Security Entities and Centers

Vulnerability Databases

  • Common Vulnerabilities and Exposures (CVE)
    Common Vulnerabilities and Exposures (CVE) is a list or dictionary that provides standardized common names for vulnerabilities and other information security exposures. CVE aims to standardize the names of all publicly known vulnerabilities and security exposures, making it easier to share data across separate network security databases and tools that are CVE-compatible. CVE also provides a baseline for evaluating the coverage of an organization's security tools. CVE content is determined by the CVE Editorial Board, composed of experts from the international information security community. The MITRE Corporation maintains CVE and manages the Editorial Board.
  • National Vulnerability Database (NVD)
    National Institute of Standards and Technology (NIST), sponsored by DHS National Cyber Security Division/US-CERT.
    NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.
  • CVE Details
    cvedetails.com provides an easy to use web interface to CVE vulnerability data. You can browse for vendors, products and versions and view cve entries, vulnerabilities, related to them. You can view statistics about vendors, products and versions of products. CVE details are displayed in a single, easy to use page. CVE vulnerability data are taken from National Vulnerability Database (NVD) xml feeds provided by National Institue of Standards and Technology.
  • Secunia Advisories
    By Secunia Computer Security - Software and Alerts.
    Secunia monitors vulnerabilities in more than 4000 products, including: operating systems, browsers, IMs, anti-virus, firewalls, routers, and much, much more.
    Secunia Blog, used to communicate their opinions about vulnerabilities, security, ethics, and their responses to articles, research papers, and other blog entries regarding Secunia and vulnerabilities.
    Secunia Vulnerability Review.
  • SecurityFocus - Vulnerabilities
    Vulnerabilities search by vendor or CVE.
  • Exploit Database (EDB)
    The Exploit Database is an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.
  • Open Sourced Vulnerability Database (OSVDB)
    OSVDB's goal is to provide accurate, detailed, current, and unbiased technical security information. The project currently covers almost 100000 vulnerabilities.


Security Information Centers from Vendors

Microsoft

Oracle

Mozilla & Netscape

Apache Software Foundation

Apache httpd

Apache Tomcat

Others



Information Systems Audit, Forensics and Control



Certification for Security Professionals

  • (ISC)2
    (ISC)2 - International Information Systems Security Certification Consortium.
    CISSP - Certified Information Systems Security Professional.
    SSCP - Systems Security Certified Practitioner.
    Official (ISC)² Textbooks - Guides to CISSP, ISSAP, ISSMP, CAP, CCFP, CSSLP, SSCP, HCISPP CBKs.
  • CompTIA Security+ Certification
    CompTIA Security+ is a vendor-neutral certification exam endorsed by many large companies worldwide as a reference of competency for foundation-level security practitioners. Domains of Security+ Objectives: General Security Concepts (30%), Communication Security (20%), Infrastructure Security (20%), Basics of Cryptography (15%), Operational/Organizational Security (15%).
  • ISECOM/OSSTMM Certification
    By Institute for Security and Open Methodologies (ISECOM).
    OOSTMM Professional Security Analyst (OPSA), Professional Security Tester (OPST), Professional Security Expert (OPSE), Wireless Security Expert (OWSE), Certified Trust Analyst (CTA), Security Awareness Instructor (SAI). Hacker Highschool Teacher (HSST).
  • cccure.org - The CISSP and SSCP Open Study Guides Web site
    By Clement and Nathalie. On this site you will find resources to help you prepare and study for the CISSP, SSCP, CAP, ISSEP, CISM, CISA, ISSPCS, SANS GIAC GCFW certifications. Study Guides, Tips, Links, Forums & mailing lists, Quizzes.
  • Cissp.com
    Web portal for certified information systems security professionals.
  • CISSPstudy -- The CISSP Study Mailing list
    By ccure.org.