Security

Pentest

Damn Vulnerable Web Application (DVWA) : PHP/MySQL
Practice some of the most common web vulnerability, with various difficultly levels, with a simple straightforward interface
Kali Linux : OS
Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing

Safeguard

Network

nftables : C : firewall
Administration tool for packet filtering and classification
OpenSSH : C : secure services

Free SSH protocol suite providing encryption for network services like remote login or remote file transfers

OpenVPN : C : secure tunnel
Full-featured open source SSL VPN solution that accommodates a wide range of configurations
sshguard : C : brute-force protection
Aggregates system logs and blocks repeat offenders using one of several firewall backends
WireGuard : C : secure tunnel
Extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography

Virtualization

Sandboxes

bubblewrap : C
Privileged helper for container setup. You are unlikely to use it directly from the commandline, although that is possible
Firejail : C
SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces, seccomp-bpf and Linux capabilities

Containers

Docker : Go : application container
Run applications securely isolated in a container, packaged with all its dependencies and libraries
LXC : C : system container
Offers an environment as close as possible to the one you’d get from a VM but without the overhead that comes with running a separate kernel and simulating all the hardware

Web

Content Security Policy (CSP) : HTTP header

Mechanism by which web developers can control the resources which a particular page can fetch or execute, as well as a number of security-relevant policy decisions

Further reading

  • OWASP - Free and open software security community