Security Tools & Checklists
Table of Contents
Quick Answer
This hub separates real interactive security tools from checklist resources. Use the password entropy calculator when you need a browser-based tool, and use the security checklists when you need structured review steps for AI, web security, and phishing awareness.
Interactive Tools
Interactive tools calculate, estimate, or check something directly in the browser. Current tool availability is intentionally limited so each tool can remain useful and safe.
Security Checklists
Checklist pages are practical review aids. They do not scan your website, inspect your email, or collect user input.
LLM Security Checklist Review prompt, RAG, tool, privacy, output, monitoring, and human-approval controls for LLM applications. Security Headers Checklist Check important browser security headers such as CSP, HSTS, X-Frame-Options, Referrer-Policy, and Permissions-Policy. OWASP Top 10 Checklist Use a practical beginner-friendly checklist for reviewing common web application security risks. Phishing Email Checklist Review sender, links, attachments, urgency, branding, and request patterns before trusting suspicious emails.
How to Use These Resources Safely
- Use checklists for defensive review, learning, and authorized work only.
- Do not test third-party systems, websites, accounts, or emails without permission.
- Treat checklist results as a starting point, not a replacement for professional security assessment.
- Use the Responsible Cybersecurity Use policy when deciding whether a practice is appropriate.
Recommended Learning Paths
| Goal | Start with | Then use |
|---|---|---|
| Review an LLM app | AI Security, LLM Security, and AI Agent Security | LLM Security Checklist |
| Review a web app | Web Security Basics, XSS, and SQL Injection | OWASP Top 10 Checklist |
| Improve browser-side hardening | Clickjacking and XSS | Security Headers Checklist |
| Review suspicious email | Phishing and Email Spoofing | Phishing Email Checklist |
FAQs
An interactive tool calculates, checks, or estimates something directly. A checklist is a structured review resource that helps you verify controls, risks, or awareness steps.
Yes. The password entropy calculator is an interactive browser-based tool. Checklist pages are separate reference resources and do not scan user systems.
No. The checklist pages are educational review aids. They do not collect URLs, scan websites, analyze emails, or submit data to Insecure Lab.
Students, developers, security learners, website owners, and teams can use them for safe learning, awareness, and defensive review.
Sources and further reading
- NIST Cybersecurity Framework 2.0 — General cybersecurity risk management and improvement context
- OWASP Cheat Sheet Series — Practical secure development checklists and defensive guidance
- CISA Cybersecurity Best Practices — Defensive cyber hygiene and awareness practices