|
FIDO2 emulationa project by mkoutny Project DescriptionFIDO2 is set of specifications for multi-factor authentication. It is based on asymmetric cryptography with secrets stored in a HW token. The token must support the protocol to be usable. |
Learn more about Application Security (AppSec) Open Source Tools and Testing Techniquesan idea by heidi.bronson Project DescriptionApplication security (AppSec) is a threat that all organizations are facing. While we have QA engineers and security teams to help avoid these threats, true AppSec can only be obtained by giving developers the tools to find and fix vulnerabilities before their code is pushed into the deployment pipeline. As a software engineer, I want to make sure that my applications are secure. During this hackweek, I want to study the OWASP Top 10 vulnerabilities, related testing techniques, and open source tools that can be used to test our applications and keep them safe from malicious actors. |
Project Verifree : internal key server(s)a project by mcaj Project descriptionThe project Verifree is about GPG key server. The goal is build a Key server, where users are able to |
Poking technologies for enrolling customer key to kernel trusted keyringa project by joeyli Project DescriptionThe keys in db or mok can be used to verify boot loader and kernel binary for booting. But upstream kernel doesn't trust them for enrolling to trusted keyring because they are enrolled outside the boundaries of kernel. Which means that IMA can not use db/mok keys for verification. |
Model checking the BPF verifieran invention by shunghsiyu Project DescriptionBPF verifier plays a crucial role in securing the system (though less so now that unprivileged BPF is disabled by default in both upstream and SLES), and bugs in the verifier has lead to privilege escalation vulnerabilities in the past (e.g. CVE-2021-3490). |
rust security reviews and cargo-creva project by jzerebecki Project DescriptionLook into things that make security/code reviews of rust code easier and play with cargo-crev. |
Explore Crev as collaborative code audita project by pperego Project DescriptionCrev [1] is a collaborative code audit idea. Since it's common that more security engineers can work on the same projects, or there can be a different person auditing a piece of code after some time, there is the need to keep track of the code audit notes in a non-repudiable way. |