrody.com/https-certificates/)
-  is a guide for what HTTPS does and does not secure against.
-
 * [Crypto 101](https://www.crypto101.io/) is an introductory course on
   cryptography for programmers.
 
-* [The first few milliseconds of an HTTPS connection](http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html)
-  provides a detailed look at the SSL handshake process that is implemented
-  by browsers based on the [RFC 2818](http://tools.ietf.org/html/rfc2818)
-  specification.
-
 * [An in-depth analysis of SSH attacks on Amazon EC2](http://getprismatic.com/story/1409447605839)
   shows how important it is to secure your web servers, especially when they are
   hosted in IP address ranges that are commonly scanned by malicious actors.
diff --git a/source/content/pages/11-misc/1104-change-log.markdown b/source/content/pages/11-misc/1104-change-log.markdown
@@ -24,6 +24,8 @@ the
 
 ## 2014
 ###
+* Adding new security resources and splitting HTTPS resources into their own
+  section.
 * Split out Djangular resources into a separate section.
 * New NoSQL Python client resources.
 * Added new API resources for integration and creation.
diff --git a/web-application-security.html b/web-application-security.html
@@ -53,17 +53,12 @@ <h2>Security open source projects</h2>
 securing Linux distributions.</p>
 </li>
 </ul>
-<h2>Security resources</h2>
+<h2>HTTPS resources</h2>
 <ul>
 <li>
-<p>The Open Web Application Security Project (OWASP) has 
-  <a href="https://www.owasp.org/index.php/Cheat_Sheets">cheat sheets for security</a> 
-  topics.</p>
-</li>
-<li>
-<p>This page contains a
-  <a href="http://dfir.org/?q=node/8/">fantastic currated list of security reading material</a>
-  from beginning to advanced topics.</p>
+<p>This question asking <a href="http://security.stackexchange.com/questions/5126/whats-the-difference-between-ssl-tls-and-https">what is the difference between TLS and SSL?</a>
+  explains that TLS is a newer version of SSL and should be used because
+  SSL through version 3.0 is insecure.</p>
 </li>
 <li>
 <p>If you're having users submit sensitive information to your site you need
@@ -72,11 +67,6 @@ <h2>Security resources</h2>
   over some of the nuances of the subject.</p>
 </li>
 <li>
-<p><a href="http://gexos.github.io/Hacking-Tools-Repository/">Hacking Tools Repository</a>
-  is a great list of password cracking, scanning, sniffing and other security
-  penetration testing tools.</p>
-</li>
-<li>
 <p><a href="https://hynek.me/talks/tls/">The Sorry State of SSL</a> details the 
   history and evolution of SSL/TLS. There are important differences between
   the versions and Hynek explains why TLS should always be used. The
@@ -85,6 +75,37 @@ <h2>Security resources</h2>
   <a href="https://developer.rackspace.com/blog/the-not-so-sorry-state-of-ssl-in-python/">The not-so-sorry state of SSL in Python</a>.</p>
 </li>
 <li>
+<p><a href="http://blog.hartleybrody.com/https-certificates/">How HTTPS Secures Connections</a>
+  is a guide for what HTTPS does and does not secure against.</p>
+</li>
+<li>
+<p><a href="http://erik.io/blog/2013/06/08/a-basic-guide-to-when-and-how-to-deploy-https/">When and How to Deploy HTTPS</a></p>
+</li>
+<li>
+<p><a href="http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html">The first few milliseconds of an HTTPS connection</a>
+  provides a detailed look at the SSL handshake process that is implemented
+  by browsers based on the <a href="http://tools.ietf.org/html/rfc2818">RFC 2818</a>
+  specification.</p>
+</li>
+</ul>
+<h2>General security resources</h2>
+<ul>
+<li>
+<p>The Open Web Application Security Project (OWASP) has 
+  <a href="https://www.owasp.org/index.php/Cheat_Sheets">cheat sheets for security</a> 
+  topics.</p>
+</li>
+<li>
+<p>This page contains a
+  <a href="http://dfir.org/?q=node/8/">fantastic currated list of security reading material</a>
+  from beginning to advanced topics.</p>
+</li>
+<li>
+<p><a href="http://gexos.github.io/Hacking-Tools-Repository/">Hacking Tools Repository</a>
+  is a great list of password cracking, scanning, sniffing and other security
+  penetration testing tools.</p>
+</li>
+<li>
 <p><a href="http://www.andrewault.net/2010/05/17/securing-an-ubuntu-server/">Securing an Ubuntu Server</a></p>
 </li>
 <li>
@@ -94,9 +115,6 @@ <h2>Security resources</h2>
 <p><a href="http://httpd.apache.org/docs/current/misc/security_tips.html">Security Tips from Apache</a></p>
 </li>
 <li>
-<p><a href="http://erik.io/blog/2013/06/08/a-basic-guide-to-when-and-how-to-deploy-https/">When and How to Deploy HTTPS</a></p>
-</li>
-<li>
 <p><a href="http://spenserj.com/blog/2013/07/15/securing-a-linux-server/">Securing a Linux Server</a></p>
 </li>
 <li>
@@ -108,23 +126,10 @@ <h2>Security resources</h2>
 <p><a href="http://arstechnica.com/security/2013/02/securing-your-website-a-tough-job-but-someones-got-to-do-it/">Securing Your Website</a></p>
 </li>
 <li>
-<p><a href="http://blog.hartleybrody.com/https-certificates/">How HTTPS Secures Connections: What Every Web Dev Should Know</a></p>
-</li>
-<li>
-<p><a href="http://blog.hartleybrody.com/https-certificates/">How HTTPS Secures Connections</a>
-  is a guide for what HTTPS does and does not secure against.</p>
-</li>
-<li>
 <p><a href="https://www.crypto101.io/">Crypto 101</a> is an introductory course on
   cryptography for programmers.</p>
 </li>
 <li>
-<p><a href="http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html">The first few milliseconds of an HTTPS connection</a>
-  provides a detailed look at the SSL handshake process that is implemented
-  by browsers based on the <a href="http://tools.ietf.org/html/rfc2818">RFC 2818</a>
-  specification.</p>
-</li>
-<li>
 <p><a href="http://getprismatic.com/story/1409447605839">An in-depth analysis of SSH attacks on Amazon EC2</a>
   shows how important it is to secure your web servers, especially when they are
   hosted in IP address ranges that are commonly scanned by malicious actors.</p>

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`	`1`	`<?xml version="1.0" encoding="utf-8"?>`
`2`		`-<feed xmlns="http://www.w3.org/2005/Atom"><title>Matt Makai</title><link href="http://www.fullstackpython.com/" rel="alternate"></link><link href="http://www.fullstackpython.com/feeds/all.atom.xml" rel="self"></link><id>http://www.fullstackpython.com/</id><updated>2014-12-21T17:28:03Z</updated></feed>`
	`2`	`+<feed xmlns="http://www.w3.org/2005/Atom"><title>Matt Makai</title><link href="http://www.fullstackpython.com/" rel="alternate"></link><link href="http://www.fullstackpython.com/feeds/all.atom.xml" rel="self"></link><id>http://www.fullstackpython.com/</id><updated>2014-12-22T08:11:00Z</updated></feed>`