The Rainbow Series by the National Institute of Standards and Technology (NIST)
The Computer Security Handbook, by Hutt, Bosworth, and Hoyt
Writing Secure Code, by Howard and LeBlanc
Building Secure Software: How to Avoid Security Problems the Right Way, by Viega and McGraw
Hacking Exposed, by McClure, Scambray, and Kurtz
Internet Firewalls and Network Security, by Siyan and Hare
Unofficial Guide to Ethical Hacking by Ankit Fadia
More books as I find them.
Websites
http://www.proactivenet.com
Applied Computer Security Associates (http://www.acsac.org/)
International Information Systems Security Certifications Consortium, Inc. (ISC)2 (http://www.isc2.org/)
Computer Incident Advisory Center (http://www.ciac.org/ciac/)
IFIP WG 11.3 on Database and Application Security (http://sansone.crema.unimi.it/~ifip113/)
Institute of Internal Auditors (IIA) http://www.theiia.org/
Computer Professionals for Social Responsibility (CPSR) http://www.cpsr.org/
Computer Security Technology Center (CSTC) http://ciac.llnl.gov/cstc/CSTCHome.html
High Technology Crime Investigation Association (HTCIA) (http://htcia.org)
Institute of Information Security (INSTIS) http://www.instis.org/
The NSS Group http://www.nss.co.uk/
PKI Forum http://www.pkiforum.org/
NSSN: A National Resource for Global Standards http://www.nssn.org/
Office of Information Systems Security (AIS) http://www.faa.gov/aio/InfoSec/
Software & Information Industry Association (SIIA) http://www.siia.net The principal trade association for the software and digital content industry. SIIAprovides global services in government relations, business development, corporate education and intellectual property protection to the leading companies that are setting the pace for the digital age.
Astalvista.box.sk (http://astalavista.box.sk/)
earch engine for security related websites
Computer Security Information (http://www.alw.nih.gov/Security/)
Features general information about computer security. The site provides security-related links to advisories, documents, newsletters, FAQs, groups/organizations, newsgroups, software, and other web sites.
Computer Incident Advisory Center (http://http://www.ciac.org/ciac/)
CIAC provides on-call technical assistance and information to Department of energy (DOE) sites faced with computer security incidents.
Cryptography FAQ (http://www.faqs.org/faqs/cryptography-faq/)
A huge FAQ that covers many aspects of cryptography to help you sort cut through all of the hype.
ecomSecurity.com (http://www.ecomsecurity.com/)
ecomSecurity.com is a source of information on e-security targeted at IT managers whose goal is to educate readers about the technologies, issues and products surrounding E-security, in order to help them build a truly secure E-business infrastructure.
The Encyclopedia of Computer Security (TECS) (http://www.itsecurity.com/)
A free security resource for anybody interested in IT security. It is all things security to all security people.
Guardcentral.com (www.guardcentral.com)
An on-line content and business-to-business service provider to educate and inform people of the ways computer users can protect themselves using various computer security software or hardware products.
Help Net Security (http://www.net-security.org/ also http://www.security-db.com/)
Provides various inside information about computer security happenings, news from the InfoSec community and a lot of fother additions like press releases, discovered vulnerabilities and patches, large security software archives, categorized articles, virus information database and stock quotes.
Information Security Glossary and Reference (http://www.riskserver.co.uk/information-security-glossary/)
This resource will hopefully prove to be useful in helping you to understand the jargon and terminology used within the information security industry.
Infowar.com (http://www.infowar.com)
Winn Schwartau, one of the leading experts on information security, provides an online security resource with archived bulletins, papers, vulnerabilities, and news on all aspects of the security industry.
ITtoolbox Security (http://security.ittoolbox.com)
ITtoolbox Security offers forums for technical discussion, an integrated directory, white papers and daily news geared towards Security professionals and users of Security products. The portal also provides content, community, job postings and much more.
Network Security Buyer's Guide (http://www.netsecurityguide.com/)
Provides information about network security, utilities and virus protection. Offers a searchable database of products, links to vendor sites, and a library of white papers, press releases, and product presentations.
New Order (http://neworder.box.sk/)
The resource for people to help avoid being hacked, security and exploiting related files and links.
Pathogen Security (http://www.pathogen.org.uk/)
Leading Security Advice
SecurityNews.org (www.securitynews.org)
Security News for Security Professionals
SecuritySearch.Net (www.securitysearch.net)
Features searchable security, industry and product news, an extensive and up-to-date directory and search engine of IT security web sites, downloadable tools, white papers, weekly e-mail newsletters, and online message boards.
SecurityTracker.com (http://www.securitytracker.com)
SecurityTracker is a new website dedicated solely to security vulnerabilities - nothing else. They aim to be the best source on the Internet for vulnerability information.
Synnergy Networks (http://www.synnergy.net/)
Provides advisories describing security vulnerabilities its volunteers have discovered and researched. Exploits, utilities, and analytical papers describing vulnerabilities and countermeasures are made available to help the IT community at large.
Talisker's Network Security Tools (http://www.networkintrusion.co.uk/)
TESO (http://teso.scene.at/)
International group of young and motivated computer programmers and security enthusiasts that spend time in research and development of new vulnerabilities and exploitation tools that are useful to both 'hackers' and security professionals.
searchSecurity.com (http://searchsecurity.techtarget.com/)
No comments:
Post a Comment