Skip to content

Introduction

Introduction to Frameworks How to Navigate the Website Overview of each Framework

Frameworks

Community Management

Overview Discord Twitter Telegram Google

Awareness

Overview Core Awareness Principles Understanding Threat Vectors Cultivating a Security-Aware Mindset Staying Informed & Continuous Learning Resources & Further Reading

Operational Security

OpSec Core Concepts

Security Fundamentals Implementation Process Web3 considerations

Threat Modeling Overview Risk Management Overview

While Traveling

Overview Guide TL;DR

Governance & Program Management Control Domains Lifecycle Monitoring & Detection Incident Response & Recovery Continuous Improvement & Metrics Integration & Mapping to Other Frameworks Appendices

Wallet Security

Overview Custodial vs Non-Custodial Cold vs Hot Wallet Wallets For Beginners & Small Balances Wallets For Intermediates & Medium Funds Multisig Wallets For Advanced Users & High Funds Account Abstraction Wallets

Signing & Verification

Overview Verifying Standard Transactions (EOA)Multisig Signing Process Using EIP-7702

Private Key & Seed Phrase Management Tools & Resources

External Security Reviews

Smart Contract Audits

Overview Manual Review Expectations Preparation Guide Vendor Selection

Security Policies and Procedures

Vulnerability Disclosure

Overview Security Contact Bug Bounties

Infrastructure

Overview Asset Inventory Cloud Infrastructure DDoS Protection DNS and Domain Registration Identity and Access Management Network Security Operating System Security Zero-Trust Principles

Monitoring

Overview Guidelines Thresholds

Front-End/Web Application

Overview Web Application Security Mobile Application Security Common Vulnerabilities Security Tools and Resources

Incident Management

Overview Communication Strategies Incident Detection and Response Lessons Learned SEAL 911 War Room Guidelines Decentralized Incident Response Framework (DeIRF)

Playbooks

Overview Malware Infection North Korea (DPRK) Attack Wallet Drainer Attack ELUSIVE COMET Attack SEAL 911 War Room Guidelines Decentralized Incident Response Framework (DeIRF)

Threat Modeling

Overview Create and Maintain Threat Models Identity Mitigate Threats

DPRK IT Workers

Overview General Information Techniques, Tactics and Procedures Mitigating DPRK IT Workers Case Studies Summary

Governance

Overview Compliance with Regulatory Requirements Risk Management Security Metrics and KPIs

DevSecOps

Overview Code Signing Continuous Integration and Deployment Integrated Development Environments Repository Hardening Security Testing

Privacy

Overview Secure Browsing Data Removal Services Digital Footprint Encrypted Communication Tools Financial Privacy Services Privacy-Focused Operating Systems and Tools VPN Services

Supply Chain

Overview Dependency Awareness Supply Chain Levels for Software Artifacts

Security Automation

Overview Threat Detection and Response Compliance Checks Infrastructure as Code

Identity and Access Management IAM

Overview Role-Based Access Control Secure Authentication Access Management Best Practices

Secure Software Development

Overview Secure Coding Standards Guidelines Code Reviews and Peer Audits Secure Code Repositories and Version Control Threat Modeling and Secure Design Principles

Security Testing

Overview Unit Testing Integration Testing Fuzz Testing Static Analysis Formal Verification Mutation Testing

ENS

Overview Data Integrity & Verification Cross-Chain Compatibility Smart Contract Integration Interface Compliance Name Handling & Normalization

Safe Harbor

Overview Safe Harbor Eligibility Checklist Self-Adoption Guide Safe Harbor Scope Terms On-Chain Adoption Guide Whitehat

Encryption

Overview Cloud Data Encryption Communication Encryption Database Encryption Email Encryption Encryption in Transit File Encryption Full Disk Encryption Hardware Encryption Partition Encryption Volume Encryption

About this

What It Is What It Isn't

Contributing

Overview Spotlight Zone Stewardship

Iam

Note: This page is auto-generated. Please use the sidebar to explore the docs instead of navigating directory paths directly.

Pages

Access Management
Identity and Access Management
Role Based Access Control
Secure Authentication

Suggest changes to this page