Projects in the topic security

Kanidm - Modern Opensource Identity Management an invention by firstyear Project Description Kanidm is a identity management system (a store of accounts, groups and more) that supports authentication to opensuse, web sites, networks, and more. The project has a focus on respect of humans, correctness, simplicity and performance. In previous hackweeks we have implemented cryptographic authentication (webauthn), wasm based web UI and more. Updated about 1 year ago. 5 hacker ♥️. 3 followers.
FIDO2 emulation a project by mkoutny Project Description FIDO2 is set of specifications for multi-factor authentication. It is based on asymmetric cryptography with secrets stored in a HW token. The token must support the protocol to be usable. Updated over 1 year ago. 4 hacker ♥️. 5 followers.
Learn more about Application Security (AppSec) Open Source Tools and Testing Techniques an idea by heidi.bronson Project Description Application security (AppSec) is a threat that all organizations are facing. While we have QA engineers and security teams to help avoid these threats, true AppSec can only be obtained by giving developers the tools to find and fix vulnerabilities before their code is pushed into the deployment pipeline. As a software engineer, I want to make sure that my applications are secure. During this hackweek, I want to study the OWASP Top 10 vulnerabilities, related testing techniques, and open source tools that can be used to test our applications and keep them safe from malicious actors. Updated over 1 year ago. 1 hackers ♥️. 1 follower. Has no hacker: grab it!
Project Verifree : internal key server(s) a project by mcaj Project description The project Verifree is about GPG key server. The goal is build a Key server, where users are able to Updated over 1 year ago. 4 hacker ♥️. 7 followers.
Poking technologies for enrolling customer key to kernel trusted keyring a project by joeyli Project Description The keys in db or mok can be used to verify boot loader and kernel binary for booting. But upstream kernel doesn't trust them for enrolling to trusted keyring because they are enrolled outside the boundaries of kernel. Which means that IMA can not use db/mok keys for verification. Updated over 1 year ago. 1 hackers ♥️. 1 follower.
Model checking the BPF verifier an invention by shunghsiyu Project Description BPF verifier plays a crucial role in securing the system (though less so now that unprivileged BPF is disabled by default in both upstream and SLES), and bugs in the verifier has lead to privilege escalation vulnerabilities in the past (e.g. CVE-2021-3490). Updated about 1 year ago. 4 hacker ♥️. 3 followers.
rust security reviews and cargo-crev a project by jzerebecki Project Description Look into things that make security/code reviews of rust code easier and play with cargo-crev. Updated about 1 year ago. 1 hackers ♥️. 1 follower.
Explore Crev as collaborative code audit a project by pperego Project Description Crev [1] is a collaborative code audit idea. Since it's common that more security engineers can work on the same projects, or there can be a different person auditing a piece of code after some time, there is the need to keep track of the code audit notes in a non-repudiable way. Updated over 1 year ago. 3 hacker ♥️. 3 followers.

Kanidm - Modern Opensource Identity Management

an invention by firstyear

Project Description

Kanidm is a identity management system (a store of accounts, groups and more) that supports authentication to opensuse, web sites, networks, and more. The project has a focus on respect of humans, correctness, simplicity and performance. In previous hackweeks we have implemented cryptographic authentication (webauthn), wasm based web UI and more.

Updated about 1 year ago. 5 hacker ♥️. 3 followers.

FIDO2 emulation

a project by mkoutny

Project Description

FIDO2 is set of specifications for multi-factor authentication. It is based on asymmetric cryptography with secrets stored in a HW token. The token must support the protocol to be usable.

Updated over 1 year ago. 4 hacker ♥️. 5 followers.

Learn more about Application Security (AppSec) Open Source Tools and Testing Techniques

an idea by heidi.bronson

Project Description

Application security (AppSec) is a threat that all organizations are facing. While we have QA engineers and security teams to help avoid these threats, true AppSec can only be obtained by giving developers the tools to find and fix vulnerabilities before their code is pushed into the deployment pipeline. As a software engineer, I want to make sure that my applications are secure. During this hackweek, I want to study the OWASP Top 10 vulnerabilities, related testing techniques, and open source tools that can be used to test our applications and keep them safe from malicious actors.

Updated over 1 year ago. 1 hackers ♥️. 1 follower. Has no hacker: grab it!

Project Verifree : internal key server(s)

a project by mcaj

Project description

The project Verifree is about GPG key server. The goal is build a Key server, where users are able to

Updated over 1 year ago. 4 hacker ♥️. 7 followers.

Poking technologies for enrolling customer key to kernel trusted keyring

a project by joeyli

Project Description

The keys in db or mok can be used to verify boot loader and kernel binary for booting. But upstream kernel doesn't trust them for enrolling to trusted keyring because they are enrolled outside the boundaries of kernel. Which means that IMA can not use db/mok keys for verification.

Updated over 1 year ago. 1 hackers ♥️. 1 follower.

Model checking the BPF verifier

an invention by shunghsiyu

Project Description

BPF verifier plays a crucial role in securing the system (though less so now that unprivileged BPF is disabled by default in both upstream and SLES), and bugs in the verifier has lead to privilege escalation vulnerabilities in the past (e.g. CVE-2021-3490).

Updated about 1 year ago. 4 hacker ♥️. 3 followers.

rust security reviews and cargo-crev

a project by jzerebecki

Project Description

Look into things that make security/code reviews of rust code easier and play with cargo-crev.

Updated about 1 year ago. 1 hackers ♥️. 1 follower.

Explore Crev as collaborative code audit

a project by pperego

Project Description

Crev [1] is a collaborative code audit idea. Since it's common that more security engineers can work on the same projects, or there can be a different person auditing a piece of code after some time, there is the need to keep track of the code audit notes in a non-repudiable way.

Updated over 1 year ago. 3 hacker ♥️. 3 followers.