Hyperlink: Security: Information
Meta-Reference on Information Technology

Information on Security

• Category: Computer security
  From Wikipedia, the free encyclopedia.
• Open Web Application Security Project (OWASP)
  OWASP is an international open community dedicated to improving the security of application software, enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. OWASP mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP Foundation was established on early 2000' as a not-for-profit charitable organization to ensure the ongoing availability and support for OWASP around the world. All tools, documentation, forums and chapters created and produced by OWASP are free, open, and unbiased. OWASP Projects provide tools and documents in three categories: Protect, Detect, and Life Cycle.
  • OWASP Tools - Protect: AntiSamy Java, AntiSamy .NET, Enterprise Security API (ESAPI)
  • OWASP Tools - Detect: JBroFuzz, Live CD, WebScarab, Zed Attack Proxy
  • OWASP Documents - Protect: Development Guide, Ruby on Rails Security Guide, Secure Coding Practices - Quick Reference Guide
  • OWASP Documents - Detect: Application Security Verification Standard (ASVS), Code Review Guide, Testing Guide, OWASP Top Ten
  • OWASP Documents - Life Cycle: AppSec FAQ Project
  • OWASP Downloads
  • OWASP Reference: How To's and Cheat Sheets
  • OWASP Software Assurance Maturity Model (SAMM)
  • Comprehensive, Lightweight Application Security Process (CLASP)
• Web Application Security Consortium (WASC)
  
  • Threat Classification: descriptions of more than 50 threats e vulnerabilities.
  • Web Security Glossary
  • Web Application Security Scanner Evaluation Criteria (WASSEC)
• The World Wide Web Security FAQ
  At W3C, by Lincoln D. Stein & John N. Stewart. (Formerly at www-genome.wi.mit.edu).
• CERT - Computer Emergency Response Team
  Software Engineering Institute (SEI), Carnegie Mellon University.
  CERT® Coordination Center (CERT/CC), CERT/CC Blog.
  Software Assurance, Secure Systems, Organizational Security, Coordinating Response, Training, Historical Documents. Tech Tips, Annual Reports (1994-2003).
  
  • Before You Connect a New Computer to the Internet: guidance for users connecting a computer to the Internet for the first time.
  • Security Quality Requirements Engineering (SQUARE)
    Nine-step process to help organizations build security into the early stages of the production life cycle.
  • OCTAVE® - Operationally Critical Threat, Asset, and Vulnerability Evaluation
  • Home Network Security
    This document gives home users an overview of the security risks and countermeasures associated with Internet connectivity, especially in the context of always-on or broadband access services (such as cable modems and DSL).
    Home Network Security (mirror) at US-CERT.
• Ernest & Young - Global Information Security Survey
  Em Ernest & Young Terco - Análises - Pesquisas. Realizada pela Ernst & Young com executivos de 1,3 mil empresas, órgãos governamentais e entidades sem fins lucrativos em 55 países.
  13th annual global information security survey, 2010 - Borderless security [PDF], 12th annual global information security survey, 2010 - Outpacing change [PDF].
• Global state of information security survey
  A worldwide survey by CIO Magazine, CSO Magazine and PwC (PricewaterhouseCoopers).
  GSISS 2010 report (PDF).
• Godzilla crypto tutorial
  By Peter Gutmann. This page contains security-related resources and information.
• Tom Dunigan's Security page
  Security pointers: PGP, one-time passwords, kerberos, Crypto API's, random numbers, secure applications, people and papers, education, vendors, govt projects, intrusion detection, vulnerabilities, Java and WWW, UNIX security, NT security, other.
• Kurt Seifried Information Security
  By Kurt Seifried. Security Topics: Advisories, Anti Virus, Articles, Authentication, Books, Cryptography, Firewalls, Policy, Product reviews, Social, Technical.
  Linux Administrator's Security Guide, Basic Crypto Book.
• A Sysadmin's Security Basics
  By Mike DeGraw-Bertsch, October 2001. O'Reilly Network: Linux DevCenter.
• CriptoRed [In Spanish]
  CriptoRed - Red Tematica Iberoamericana de Criptografia y Seguridad de la Informacion. Universidad Politécnica de Madrid (UPM), España.
  Temas relacionados con la Docencia: Theory guides and articles, Electronic books for download and Bibliography, about cryptography and information security.
  Diapositives of "Computer Security Course (Spanish)" (687 slides PowerPoint), Fev/2002, prof. Dr. Jorge Ramiró Aguirre, Seguridad Informática, Universidad Politécnica de Madrid (UPM), España.
• Internet Security Alliance (ISA)
  Despite the very real threats present, ISA provides members with a single portal for up to-the-minute threat reports, best security practices, risk management strategies, and more, which will give them the edge in the competitive and volatile environment of the Internet.
  Working Groups, Conferences, News, Resources.
• Securing Internet Information Servers
  By the Members of the CIAC Team, December 1994 (Revised August 2000).
• Church of the Swimming Elephant (COTSE)
  Reference portal for security professionals, including News, Online tools, Documentation Reference, Downloads and other resources.
• Dutch Security Information Network - DSINet.org
  Archive, Backend, Forum / Messageboard, Hyperlinks, RFCs, Text files, Tools / Downloads.
• Practical UNIX Security
  Presentation by Jeff Thompson & Joe Gross, Feb 13, 1997.
• Wireless LAN Security Site
  The Unofficial 802.11 Security Web Page. This page tries to gather relevant papers and standards in a single place. By Bernard Aboba.
• Infosec Writers
  A major objective of the Info Security Writers is seeking the security enthusiasts who write. Most of the site's content is generated by these people willing to share their knowledge and experiences on the various aspects of security/hacking via original white papers, articles and projects.
• Directory: Security
  Many well-organized links, on Security, Encryption, and Virus, by Rajiv Shah. Social Issues in the Design of Computing Technologies: Security.

Security Information and News

• Security Focus
  Security News, Infocus security columns, Security Calendar, Vulnerabilities, Advisories, Tools, Forums, Links, Vendor services and products.
  Topics: Basics, Microsoft, UNIX, IDS (Intrusion Detection), Incidents, Virus.
  Vulnerabilities Archive (by vendor, title, keyword, BugTraq id, CVE id).
  Home of BugTraq list and other security related forums/mailing lists: auditing, certification, cryptography, firewalls, hacking, intrusion detection, law, micellaneous, news, privacy, products, projects, trusted OS, viruses, VPN, vulnerabilities, web.
• Módulo - Brazil
  Brazilian pioneer company specialized in information security. Modulo site is a information security portal, with articles, news and lots of related information, in portuguese.
• Cipher
  Cipher: The Newsletter of the IEEE Computer Society TCSP. By IEEE Technical Committee on Security and Privacy (TCSP), IEEE Computer Society.
  Cipher Past Issues Archive. Cipher Book Reviews.
• Internet/Network Security - About.com
  About.com Guide by Jim Williams.
• Security Fix
  Brian Krebs on Computer and Internet Security, Washington Post Technology News.
• InfoSec News (ISN)
  Archive: starting 13 Mar 1998.
  ISN is hosted by Attrition.org / C4I.org.
• Linux Security
  Linux Security - The Community's Center For Security.
  News, Search, Features, Advisories, Documentation, Resources. By Guardian Digital.
• Linux Exposed
  Articles, Resources Links, Books Archive, NewsGroup, Howto's.
• Packet Storm
  Packet Storm is a large and current security tools resource, primarily a file repository for security tools and exploits. It is a non-profit organization comprised of computer security experts dedicated to providing the information necessary to secure the World's networks, publishing new security information on a network of websites. Forums, assessment, defense, papers, magazines, miscellaneous, links.
  Mirrors: @ .nl, @ linuxsecurity.com.
• secureroot.com - Computer Security Resource
  By About Network Security.
• Kill -HUP
  A Unix and Information Security Community.
• Computer Weekly: Security Software
  By Computer Weekly - Technology.
• The Information Security Glossary
  By Security Policy World.
• HispaSec [In Spanish]
  Hispanic portal devoted to security information and news. Sections on security: Internet, Hardware, Software, Cryptology, Virus, Legislation, Events. In Spanish.
• Bitpipe: Security: White Papers and Reports
  White Papers, Webcasts, Case Studies, Analyst Reports, and Product Information on Security. Topics: Security, Network Security, and much more.
• Computer Security Now
  "Computer Security News for the rest of us".
• Help Net Security (HNS)
• Mailing list ARChives (MARC) - Information Security
  Archive repository for dozens os forums related to information security, among other topics.
• Hideaway.Net
  PC Security: Library, Software, Links. Server Security: Advisories, Books, Library. Anti-Virus: Anti-Virus Library and Articles, Virus Scanning Software, Alerts, Links. Privacy: Software, Books, Anonymous Web Browsing, Private E-mail. Auditing Services.
• Kriptópolis [In Spanish]
  Since 1996, independent information about Internet Security, Cryptography and Cyber-rights. Spanish translation of Bruce Schneier's column CryptoGram. Bulletins, Articles, Announces, Forums, Interviews, Virus, Vulnerabilities. S1M Quick Database: database of alerts, patches, vulnerabilities and software updates, in collaboration with DeepZone. In Spanish.
• The Search Directory: Information Security Search Engine
  The Information Security & Computer Security Group of Portals.
• WindowSecurity.com
  Microsoft Windows security site: intrusion detection, anti-virus, firewalls and more.
• Macintosh Security Site
  SecureMac.com is a site devoted to Apple Macintosh security and Mac OS X Security.

Information and News in Portuguese

• See Hyperlink: Security: Info (Portuguese)

Magazines

• SC Magazine
  A large circulation information security magazine.
  Secure Computing Magazine International Edition - West Coast Publishing.
• SC Awards
  Secure Computing Industry Awards. By West Coast, SC Magazine.
  Reader Trust Awards: Anti-Virus Solution, Encryption Product, General Security, Internet Security Product. Academy Awards: Best Access Control, Anti-Virus Solution, Biometric Solution, Communication Security, Content Security, e-Business Security, Encryption Solution, Firewall, General Security, Intrusion Solution, Network Security, Security Management, Security Service. Judges Awards: New Security Product, Security Article, Security Idea or Practice, Lifetime Achievement Award. Principal Awards: Security Hardware, Security Software.
• Information Security Magazine
  Information Security Wire Digest e-mail newsletter.
• ;login: - The Magazine of USENIX & SAGE
  By USENIX - The Advanced Computing Systems Association / SAGE - The System Administrators Guild. Online issues of ;login: over a year old are freely available to everyone.
• Dr.Dobbs's Security
  Formerly Sys Admin Magazine, the journal for UNIX systems administrators.
  Archives, Downloads, Solaris Corner, LINUX Rookery, Tool Showcase, Q&A, Resources, Newsletters.
• Windows IT Pro
  Independent, technical security information for Windows IT professionals.
  Formerly Security Administrator and WindowsITSecurity.com. By Windows 2000 Magazine Network.