Advertisement
Computer Audit FAQ - Good introductory information from IsecT Ltd. on 'Computer Audit', which refers to the analysis of computer systems and networks by examining the effectiveness of their technical and procedural controls (information security control systems) to minimise risks. Also has links to other resources, and some articles such as 'Strategic Approach to Information Security Management'
SANS Top 20 List - List and descriptions of top Windows and UNIX internet security vulnerabilities, along with links to other resources.
CVE - Searchable, downloadable, and on-the-web 'Common Vulnerabilities and Exposures' list hosted by Mitre Corp. CVE goal is to standardize the names for all publicly known vulnerabilities and security exposures, so that security information can be efficiently shared and handled. Many security test tools are utilizing or planning on utilizing this standardized naming/numbering system.
IBM DeveloperWorks Security Zone - Software Security-related articles, resources, and tutorials from IBM's developerWorks web site.
W3 Security Resources - Large collection of information and resources on web security, including an FAQ, hosted by the W3C Consortium (the folks who set web standards/protocols, etc.)
Microsoft Security Advisor - Microsoft's web site for discussion of security issues for MS products, including their web server products.
NIAP website - The National Information Assurance Partnership web site - partners are US govt. agencies NIST and NSA. Includes sections for 'Security Testing', 'Tools and Techniques', 'Automated Testing', info re international IT security standard ISO/IEC 15408, the 'Common Criteria for Information Technology Security Evaluation' and the associated 'Common Evaluation Methodology'.
SANS website - Web site of SANS (System Administration, Networking, and Security Institute), a cooperative research and education organization through which more than 96,000 sysadmins, security professionals, and network administrators share lessons learned and solutions.
Security Focus.Com - Site for news, forums, resources, vulnerability info, conference info, tools, etc. related to computer security including web and internet security issues. Search vulnerability database by keywords, date, vendor, version, etc.
COAST Security Archive - Purdue University's computer security site; includes extensive collection of links organized by subject to security tools, info resources, etc. Tools list of more than 100 security tools includes many test tools such as CRACK, COPS, IPSend, Tiger, Secure Sun, etc.; all tools listed are available for download from the COAST site.
Computer Emergency Response Team site - CERT's internet security web site; includes web server security information; hosted by the Software Engineering Institute at Carnegie Mellon University.
See Source for URLS mentioned above:
www.softwareqatest.com/qatlnk...ECURITY
SANS Top 20 List - List and descriptions of top Windows and UNIX internet security vulnerabilities, along with links to other resources.
CVE - Searchable, downloadable, and on-the-web 'Common Vulnerabilities and Exposures' list hosted by Mitre Corp. CVE goal is to standardize the names for all publicly known vulnerabilities and security exposures, so that security information can be efficiently shared and handled. Many security test tools are utilizing or planning on utilizing this standardized naming/numbering system.
IBM DeveloperWorks Security Zone - Software Security-related articles, resources, and tutorials from IBM's developerWorks web site.
W3 Security Resources - Large collection of information and resources on web security, including an FAQ, hosted by the W3C Consortium (the folks who set web standards/protocols, etc.)
Microsoft Security Advisor - Microsoft's web site for discussion of security issues for MS products, including their web server products.
NIAP website - The National Information Assurance Partnership web site - partners are US govt. agencies NIST and NSA. Includes sections for 'Security Testing', 'Tools and Techniques', 'Automated Testing', info re international IT security standard ISO/IEC 15408, the 'Common Criteria for Information Technology Security Evaluation' and the associated 'Common Evaluation Methodology'.
SANS website - Web site of SANS (System Administration, Networking, and Security Institute), a cooperative research and education organization through which more than 96,000 sysadmins, security professionals, and network administrators share lessons learned and solutions.
Security Focus.Com - Site for news, forums, resources, vulnerability info, conference info, tools, etc. related to computer security including web and internet security issues. Search vulnerability database by keywords, date, vendor, version, etc.
COAST Security Archive - Purdue University's computer security site; includes extensive collection of links organized by subject to security tools, info resources, etc. Tools list of more than 100 security tools includes many test tools such as CRACK, COPS, IPSend, Tiger, Secure Sun, etc.; all tools listed are available for download from the COAST site.
Computer Emergency Response Team site - CERT's internet security web site; includes web server security information; hosted by the Software Engineering Institute at Carnegie Mellon University.
See Source for URLS mentioned above:
www.softwareqatest.com/qatlnk...ECURITY
posted by:
|
Advertisement
Advertisement
