FIDO2 emulationa project by mkoutny Project DescriptionFIDO2 is set of specifications for multi-factor authentication. It is based on asymmetric cryptography with secrets stored in a HW token. The token must support the protocol to be usable. |
Learn more about Application Security (AppSec) Open Source Tools and Testing Techniquesan idea by heidi.bronson Project DescriptionApplication security (AppSec) is a threat that all organizations are facing. While we have QA engineers and security teams to help avoid these threats, true AppSec can only be obtained by giving developers the tools to find and fix vulnerabilities before their code is pushed into the deployment pipeline. As a software engineer, I want to make sure that my applications are secure. During this hackweek, I want to study the OWASP Top 10 vulnerabilities, related testing techniques, and open source tools that can be used to test our applications and keep them safe from malicious actors. |
Project Verifree : internal key server(s)a project by mcaj Project descriptionThe project Verifree is about GPG key server. The goal is build a Key server, where users are able to |
Poking technologies for enrolling customer key to kernel trusted keyringa project by joeyli Project DescriptionThe keys in db or mok can be used to verify boot loader and kernel binary for booting. But upstream kernel doesn't trust them for enrolling to trusted keyring because they are enrolled outside the boundaries of kernel. Which means that IMA can not use db/mok keys for verification. |
Model checking the BPF verifiera project by shunghsiyu Project DescriptionBPF verifier plays a crucial role in securing the system (though less so now that unprivileged BPF is disabled by default in both upstream and SLES), and bugs in the verifier has lead to privilege escalation vulnerabilities in the past (e.g. CVE-2021-3490). |
rust security reviews and cargo-creva project by jzerebecki Project DescriptionLook into things that make security/code reviews of rust code easier and play with cargo-crev. |
Explore Crev as collaborative code audita project by pperego Project DescriptionCrev [1] is a collaborative code audit idea. Since it's common that more security engineers can work on the same projects, or there can be a different person auditing a piece of code after some time, there is the need to keep track of the code audit notes in a non-repudiable way. |
Rancher Token Revokeran invention by mbolot Project DescriptionThe token revoker aims to scan git repos for exposed rancher tokens. Once a token has been identified, the revoker can (based on configuration) warn/disable/delete the exposed token automatically. |
Run sandboxed Firefox with image and sound inside a containeran invention by nguyens Project DescriptionRunning a web browser from your PC can cause all sorts of security or anonymity issues; e-g: content downloaded could be run automatically from your PC, resulting in disk encryption or other unpleasant events. It would be great if we could run most of this in a container so that we have as much of the web browser sandboxed, and limit the PC's exposure to security events. |
Sandboxed USB Inspectionan invention by nguyens Project DescriptionUSB devices can be dangerous to read directly from your PC. There are countless stories of PCs being infected (e-g: filesystem encrypted) because a USB device was read without first checking the USB content. But how do you check the device content without having a look at it first?! |
Create tool for managing RPM package signing keysan invention by dheidler Project descriptionIIRC there was some article in tech news some year ago that criticized the way RPM keys are handled in the SUSE distribution. |
Predefined app security policy template for NeuVectoran idea by feih Project DescriptionIdea is to predefine a set of security policies for popular container applications just for example MySQL, Nginx etc..., with these predefined security policies, users can just download unpack it to use. No need to worry too much about detailed security settings/configurations for this application container. The policies could be any policies that Kubernetes supported and/or NeuVector supported. |
Port NeuVector zero-trust security functions to host/VMan idea by feih Project DescriptionToday, NeuVector only support container environment. It does a lot of security functions and many of those are actually not limited to only protect containers technically. Sometimes, we are seeing requests/asks about providing similar functions to protect servers & VMs. So, it is technically possible. Some of the zero-trust security protections are still pretty unique if we port it over to host/VM side. Welcome if you are interested to help and give it a try! |