VARIOUS SECURITY SITES
CIRT.net - Suspicion Breeds Confidence
Insecure.org - The home of nmap
SANS Top 20
CGISecurity.com
NSA Security Configuration Guides
Computer Security Resource Center - NIST
TaoSecurity - The Way of Digital Security - Richard Bejtlich's site, approach and publications
CERIAS - Center for Education and Research in Information Assurance and Security
ISSA.org - Information Systems Security Association
stopBADware.org - Regaining Control of Our Computers
Noticebored - Security awareness for governance, risk, compliance and business
Ross Anderson's Economics and Security Resource Page
SecurityPub - Discover and Share ADVISORIES & VULNERABILITIES
FrSIRT
National Vulnerability Database
oCERT
OSVDB
Secunia
SecWatch
US-CERT BLOGSTaoSecurity - Richard Bejtlich's blog
When {Puffy} Meets ^RedDevil^ - geek00l's blog, HeX Live CD coverage
Infosec Potpourri - Network Security Monitoring (NSM) & general InfoSec commentary
The Breach Blog
Sunbelt Blog
TrendLabs Malware Blog
Jeremiah Grossman
Skeptikal.org mckt
Digital Soapbox Rafal Los
Zero Day WEB APPLICATION SECURITY
OWASP - The Open Web Application Security Project
WASC - Web Application Security Consortium
</xssed> - XSS attacks information NW SECURITY SITES & ORGS Washington State High Technology Crimes Investigation Association
ISSA Puget Sound
ISSA Portland
Northwest Warning, Alert, and Response Network
SCANNING & VULNERABILITY ASSESSMENT TOOLS nmap
Nikto - Web scanner
Nessus - Vulnerability scanner
Metasploit - Framework for penetration testing, IDS signature development, and exploit research.
SEARCH ENGINE SECURITY AUDITING
The "Google Hack" Honeypot
GHDB
STANDARDS & COMPLIANCE
ISO 27001 Security - dedicated to promoting the latest international standards for Information Security Management Systems, the ISO/IEC 27000 ("ISO27k") series.
International ISO 27001 and ISO 27002 (ISO 17799) Community Forum - an interactive resource, designed to enable the free exchange of related ISO information.
The ISO 27000 Directory - An Introduction to ISO 27001, ISO 27002....ISO 27008
CIS Benchmarks - security benchmarks based on recognized best practices for deployment, configuration, and operation of networked systems.
Dejan Kosutic's blog.iso27001standard.com and www.iso27001standard.com - the Information Security & Business Continuity Academy, the largest online resource for ISO 27001 & BS 25999 implementation. POLICYSANS Security Policy Project
Yale University Appropriate Use Policy
University of Florida Acceptable Use Policy IDS, FW, & VPN SOLUTIONS IPCop - Smoothwall on steroids
Sguil - A true analyst's IDS console
Aanval - Browser based IDS console with numerous features
SSL-Explorer - Browser-based open source SSL VPN
Snort - The de facto standard for intrusion detection/prevention
Emerging Threats - Emerging Threats is a community-based grant-funded security research project focused on network and electronic security related intelligence gathering, analysis, research and resulting data distribution. OPEN SOURCE PROTECTIVE MEASURES
Clam Win - Free antivirus for Windows
OSSEC HIDS - Open source Host-based intrusion detection system RISK MANAGEMENT & ASSESSMENT
SOMAP - Security Officers Management & Analysis Project
PTA - Practical Threat Analysis
IT Infrastructure Threat Modeling Guide - a Microsoft Solutiuons Accelerator specific to infrastructure threat modeling guidance written by Russ McRee INSTRUCTIONALIrongeek - Infosec instructional video RECOMMENDED READING
The Tao of Network Security Monitoring - Richard Bejtlich
Extrusion Detection: Security Monitoring for Internal Intrusions - Richard Bejtlich
Hackers Beware: The Ultimate Guide to Network Security - Eric Cole
Gray Hat Hacking : The Ethical Hacker's Handbook
Google Hacking for Penetration Testers - Johnny Long
Sys Admin - the journal for UNIX and Linux systems adminstrators
Security Data Visualization - Greg Conti SECURITY ORIENTED DISTROS
HeX-liveCD
Knoppix-NSM "Network Security Monitoring, helping secure your network"
Helix
BackTrack
|
