This is particularly useful when you need to get familiar with a complex VPC setup by someone else, or when you want to review the results of an automated setup.
htrace.sh is a handy command-line tool for HTTP/HTTPS troubleshooting and profiling. It also integrates with a number of other security tools, like nmap, SSL Labs, subfinder, etc.
The cool bit about their documentation is that it covers both how to avoid the issues and how to solve them if they happened.
Fedora Magazine runs a handy article for anyone using work/corporate VPNs from a home computer – “Using the NetworkManager’s DNSMasq plugin“. This is also not the only use for the DNSMasq plugin. It comes in useful when you work local cluster setups for development or testing. Furthermore, pretty much any setup where you need to route DNS queries to different servers, this can either be used out of the box, or provide good ideas as to how to solve the problem.
“Intro to basic web application security” is an excellent overview of the most common mistakes web developers make when it comes to security. The article provides practical examples (including code snippets and screenshots), which illustrate the problems and ways to solve them. The list includes:
- SQL injection (of course! no such guide would be complete without it)
- Cross-site scripting (XSS)
- Cross-site Request Forgery (CSRF/XSRF)
- Local file inclusion (LFI)
- Insufficient password hashing
- Man in the middle (MITM)
- Command injection
- XML external entity (XXE)
- Sensitive data exposure (including error messages and exceptions)
- Login rate limits
- and a variety of other, small, but potentially dangerous issues.