|
|
|
 |
|
About Our Resources The team at RVASI firmly believes that one of the key components needed for designing, building, and maintaining secure systems is the ability to find useful resources quickly. In order to assist in this area, our team has collected and published links to a rich variety of Information Security recourses that we hope will be helpful.
Broken Links The Web is a very dynamic place; a link today may not mean a link tomorrow. We would greatly appreciate your assistance with helping us maintain the usefulness of this Resource page by reporting any broken or questionable links you encounter. We request that you send the link in question, along with a brief description of the issue, to webmaster@rvasi.com.
The team at RVASI is always on the lookout for great links to Information Security resources and related materials. If you know of one or more links that fit this bill, please send an email with the link(s) to resourcelinks@rvasi.com. All submitted links will be evaluated and those deemed suitable/appropriate will be published.
Also, we often reward our top link contributors with RVASI G3AR!
Link Disclaimer Linked Sites are not under the control of RVASI and RVASI is not responsible for the contents of any Linked Site, including, without limitation, any link contained on a Linked Site, or any changes or updates to a Linked Site. Follow links off our site at your own risk. Furthermore, RVASI is not responsible for web casting or any other form of transmission received from any Linked Site, nor is RVASI responsible if the Linked Site is not working appropriately. RVASI provides these links merely as a convenience and the inclusion of any link does not imply endorsement by RVASI.
Please be aware that we, RVASI, are not responsible for the privacy practices of any Linked Sites. We encourage you to be aware when you leave our site and to read the privacy statements of every Web site that collects Personally Identifiable Information (PII). RVASI’s Privacy Statement only applies to information collected on or by our Web site.
For additional great resources, visit the RVASI Forum.
Visit one or more of these sites to stay current with newly published vulnerabilities and exploits.
SANS Institute - Security Advisories, Alerts, and More http://www.sans.org/newsletters/
CERT Security Alerts, Advisories, and Summaries http://www.us-cert.gov/cas/techalerts/index.html
Internet Security Systems Alerts and Advisories (X-Force) http://xforce.iss.net/xforce/alerts
Zone-H Security Alerts and Advisories http://www.zone-h.org/en/advisories
AusCERT - Australia's National Computer Emergency Response Team
U.S. DOE-CIAC (Computer Incident Advisory Capability) Website http://www.ciac.org/ciac/index.html
CIAC - Security Bulletins and Advisories http://ciac.llnl.gov/cgi-bin/index/bulletins
SecurityTracker.com - Keep Track of the Latest Vulnerabilities http://www.securitytracker.com/startup/index.html
Oracle Technology Network - Security http://www.oracle.com/technology/deploy/security/alerts.htm
Macromedia Security Bulletins http://www.macromedia.com/devnet/security/security_zone/
Microsoft Security Home Page - Updates, Incidents, & Bulletins http://www.microsoft.com/security/default.mspx
NOVELL Security Alerts http://support.novell.com/security-alerts/
Sun Security Bulletins http://sunsolve.sun.com/pub-cgi/show.pl?target=security/sec
Cisco Security Advisories and Notices http://www.cisco.com/en/US/products/products_security_advisories_listing.html
Debian Security Information - Latest Debian Security Advisories http://www.debian.org/security/
Wireless Security Alerts - From F-Secure http://www.europe.f-secure.com/wireless/security/
Trend Micro - Virus Information and Alerts http://www.trendmicro.com/vinfo/
McAfee - Virus Alerts http://us.mcafee.com/virusInfo/default.asp?cid=10371
Symantec Security Response - Latest Virus Threats and Security Advisories http://securityresponse.symantec.com/
Research past and current vulnerabilities and find the information/details you need.
ICAT Metabase
Open Source Vulnerability Database
SecurityFocus
Internet Security Systems' X-Force Database http://xforce.iss.net/xforce/search.php
Safety Lab - Vulnerability Database http://www.safety-lab.com/audits/categorylist.pl?lang=en
Find links to "Best Practice" documentation, checklists, and other resources for a variety of Information Security areas.
NIST - Computer Security Resource Center (CSRC) http://csrc.nist.gov/publications/nistpubs/
Improving Web Application Security: Threats and Countermeasures
Basic Security Practices for Web Applications
Secure Coding Guidelines for the .NET Framework
Building and Configuring More Secure Web Sites - Win2k, IIS 5.0, SQL2K, & .NET Framework
Designing Application-Managed Authorization
Best Practices for Secure Development http://www.linuxsecurity.com/resource_files/documentation/best_prac_for_sec_dev4.pdf
Cisco - Network Security Policy: Best Practices http://www.cisco.com/warp/public/126/secpol.html
ISECOM - Institute for Security and Open Methodologies
ISO - International Organization for Standardization http://www.iso.org/iso/en/ISOOnline.openerpage
Wireless Security Best Practices http://www.intel.com/business/bss/infrastructure/wireless/security/best_practices.htm
World Wide Web Consortium
Visit one or more of these sites to stay current with past and present Information Security news developments.
Zone-H.org * News
IRIA - Security in the News http://www.thei3p.org/news/today.html
NewsNow: Encryption / Security http://www.newsnow.co.uk/newsfeed/?name=Encryption+/+Security
Security News Portal http://www.securitynewsportal.com/index.shtml
SearchSecurity.com, the news and tips source on information security and firewalls http://searchsecurity.techtarget.com/
Security | The Register http://www.theregister.co.uk/security/
McAfee.com - Recently Discovered Viruses http://vil.mcafee.com/newVirus.asp
Subscribe or read these Information Security related publications online.
Information Security magazine http://infosecuritymag.techtarget.com/
Secure Computing Magazine http://www.scmagazine.com/home/index.cfm
CSO - Resource for Security Executives http://www.csoonline.com/index.html
Security Management http://www.securitymanagement.com/main.html
Research past or current Information Security topics, vulnerabilities, exploits, and more.
Institute for Security Technology Studies (ISTS) http://www.ists.dartmouth.edu/
CVE - Common Vulnerabilities and Exposures
Open Vulnerability Assessment Language (OVAL)
The Center for Education and Research in Information Assurance and Security (CERIAS)
Sys-Security.com - Dedicated to Computer Security Research
Stay current with Information Security statistics and trends
SecurityStats.Com
Computer Security Institute (CSI)
Visit one or more of these sites dedicated to the topic of Information Security and find valuable information, tools, resource links, and more.
SANS (SysAdmin, Audit, Network, Security) Institute
CERT® Coordination Center (CERT/CC)
The Security Portal for Information System Security Professionals http://www.infosyssec.net/infosyssec/
WindowSecurity.com - Windows Security News, Articles, Tutorials, Software, and more http://www.windowsecurity.com/
SecureMac.com - Macintosh Security Site
Help Net Security http://www.net-security.org/index.php
Dutch Security Information Network
Linux Security - The Community's Center For Security
Center for Internet Security - Standards
Computer Security Institute
The World Wide Web Consortium (W3C) Security Resources http://www.w3.org/Security/Overview.html
Wirelesscon.com - Wireless Web portal - security
U.S. Security Awareness http://www.ussecurityawareness.org/highres/index.html
Visit one or more of these government Information Security sites and find valuable information, tools, resource links, and more.
The Federal Computer Incident Response Center (FedCIRC) http://permanent.access.gpo.gov/websites/www.fedcirc.gov/
DoD Cyber Crime Center - Crime, Forensics, and Training http://www.dcfl.gov/dc3/home.htm
US-CERT - United States Computer Emergency Readiness Team
Office of the Deputy Chief Information Officer (ODCIO)
Computer Crime and Intellectual Property Section (CCIPS)
National Security Agency/Central Security Service (NSA/CSS)
Department of Homeland Security (DHS)
Regulatory Agencies & Compliance Find links to various Government and Industry sites that deal with Regulatory Compliance; these sites also provide a wide-range of information and links to other related topics.
Compliance Pipeline - Vast Repository Of Regulatory Compliance Related Information http://www.compliancepipeline.com/
Federal Financial Institutions Examination Council's (FFIEC)
Board of Governors of the Federal Reserve System (FRB) http://www.federalreserve.gov/
Federal Deposit Insurance Corporation (FDIC)
The Office of the Comptroller of the Currency (OCC)
The Office of Thrift Supervision (OTS)
National Credit Union Administration (NCUA)
Federal Trade Commission
Visit one or more of these sites and stay current with past and present legislation affecting and/or directed towards Cyberspace
BitLaw - A Comprehensive Internet Resource on Technology Law
GigaLaw.com - Legal Information for Internet Professionals http://www.gigalaw.com/index.html
Visit one or more of these sites and stay current with a multitude of Information Security privacy issues, concerns, and more.
Electronic Privacy Information Center
Privacy.org - The Source for News, Information, and Action
Find links to various online resources whose primary focus is Web application security; many of these sites offer outstanding whitepapers, checklists, links to additional resources, and more.
Web Application Security Consortium http://www.webappsec.org/index.html
The Open Web Application Security Project (OWASP)
Cgisecurity - Web Application News, and more
Technical Info dot Net - by Gunter Ollmann http://www.technicalinfo.net/index.html
Find links to excellent resources focused on secure coding and developing secure Web applications
Secure Coding: Principles & Practices
Secure Programming for
Linux and UNIX HOWTO -
Find links to a variety of sites that provide valuable information, resources, tools, insight, and more pertaining to Computer Forensics
The Computer Forensics Community - CFC http://computerforensics.99er.net/index.php
Computer Forensics Tool Testing Program - NIST
The International Association of Computer Investigative Specialist (IACIS)
Find links to proven personal firewall technology
ZoneAlarm - Personal Firewall & Security Suite http://www.zonelabs.com/store/content/home.jsp
BlackICE - Personal Firewall with an Advanced Intrusion Detection System http://www.digitalriver.com/dr/v2/ec_dynamic.main?SP=1&PN=10&sid=26412
Find links to proven tools, information, and other resources dedicated to preventing and combating Spyware & Adware.
Spyware Guide Database - Spyware, Malware and Adware
Ad-aware - Multicomponent Detection and Removal Utility
PestPatrol - Spyware and Adware Removal
Spybot-S&D - Anti-Spyware Scanner
Spy Sweeper - Spyware Removal Software and Spyware Protection by Webroot Software http://www.webroot.com/wb/products/spysweeper/index.php
SpywareBlaster - Spyware Prevention http://www.javacoolsoftware.com/spywareblaster.html
SpywareGuard - Spyware Prevention http://www.javacoolsoftware.com/spywareguard.html
Find links to various sites that offer free online remote security testing of your System.
Gibson Research Corporation Home Page - Multiple Remote Testing Utilities http://www.grc.com/default.htm
Symantec Security Check http://security.symantec.com/ssc/home.asp?j=1&langid=ie&venid=sym&plfid=23&pkj=RJUSLYOCXXKZFRGIJYW
Security Scan - Sygate Online Services (free)
McAfee - Computer Virus Software and Internet Security For Your PC http://us.mcafee.com/root/mfs/default.asp?WWW_URL=www.mcafee.com/myapps/mfs/default.asp
Find links to highly rated books within the Information Security community that deal with a variety of topics.
Linux (Hacking Exposed) http://www.amazon.com/exec/obidos/ASIN/0072127732/cleoandnacho-20
Computer Forensics : Incident Response Essentials
Secure Coding, by Mark Graff and Ken Van Wyk (2003)
Building Secure Software, by Gary McGraw and John Viega (2002) http://www.buildingsecuresoftware.com
Hacking Web Applications Exposed http://www.amazon.com/exec/obidos/tg/detail/-/007222438X/002-9563622-6700041?v=glance
Exploiting Software, by Gary McGraw and Greg Hoglund (2004) http://www.exploitingsoftware.com
Writing Secure Code, by Mike Howard and David LeBlanc (2003) http://www.microsoft.com/mspress/books/5957.asp
Innocent Code, by Sverre Huseby (2004) http://innocentcode.thathost.com
The Art of Deception: Controlling the Human Element of Security
Network Intrusion Detection: An Analyst's Handbook (2nd Edition)
Hacking Exposed: Network Security Secrets & Solutions, Second Edition (Hacking Exposed)
Mastering the Requirements Process, by Robertson and Robertson
The Unified Modeling Language - A User Guide
Visit one or more of these linked sites and test your hacking or other Information Security skills in a fun and challenging environment
HackQuest!
Hack this site!
Next Generation Security Technologies
Hackits
HackersLab Free Hacking Zone http://www.hackerslab.org/eorg/hackingzone/hackingzone.htm
List of Hacker Challenges - look under What's Cool http://hackergames.net/index.php
Find links to sites that are not directly Information Security related but can be used to support various security related endeavors
DoShelp.com - Intrusion & Attack Reporting Center
Hushmail - Secure Email
The USENIX Association - The Advanced Computing Systems Association
IETF RFC Page
IANA - Internet Assigned Numbers Authority
Internet RFC/FYI/STD/BCP Archives
FOLDOC - Computing Dictionary http://foldoc.doc.ic.ac.uk/foldoc/index.html
Webopedia: Online Computer Dictionary for Computer and Internet Terms and Definitions
Sysinternals - Advanced utilities, technical information, and source code related to Windows NT/2000/XP/2K3 http://www.sysinternals.com/index.shtml
InfoSec Writers http://www.infosecwriters.com/index.php
Way Back Machine - Internet Archive
|
||
|
|
|
© Copyright 2005, RVASI, All Rights Reserved.
|
