As a result of working my through several books (published and unpublished at present) I’ve come across a number of really useful security resources. So I thought i’d bring them together (as much for my own reference) as anything else. The following list provides a brief description of the resource and its link.
- SANS Institute (http://www.sans.org/reading-room/) site providing a alot of documentation security and research findings, in addition to more commercial arrangements such as training
- OWASP (https://www.owasp.org) guides on threat types and characteristics and guidance on developing secure solutions includes a training tool called webgoat
- CXOWare (http://www.cxoware.com/) – home of FAIR risk analysis process and guidance
- Metasploit (http://www.offensive-security.com/metasploit-unleashed/Main_Page) a site that provides free security training to help understand how hack attacks work. includes free tools
- RadioLabs (http://www.radiolabs.com/stations/wifi_calc.html) provides the means to calculate how far a wifi signal will carry. Important if you don’t want people parking up outside your home/office and hacking your wifi
- PolicyTool (http://socialmedia.policytool.net/) provides the means to create fair and reasonable polices for the use of social media in a work environment
- TrustedSec’s Atillery (https://www.trustedsec.com/downloads/artillery/) open source tool for detecting security attacks
- OSSEC (http://www.ossec.net/) open source intrusion detection system.
- NIST (http://csrc.nist.gov/) standards institute with a lot of information on security.
- CERT (http://www.cert.org/cert/) SEI’s security activities
- Stride (http://msdn.microsoft.com/en-us/library/ee823878) Microsoft’s threat assessment model
Phil (aka MP3Monster)'s Blog 