VARIOUS SECURITY SITES
CIRT.net - Suspicion Breeds Confidence
Insecure.org - The home of nmap
SANS Top 20
CGISecurity.com
NSA Security Configuration Guides
Computer Security Resource Center - NIST
TaoSecurity - The Way of Digital Security - Richard Bejtlich's site, approach and publications
CERIAS - Center for Education and Research in Information Assurance and Security
ISSA.org - Information Systems Security Association
stopBADware.org - Regaining Control of Our Computers
Noticebored - Security awareness for governance, risk, compliance and business
Ross Anderson's Economics and Security Resource Page
ADVISORIES & VULNERABILITIES
FrSIRT
National Vulnerability Database
oCERT
OSVDB
Secunia
SecWatch
US-CERT BLOGSTaoSecurity - Richard Bejtlich's blog
When {Puffy} Meets ^RedDevil^ - geek00l's blog, HeX Live CD coverage
Infosec Potpourri - Network Security Monitoring (NSM) & general InfoSec commentary
The Breach Blog
Sunbelt Blog
TrendLabs Malware Blog
Jeremiah Grossman
Skeptikal.org mckt
Digital Soapbox Rafal Los
Zero Day Nate, Ryan, and Dancho WEB APPLICATION SECURITY
OWASP - The Open Web Application Security Project
WASC - Web Application Security Consortium
</xssed> - XSS attacks information
Planet-Websecurity.org NW SECURITY SITES & ORGS Washington State High Technology Crimes Investigation Association
ISSA Puget Sound
ISSA Portland
Northwest Warning, Alert, and Response Network
SCANNING & VULNERABILITY ASSESSMENT TOOLS nmap
Nikto - Web scanner
Nessus - Vulnerability scanner
Metasploit - Framework for penetration testing, IDS signature development, and exploit research.
SEARCH ENGINE SECURITY AUDITING
The "Google Hack" Honeypot
GHDB
STANDARDS & COMPLIANCE
ISO 27001 Security - dedicated to promoting the latest international standards for Information Security Management Systems, the ISO/IEC 27000 ("ISO27k") series.
International ISO 27001 and ISO 27002 (ISO 17799) Community Forum - an interactive resource, designed to enable the free exchange of related ISO information.
The ISO 27000 Directory - An Introduction to ISO 27001, ISO 27002....ISO 27008
CIS Benchmarks - security benchmarks based on recognized best practices for deployment, configuration, and operation of networked systems.
POLICYSANS Security Policy Project
Yale University Appropriate Use Policy
University of Florida Acceptable Use Policy IDS, FW, & VPN SOLUTIONS IPCop - Smoothwall on steroids
Sguil - A true analyst's IDS console
Aanval - Browser based IDS console with numerous features
SSL-Explorer - Browser-based open source SSL VPN
Snort - The de facto standard for intrusion detection/prevention
Emerging Threats - Emerging Threats is a community-based grant-funded security research project focused on network and electronic security related intelligence gathering, analysis, research and resulting data distribution. OPEN SOURCE PROTECTIVE MEASURES
Clam Win - Free antivirus for Windows
OSSEC HIDS - Open source Host-based intrusion detection system RISK MANAGEMENT & ASSESSMENT
SOMAP - Security Officers Management & Analysis Project
PTA - Practical Threat Analysis RECOMMENDED READING
The Tao of Network Security Monitoring - Richard Bejtlich
Extrusion Detection: Security Monitoring for Internal Intrusions - Richard Bejtlich
Hackers Beware: The Ultimate Guide to Network Security - Eric Cole
Gray Hat Hacking : The Ethical Hacker's Handbook
Google Hacking for Penetration Testers - Johnny Long
Sys Admin - the journal for UNIX and Linux systems adminstrators
Security Data Visualization - Greg Conti SECURITY ORIENTED DISTROS
HeX-liveCD
Knoppix-NSM "Network Security Monitoring, helping secure your network"
Helix
BackTrack
|
