New resources | Add a resource | Top rated resources
|
Phishing@ (12)
Web services@ (12)
|
Databases@ (3)
|
|
.Net Security Policy Best Practices
"The .Net Framework provides a code access security model that allows administrators to modify security policy to meet their individual needs. While code access security generally increases the reliability and security of applications, improperly administering code access security policy can potentially create security weaknesses. This document explains basic administration concepts and describes the best practices to use when administering code access security policy. " |
Hits: 254 |
|
Best Practice Guide for Securing Active Directory Installations
Microsoft guide: "This guide explains how to avoid loss of access to network resources by legitimate clients or the inappropriate disclosure of potentially sensitive information by enhancing security for Microsoft Windows Server 2003 network operating system (NOS) environments." |
Hits: 311 |
BugBlog 
"The BugBlog covers the things that go wrong when you use computers. These include classic bugs, or errors in coding; security problems; incompatibilities between programs, or between software and hardware. It also covers what we feel are really stupid and/or backwards features in programs - ones that companies often say aren't bugs but 'features.'" |
Hits: 32 |
|
Exchange Security
"Discussion, commentary, and resources for securing your Exchange systems." |
Hits: 210 |
|
ICAT Metabase
"ICAT is a searchable index of information on computer vulnerabilities. It provides search capability at a fine granularity and links users to vulnerability and patch information." |
Hits: 391 |
|
Java vs. .NET Security
Four-part series that compares the two languages in configuration and code containment, cryptography support and the mechanisms of communication protection, code protection and Code Access Security (CAS) and implementations of user authentication and authorization on those platforms. From OnJava.com. |
Hits: 363 |
|
LinuxSecurity.com
"A comprehensive portal offering breaking news, feature stories, and the latest security updates for those seeking security information for Linux-based applications. The site is maintained through the help of Linux and Open Source enthusiasts from around the world who contribute timely articles and feedback." |
Hits: 36 |
|
Malware Analysis for Administrators
"Though anti-virus software is continually getting better, a small but very significant percentage of malware escapes the automated screening process and manages to enter and wreak havoc on networks. Unfortunately, this percentage is also growing everyday. It is essential for users and absolutely essential for administrators to be able to determine if a binary is harmful by examining it manually and without relying on the automated scanning engines. ..." SecurityFocus, 05/20/04. |
Hits: 10 |
|
Secure Programmer
Series of articles from IBM on how to minimize the security risks of applications while programming them. |
Hits: 87 |
|
Securing Outlook
Two-part series from SecurityFocus. |
Hits: 290 |
|
Security Across the Software Development Life Cycle
Report by the National Cyber Security Partnership: "Task force members have considered how to achieve meaningful and measurable vulnerability reductions through collaborative standards, tools and measures for software; new tools and methods for rapid patch deployment; and best-practice adoption across the entire critical infrastructure. The work has included discussion of how to build - and how to teach building - secure software from the ground up, as an embedded and simple feature in all software systems going forward. This important task force is comprised of software experts from the vendor, systems integration and end-user communities." |
Hits: 613 |
|
Security Considerations in the Information System Development Life Cycle
A NIST guide: "Including security early in the information system development life cycle (SDLC) will usually result in less expensive and more effective security than adding it to an operational system. This guide presents a framework for incorporating security into all phases of the SDLC process, from initiation to disposal." In PDF. |
Hits: 87 |
|
Sendmail's Security
"Recently much attention has been paid to e-mail viruses transmitted by flaws in certain client software. Up the line from most of those clients, however, is a larger-scale server that transmits mail across the Internet. Some might say that security starts at the server. Some of these servers process millions of messages during a week's time how do you know if the server is secure?" Linux Exposed, 06/03/04. |
Hits: 18 |
|
SpyWare Info Forums
Active forum on spyware and malware. |
Hits: 22 |
|
SSH Resources
SSH tutorials, whitepapers, standards, implementations, links and books. |
Hits: 62 |
|
SSH tunnelling
"SSH tunnelling is an excellent way to tunnel insecure protocols through a secure communication channel. In this example, I'll tunnel POP3 traffic using ssh. Traditional POP3 traffic, including username and password information, travels clear-text across the network." |
Hits: 135 |
|
Threat Modeling
"Threat modeling has become one of the top security analysis methodologies that Microsoft's developers use to identify risks and make better design, coding, and testing decisions. This book provides a clear, concise explanation of the threat-modeling process, describing a structured approach you can use to assess the security vulnerabilities for any application, regardless of platform. Software designers and developers discover how to use threat modeling during the specification phase of a new project or a major revision—from verifying application architecture to identifying and evaluating threats and designing countermeasures. Test engineers discover how to apply threat-modeling principles when creating test plans to verify results. It's the essential, high-level reference for software professionals responsible for designing, refining, and maximizing the security features in their application architecture." |
Hits: 58 |
|
Web Application Firewall Evaluation Criteria
"Web application firewalls (WAF) are a new breed of information security technology designed to protect web sites from attack. WAF solutions are capable of preventing attacks that network firewalls and intrusion detection systems can't, and they do not require modification of application source code. As today's web application attacks expand and their relative level of sophistication increases, it is vitally important to develop a standardized criteria for product evaluation. How else can we accurately compare or measure the performance of a particular solution?" From the Web Application Security Consortium. |
Hits: 47 |
|
Web application firewalls buyer's guide
Detailed vendor specs on application firewalls. Constantly updated. |
Hits: 129 |
|
What Sun Tzu Would Say
Security guru Marcus Ranum uses the ancient Chinese writer to explain why today's endless patching is ultimately futile. |
Hits: 12 |
Page updated on: Thu Nov 09 2006 - 14:17:44
|
Does Verizon's Voyager stack up to the iPhone? |
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
