cleanups

foomo/docs/security/index.md

@@ -0,0 +1,19 @@
+---
+id: index
+sidebar_position: 0
+---
+
+# Security
+
+Secure software development is a practice that integrates security considerations into every phase of the software development lifecycle (SDLC). The goal is to build resilient and robust software that can withstand attacks, protect user data, and maintain the integrity of the systems it runs on. This involves a shift from a reactive "patch-on-breach" model to a proactive, "secure-by-design" approach. By thinking about potential threats and building defenses from the very beginning, we can reduce vulnerabilities, mitigate risks, and create more trustworthy products. This guide provides an overview of various security domains, from organizational policies to specific hardening techniques for different platforms and technologies.
+
+## Table of Contents
+
+- [Containers](./containers.md) - Best practices for securing Docker containers, covering the entire lifecycle from building hardened, minimal images to securing the runtime environment and managing data safely.
+- [Kubernetes](./kubernetes.md) - A comprehensive guide to Kubernetes security, detailing how to secure control plane components, implement network policies, harden workloads with admission controllers, and manage secrets and data.
+- [Linux](./linux.md) - A baseline for hardening Linux systems, focusing on user and access management, automated patching, filesystem encryption, network security with host-based firewalls, and logging.
+- [macOS](./macos.md) - Actionable guidance for securing corporate Macs by leveraging native platform features like FileVault, Gatekeeper, and System Integrity Protection, enforced through a Mobile Device Management (MDM) solution.
+- [Organization](./organization.md) - Outlines a holistic security program, defining core pillars like Identity and Access Management (IAM), Application Security (AppSec), and Incident Response, with maturity milestones and checklists for governance.
+- [Pentests](./pentests.md) - A pragmatic guide to penetration testing methodology, covering planning, reconnaissance, exploitation, and reporting for web applications, APIs, and networks, aligned with OWASP standards.
+- [Web Development](./web-development.md) - Engineering-focused best practices for building secure web applications, covering the secure SDLC, defense-in-depth principles, and specific controls for mitigating common vulnerabilities like XSS, SQLi, and CSRF.
+- [Windows](./windows.md) - A high-level guide to hardening Windows security, centered on applying comprehensive security templates and scripts to reduce the attack surface, enforce strong policies, and leverage built-in controls like Defender and BitLocker.

foomo/docs/security/operating-system.md

@@ -1,15 +0,0 @@
----
-title: Operating System Security
-slug: /security/operating-system
-authors: [philipp]
----
-
-# Operating System Security
-
-This section provides detailed security hardening guides for various operating systems. Choose an operating system below to view the recommended security baseline and configuration practices.
-
-- [macOS Security](./macos.md)
-- [Linux Security](./linux.md)
-- [Windows Security](./windows.md)
-
-

foomo/docs/security/organization.md

@@ -1,5 +1,5 @@
 ---
-title: Organizational Security Operations
+title: Organizational Security
 slug: /security/organization
 authors: [philipp]
 ---

foomo/docs/security/pentests.md

@@ -6,7 +6,7 @@ authors: [philipp]
 
 ## Pentesting: summary and checklists
 
-This document summarizes a pragmatic, end‑to‑end penetration testing approach and provides ready‑to‑use checklists. It is aligned with the [OWASP Web Security Testing Guide (WSTG v4.2)](https://owasp.org/www-project-web-security-testing-guide/), common [OSCP](https://www.offsec.com/certifications/pen200-oscpexam/) methodology, and practical guidance from the included PDFs. Use the checklists to plan, execute, evidence, and report engagements consistently.
+This document summarizes a pragmatic, end‑to‑end penetration testing approach and provides ready‑to‑use checklists. It is aligned with the [OWASP Web Security Testing Guide (WSTG v4.2)](https://owasp.org/www-project-web-security-testing-guide/) and common [OSCP](https://www.offsec.com/certifications/pen200-oscpexam/) methodology. Use the checklists to plan, execute, evidence, and report engagements consistently.
 
 ## How to use this document
 
@@ -200,18 +200,6 @@ The report is the primary deliverable of the engagement and must be clear, actio
 
 ## Sources
 
-Repository documents referenced:
-
-- `Security/pentests/wstg-v4.2.pdf` (OWASP Web Security Testing Guide v4.2)
-- `Security/pentests/OSCP_Notes_1651671402.pdf` (OSCP methodology notes)
-- `Security/pentests/SySS_PenTest_Paper_Deutsch.pdf`
-- `Security/org/Security_Operations_Concept.pdf`
-- `Security/org/The Hacker’s Guide to Securing Your Organization_V2.pdf`
-- `Security/os security/apple-platform-security-guide.pdf`
-- `Security/os security/macOS-Security-and-Privacy-Guide.pdf`
-
-Canonical references:
-
 - OWASP WSTG v4.2: [https://owasp.org/www-project-web-security-testing-guide/]
 - OWASP API Security Top‑10: [https://owasp.org/API-Security/]
 - CVSS v3.1: [https://www.first.org/cvss/]

foomo/docs/security/web-development.md

@@ -1,5 +1,5 @@
 ---
-title: Secure Web Application Development
+title: Web Application Development
 slug: /security/web-development
 authors: [philipp]
 ---

foomo/docusaurus.config.js

@@ -98,6 +98,12 @@ const config = {
             position: 'left',
             label: 'Projects',
           },
+          {
+            type: 'doc',
+            docId: 'security/index',
+            position: 'left',
+            label: 'Security',
+          },
           {to: '/blog', label: 'Blog', position: 'right'},
           // {
           //   href: 'https://github.com/facebook/docusaurus',