Awesome Collection

Table of Content

DevSec

• SonarScanner
• Best Practice: API-Security
• OWASP - DotNet Security Cheat Sheet
• ShiftLeft
  • https://docs.shiftleft.io/ngsast/analyzing-applications/javascript
  • https://www.shiftleft.io/ocular/
• OWASP
  • Dependency Track
    • https://marketplace.visualstudio.com/items?itemName=GSoft.dependency-track-vsts
  • Component Analysis
  • Dependency Check
    • https://marketplace.visualstudio.com/items?itemName=dependency-check.dependencycheck
  • ZAP Scanner
  • ZED Attack Proxy Scan
  • Source Code Analysis Tools
  • Vulnerability Scanning Tools
  • Application Security Tools

---

Development

Software Architectures

• Onion Architecture in Asp .Net Core
• .Net Project-Structure
• Clean Architecture

Patterns

• DevIQ - Antipatterns
• CQRS
  • CQRS
  • Rest vs CQRS
  • Rest with CQRS
  • Microservices development patterns: CRUD VS. CQRS
  • Command Query Separation
  • CQRS
  • Use MediatR in ASP.NET Core
  • Implementing CQRS with MediatR in ASP.NET Core
• Event sourcing
• Domain Services
• Services in Domain Driven Design - DDD
• Repository Pattern
• Privacy Patterns

Refactoring

• Refactoring Guru

.NET Core

• ExtCore
• Modular Architecture in ASP.NET Core
• abp.io - Open Source WebApplication Framework
  • abp.io - PluginModules
• Dynamic custom assembly loading
• Async vs. Sync API-Actions
  • https://www.carlrippon.com/scalable-and-performant-asp-net-core-web-apis-asynchronous-operations/
  • https://gokhansengun.com/asp-net-mvc-and-web-api-comparison-of-async-or-sync-actions/
• WebAPI - BestPractices
• Introducing Event Sourcing
• Event driven messaging
• A sample for JWT-Token Authentication
  • Sample: Refresh Token
• Workflows with Orchard
• Background Tasks with IHostedService
• Caching
  • https://docs.microsoft.com/de-de/aspnet/core/performance/caching/response?view=aspnetcore-5.0
  • https://docs.microsoft.com/de-de/dotnet/core/extensions/caching
• Rest API Design Resource Modeling

Web-Development

Angular

• Caching with HttpInterceptor
• Clientside caching
  • https://dev.to/mauro_codes/client-side-caching-with-angular-2i6l
  • https://www.c-sharpcorner.com/article/client-side-caching-in-angular-8-using-http-interceptor/
• Increasing Performance
  • https://www.youtube.com/watch?v=I6ZvpdRM1eQ
  • https://christianlydemann.com/the-complete-guide-to-angular-performance-tuning/
  • https://medium.com/swlh/angular-performance-optimization-techniques-5b7ca0808f8b
  • https://medium.com/showpad-engineering/why-you-should-never-use-function-calls-in-angular-template-expressions-e1a50f9c0496
• 3 Common Rxjs Pitfalls
• Http with Observables
• Dexie.js - IndexedDB
• JWT Authentication with Refresh Tokens
  • https://jasonwatmore.com/post/2020/07/25/angular-10-jwt-authentication-with-refresh-tokens#jwt-interceptor-ts
  • https://medium.com/swlh/authentication-using-jwt-and-refresh-token-part-1-aca5522c14c8
• Cross-Tab Communication
  • https://blog.bitsrc.io/4-ways-to-communicate-across-browser-tabs-in-realtime-e4f5f6cbedca
  • https://timdeschryver.dev/blog/keeping-browser-tabs-in-sync-using-localstorage-ngrx-and-rxjs

Animations with WebGL & Javascript

• ThreeJS
• Mozilla Hubs
• GreenSock

Azure

• Private NPM Repository
• Create Conditions
• Stages, Dependencies & Conditions
• Runtime Parameters

GitHub

GitHub Actions - Images

• Windows 2022 Datacenter

NPM

• Increasing package version
• Configuring npmrc

Automation

• Stackstorm
• DevOps Automation using Stackstorm

Styling / CSS / SCSS

• Coloors
• Cool Backgrounds
• Color Contrast Checker
• Smacss - Scalable and modular architecture for css
• SASS / SCSS Documentation

WCAG / A11Y

• A11Y Project
• Check accessability
• WCAG - Web Content Accessibility Guidelines
• Applaus - Accessability Check via commandline

---

Security

• SySS Research - Repositories
• Fireeye - Repositories
• OWASP - Repositories
• Speakeasy - Kernel and user mode emulation
• OWASP - Application Security Verification Standard
• Velociraptor - digital forensic and incident response
• In App Browser Malicous Javascript Scanner
• OWASP - Penetration Testing Methodologies
  • OWASP - Web Security Testing Guide - GitHub
  • OWASP - Web Security Testing Guide
  • OWASP - Mobile Security Testing Guide
• Websocket Security
  • Websocket Security - Vulnerabilities

XSS - Cross Site Scripting Prevention

• Content Security Policy To prevent loading of scripts from other origins
• Cross Site Scripting Prevention Cheat Sheet

---

Hacking / Pentesting

• MitM Proxy on Raspberry Pi 3
• Security Onion - Sniff decrypted TLS traffic
• PolarProxy
  • PolarProxy - decrypt TLS traffic
• WireShark - Analyzing reported tls traffic
• OWASP - Nettacker
• Online Open port tester
• Shodan.io - Search engine for the internet of everything
• VX Underground - Malware Archive

Vulnerable VMs

• Vulnhub

XSS - Cross Site Scripting Attack

• XSS Filter Evasion Cheat Sheet
• XSS String Encoder

---

Diagrams

• Draw.io
  • MxGraph
• GoJS
• D3

---

News & interesting articles

• Software Architektur wird überschätzt
• Every single element of SOLID is wrong
  • https://www.dotnetpro.de/diverses/architektur/every-single-element-of-solid-is-wrong-2646958.html
  • https://dannorth.net/2021/03/16/cupid-the-back-story/
• New german low-code & open source plattform
• What Are Refresh Tokens and How to Use Them Securely
• JWT - Best practices
• C4Model for visualising software architecture
• Opensource licensing overview
  • https://choosealicense.com/licenses/
  • https://tldrlegal.com/
  • https://opensource.org/
• PortSwigger - Daily News about IT
• Hackernews
• JSON Schema, Schema.org, JSON-LD: What’s the Difference
• Automatisiertes Open Source Lizenzmanagement
• Open Source - Genau geschaut
• Institut für Rechtsfragen der Freien und Open Source Software
• Clean Code Developer
• OSINT Top 10 Tools

---

Tutorials

Azure DevOps

• https://www.udemy.com/course/azure-devops-fur-anfanger/
• https://docs.microsoft.com/de-de/learn/browse/?expanded=azure%2Cwindows&roles=devops-engineer%2Cdeveloper&products=azure-devops

---

DSGVO

• Datenschmutz - Auskunft

Rechtschreibprüfung

• Rechtschreibprüfung24

---

Tools

• Windows 10 Debloater

Documentation Tools

• MkDocs
  • MkDocs - Projects

SAST / DAST - Static / Dynamic Application Security Testing

• SonarQube on Docker with SQL
• SonarQube install server

---

Some more awesome lists

• https://github.com/topics/awesome
• Awesome Sysadmin
• Awesome Hacking
• Book of Secret Knowledge