|
Information on Security
-
Category: Computer security
From Wikipedia, the free encyclopedia.
-
CSRC - Computer Security Resource Center, NIST
National Institute of Standards and Technology (NIST), USA.
-
National Information Assurance (IA) Glossary (PDF)
Unclassified glossary of information security terms published by the United States federal government,
intended to provide a common vocabulary for discussing Information Assurance concepts.
This instruction applies to all U.S. Government Departments, Agencies, Bureaus and Offices;
supporting contractors and agents; that collect, generate process, store, display, transmit
or receive classified or sensitive information or that operate, use, or connect to National
Security Systems (NSS).
-
Global state of information security survey
A worldwide survey by CIO Magazine, CSO Magazine and PwC (PricewaterhouseCoopers).
GSISS 2010 report (PDF).
-
Global Information Security Survey (GISS)
Ernest & Young - EY.
Realizada pela Ernst & Young com executivos mais de mil empresas, �rg�os
governamentais e entidades sem fins lucrativos em mais de 50 pa�ses, anualmente desde 1998.
-
The World Wide Web Security FAQ
At W3C, by Lincoln D. Stein & John N. Stewart. (Formerly at www-genome.wi.mit.edu).
-
Godzilla crypto tutorial
By Peter Gutmann.
This page contains security-related resources and information.
-
Tom Dunigan's Security page
Security pointers: PGP, one-time passwords, kerberos, Crypto API's,
random numbers, secure applications, people and papers, education,
vendors, govt projects, intrusion detection, vulnerabilities,
Java and WWW, UNIX security, NT security, other.
-
Kurt Seifried Information Security
By Kurt Seifried.
Security Topics: Advisories, Anti Virus, Articles, Authentication, Books,
Cryptography, Firewalls, Policy, Product reviews, Social, Technical.
Linux Administrator's Security
Guide,
Basic Crypto Book.
-
A Sysadmin's Security Basics
By Mike DeGraw-Bertsch, October 2001.
O'Reilly Network: Linux DevCenter.
-
CriptoRed [In Spanish]
CriptoRed - Red Tematica Iberoamericana de Criptografia y Seguridad
de la Informacion. Universidad Politécnica de Madrid (UPM), España.
Temas relacionados con la Docencia:
Theory guides and articles,
Electronic books for download and
Bibliography,
about cryptography and information security.
Libro Electr�nico de Seguridad Inform�tica y Criptograf�a,
Versi�n 4.1, 2006-03-01, prof. Dr. Jorge Ramir� Aguirre,
Seguridad Informática, Universidad Politécnica de Madrid (UPM), España.
-
Church of the Swimming Elephant (COTSE)
Reference portal for security professionals, including News,
Online tools, Documentation Reference, Downloads and other resources.
-
Practical UNIX Security
Presentation by Jeff Thompson & Joe Gross, Feb 13, 1997.
-
Wireless LAN Security Site
The Unofficial 802.11 Security Web Page. This page tries to gather
relevant papers and standards in a single place. By Bernard Aboba.
-
Infosec Writers
A major objective of the Info Security Writers is seeking the security
enthusiasts who write. Most of the site's content is generated by these
people willing to share their knowledge and experiences on the various
aspects of security/hacking via original white papers, articles and
projects.
-
Directory: Security
Many well-organized links, on Security, Encryption, and Virus, by Rajiv Shah.
Social Issues in the Design of Computing Technologies: Security.
Software and Application Security
-
Open Web Application Security Project (OWASP)
OWASP is an international open community dedicated to improving the security of
application software, enabling organizations to conceive, develop, acquire,
operate, and maintain applications that can be trusted.
OWASP mission is to make application security visible, so that people and
organizations can make informed decisions about true application security risks.
OWASP Foundation was established on early 2000' as a not-for-profit charitable
organization to ensure the ongoing availability and support for OWASP around the world.
All tools, documentation, forums and chapters created and produced by OWASP are free,
open, and unbiased.
OWASP Projects
provide tools and documents in three categories: Protect, Detect, and Life Cycle.
- OWASP Tools - Protect:
AntiSamy Java,
AntiSamy .NET,
Enterprise Security API (ESAPI)
- OWASP Tools - Detect:
JBroFuzz,
Live CD,
WebScarab,
Zed Attack Proxy
- OWASP Documents - Protect:
Development Guide,
Ruby on Rails Security Guide,
Secure Coding Practices - Quick Reference Guide
- OWASP Documents - Detect:
Application Security Verification Standard (ASVS),
Code Review Guide,
Testing Guide,
OWASP Top Ten
- OWASP Documents - Life Cycle:
AppSec FAQ Project
- OWASP Downloads
- OWASP Reference: How To's and Cheat Sheets
-
OWASP Software Assurance Maturity Model (SAMM)
-
Comprehensive, Lightweight Application Security Process (CLASP)
-
Web Application Security Consortium (WASC)
-
Build Security In (BSI)
"Setting a higer standard for software assurance". Best practices, Knowledge, Tools, Resources.
By US Department of Homeland Security.
Build Security In is a collaborative effort that provides practices, tools, guidelines,
rules, principles, and other resources that software developers, architects, and security
practitioners can use to build security into software in every phase of its development.
Key Practices for Mitigating the Most Egregious Exploitable Software Weaknesses (PDF).
Coding Practices Articles.
-
CWE - Common Weakness Enumeration
A Community-Developed Dictionary of Software Weakness Types. By MITRE.
MITRE Cybersecurity.
2011 CWE/SANS Top 25 Most Dangerous Software Errors.
Also as
CWE/SANS TOP 25 Most Dangerous Software Errors.
-
SAMATE - Software Assurance Metrics And Tool Evaluation
By NIST - National Institute of Standards and Technology.
-
CERT - Secure Coding
By Software Engineering Institute, Carnegie Mellon University.
CERT Secure Coding.
SEI: Coding Practices, by Daniel Plakosh and Robert C. Seacord,
Carnegie Mellon University, published: 2006-01-04, Last revised: 2013-05-14,
available at Building Security In.
Security Information and News
- Security Focus
Security News, Infocus security columns, Security Calendar, Vulnerabilities,
Advisories, Tools, Forums, Links, Vendor services and products.
Topics: Basics, Microsoft, UNIX, IDS (Intrusion Detection), Incidents, Virus.
Vulnerabilities Archive
(by vendor, title, keyword, BugTraq id, CVE id).
Home of BugTraq list and other security related forums/mailing lists:
auditing, certification, cryptography, firewalls, hacking, intrusion detection,
law, micellaneous, news, privacy, products, projects, trusted OS,
viruses, VPN, vulnerabilities, web.
- Cipher
Cipher: The Newsletter of the IEEE Computer Society TCSP.
By IEEE Technical Committee on
Security and Privacy (TCSP), IEEE Computer Society.
Cipher Past Issues Archive.
Cipher Book Reviews.
-
Internet/Network Security - About.com
About.com Guide by Jim Williams.
-
Security Fix
Brian Krebs on Computer and Internet Security,
Washington Post Technology News.
-
InfoSec News (ISN)
ISN List Archives: starting 13 Mar 1998.
-
Linux Security
Linux Security - The Community's Center For Security.
News, Search, Features, Advisories, Documentation, Resources.
By Guardian Digital.
-
Linux Exposed
Articles, Resources Links, Books Archive, NewsGroup, Howto's.
-
Packet Storm
Packet Storm is a large and current security tools resource,
primarily a file repository for security tools and exploits.
It is a non-profit organization comprised of computer security experts
dedicated to providing the information necessary to secure the World's
networks, publishing new security information on a network of websites.
Forums, assessment, defense, papers, magazines, miscellaneous, links.
Mirror:
@ linuxsecurity.com.
-
secureroot.com - Computer Security Resource
By About Network Security.
-
Kill -HUP
A Unix and Information Security Community.
-
Computer Weekly: Resources: IT Security
By Computer Weekly - Technology.
-
The Information Security Glossary
By
Security Policy World.
- HispaSec [In Spanish]
Hispanic portal devoted to security information and news.
Sections on security: Internet, Hardware, Software, Cryptology, Virus,
Legislation, Events. In Spanish.
-
Bitpipe: Security: White Papers and Reports
White Papers, Webcasts, Case Studies, Analyst Reports, and Product Information
on Security.
Topics: Security,
Network Security, and much more.
-
Computer Security Now
"Computer Security News for the rest of us".
- Help Net Security (HNS)
-
Mailing list ARChives (MARC) - Information Security
Archive repository for dozens os forums related to
information security, among other topics.
- Hideaway.Net
PC Security: Library, Software, Links. Server Security: Advisories,
Books, Library. Anti-Virus: Anti-Virus Library and Articles,
Virus Scanning Software, Alerts, Links. Privacy: Software, Books,
Anonymous Web Browsing, Private E-mail. Auditing Services.
-
Kriptópolis [In Spanish]
Since 1996, independent information about Internet Security,
Cryptography and Cyber-rights.
Spanish translation of Bruce Schneier's column CryptoGram.
Bulletins, Articles, Announces, Forums, Interviews, Virus, Vulnerabilities.
S1M Quick Database: database of alerts, patches, vulnerabilities and
software updates, in collaboration with DeepZone. In Spanish.
-
The Search Directory: Information Security Search Engine
The Information Security & Computer Security Group of Portals.
-
WindowSecurity.com
Microsoft Windows security site: intrusion detection, anti-virus,
firewalls and more.
-
Macintosh Security Site
SecureMac.com is a site devoted to Apple Macintosh security and
Mac OS X Security.
Security Magazines
-
SC Magazine
A large circulation information security magazine.
Secure Computing Magazine
International Edition - West Coast Publishing.
-
SC Magazine Awards
Secure Computing Industry Awards.
By West Coast,
SC Magazine.
Reader Trust Awards: Anti-Virus Solution, Encryption Product,
General Security, Internet Security Product.
Academy Awards: Best Access Control, Anti-Virus Solution,
Biometric Solution, Communication Security, Content Security,
e-Business Security, Encryption Solution, Firewall, General Security,
Intrusion Solution, Network Security, Security Management,
Security Service.
Judges Awards: New Security Product, Security Article,
Security Idea or Practice, Lifetime Achievement Award.
Principal Awards: Security Hardware, Security Software.
-
CSO
CSO provides news, analysis and research on security and risk management.
Business Continuity, Data Protection, Identity and Access, Physical Security,
Security Leadership. How-Tos, Features, News, Blogs, Resources, Newsletters.
-
TechTarget SearchSecurity
Information Security Wire Digest e-mail newsletter.
-
;login: - The Magazine of USENIX & SAGE
By
USENIX - The Advanced Computing Systems Association /
LISA Special Interest Group for Sysadmins
-
SAGE - The System Administrators Guild.
-
Dr.Dobbs's Security
Formerly Sys Admin Magazine, the journal for UNIX systems administrators.
Archives, Downloads, Solaris Corner, LINUX Rookery, Tool Showcase,
Q&A, Resources, Newsletters.
-
Windows IT Pro
Independent, technical security information for Windows IT professionals.
Formerly Security Administrator and WindowsITSecurity.com.
By Windows 2000 Magazine Network.
|