Skip to content

Introduction

Introduction to Frameworks How to Navigate the Website Overview of each Framework

Frameworks

Community Management

Overview Discord Twitter Telegram Google

Awareness

Overview Core Awareness Principles Understanding Threat Vectors Cultivating a Security-Aware Mindset Staying Informed & Continuous Learning Resources & Further Reading

Operational Security

OpSec Core Concepts

Security Fundamentals Implementation Process Web3 considerations

Threat Modeling Overview Risk Management Overview

While Traveling

Overview Guide TL;DR

Governance & Program Management Control Domains Lifecycle Monitoring & Detection Incident Response & Recovery Continuous Improvement & Metrics Integration & Mapping to Other Frameworks Appendices

Wallet Security

Overview Custodial vs Non-Custodial Cold vs Hot Wallet Wallets For Beginners & Small Balances Wallets For Intermediates & Medium Funds Multisig Wallets For Advanced Users & High Funds Account Abstraction Wallets TEE-based Encumbered Wallets

Signing & Verification

Overview Verifying Standard Transactions (EOA)Multisig Signing Process Safe Multisig: Step-by-Step Verification Squads Multisig: Step-by-Step Verification Using EIP-7702

Seed Phrase Management Tools & Resources

Multisig for Protocols

Multisig Administration

Planning & Classification Setup & Configuration Registration & Documentation Communication Setup Use-Case Specific Requirements

For Signers

Joining a Multisig Emergency Procedures Backup Signing & Infrastructure Personal Security & OPSEC Incident Reporting Offboarding

Implementation Checklist

External Security Reviews

Smart Contract Audits

Overview Manual Review Expectations Preparation Guide Vendor Selection

Security Policies and Procedures

Vulnerability Disclosure

Overview Security Contact Bug Bounties

Infrastructure

Overview Asset Inventory Cloud Infrastructure DDoS Protection

Domain & DNS Security

Overview DNS Basics & Common Attacks DNSSEC, CAA, and Email Security Registrar Security & Registry Locks Monitoring, Alerts, and GitOps

Identity and Access Management Network Security Operating System Security Zero-Trust Principles

Monitoring

Overview Guidelines Thresholds

Front-End/Web Application

Overview Web Application Security Mobile Application Security Common Vulnerabilities Security Tools and Resources

Incident Management

Overview Communication Strategies Incident Detection and Response Lessons Learned

Playbooks

Overview Malware Infection North Korea (DPRK) Attack Wallet Drainer Attack ELUSIVE COMET Attack SEAL 911 War Room Guidelines Decentralized Incident Response Framework (DeIRF)

Threat Modeling

Overview Create and Maintain Threat Models Identity Mitigate Threats

DPRK IT Workers

Overview General Information Techniques, Tactics and Procedures Mitigating DPRK IT Workers Case Studies Summary

Governance

Overview Compliance with Regulatory Requirements Risk Management Security Metrics and KPIs

DevSecOps

Overview Code Signing Continuous Integration and Deployment Integrated Development Environments Repository Hardening Security Testing

Privacy

Overview Secure Browsing Data Removal Services Digital Footprint Encrypted Communication Tools Financial Privacy Services Privacy-Focused Operating Systems and Tools VPN Services

Supply Chain

Overview Dependency Awareness Supply Chain Levels for Software Artifacts

Security Automation

Overview Threat Detection and Response Compliance Checks Infrastructure as Code

Identity and Access Management IAM

Overview Role-Based Access Control Secure Authentication Access Management Best Practices

Secure Software Development

Overview Secure Coding Standards Guidelines Code Reviews and Peer Audits Secure Code Repositories and Version Control Threat Modeling and Secure Design Principles

Security Testing

Overview Unit Testing Integration Testing Fuzz Testing Static Analysis Formal Verification Mutation Testing

ENS

Overview Data Integrity & Verification Cross-Chain Compatibility Smart Contract Integration Interface Compliance Name Handling & Normalization

Safe Harbor

Overview Safe Harbor Eligibility Checklist Self-Adoption Guide Safe Harbor Scope Terms On-Chain Adoption Guide Whitehat

Encryption

Overview Cloud Data Encryption Communication Encryption Database Encryption Email Encryption Encryption in Transit File Encryption Full Disk Encryption Hardware Encryption Partition Encryption Volume Encryption

Treasury Operations

Overview Custodial Inventory & Controls Registration Documents Enhanced Controls for High-Risk Accounts Guide: Large Cryptocurrency Transfers

SEAL Certifications

Overview Certified Partners Certified Protocols

SEAL Certification Frameworks

Certification Guidelines Contributions

About this

What It Is What It Isn't

Contributing

Overview Spotlight Zone Stewardship

Opsec

Note: This page is auto-generated. Please use the sidebar to explore the docs instead of navigating directory paths directly.

Pages

Appendices
Continuous Improvement Metrics
Control Domains
Core Concepts
Governance
Governance Program Management
Improvement
Incident Response
Incident Response Recovery
Integration
Lifecycle
Monitoring
Monitoring Detection
Old
Operational Security
Principles
Risk Management
Risk Management Overview
Threat Modeling Overview
Travel

Suggest changes to this page