Security websites are getting to be like belly buttons. Everyone has one. This is an effort to provide a comprehensive listing while sifting out the chaff. Below you will find links with some description of what you might find at the other end.

The Open Source Security Testing Methodology (SourceForge Project page) project aims to develop an open standard for security testing. The project home page is http://www.ideahamster.org/. "Security Through Obscurity" is recognized for the Bad Thing that it is. The Open Source Security Testing Methodology project is important to bringing security testing out into the light of day.

This manual is to set forth a standard for Internet security testing. Disregarding the credentials of many a security tester and focusing on the how, I present a solution to a problem which exists currently. Regardless of firm size, finance capital, and vendor backing, any network or security expert who meets the outline requirements in this manual is said to have completed a successful security snapshot. Not to say one cannot perform a test faster, more in depth, or of a different flavor. No, the tester following the methodology herein is said to have followed the standard model and therefore if nothing else, has been thorough.

Security websites:

• CERT

Now calling themselves CERT Coordination Center (CERT/CC) is part of the the Networked System Survivability (NSS) program located at the Software Engineering Institute (SEI), a federally funded research and development center (FFRDC) operated by Carnegie Mellon University (CMU).
• Computer Security Resource Center

This site contains information about a variety of computer security issues, products, and research of concern to Federal agencies, industry, and users. This site is operated and maintained by NIST's Computer Security Division as a service to the computer security and IT community.
• SANS Institute

The SANS (System Administration, Networking, and Security) Institute is a cooperative research and education organization through which more than 96,000 system administrators, security professionals, and network administrators share the lessons they are learning and find solutions to the challenges they face. SANS was founded in 1989.
• packet storm

Understanding that there is no way we can begin to design and develop stronger systems and defenses unless we know what vulnerabilities exist, Packet Storm follows a strict policy of full-disclosure, publishing all pertinent information that we receive on security related materials.
• @stake

We are a de-hyping/de-mystifying agent for our readership. We look hard at traditional media sources and call out when they abuse stereotypes, get technical stuff wrong, or make hype out of ordinary events.
• SecurityPortal

Home to Kurt Seifried's Kurt's Closet, Ask Buffy, and other high quality news and information.
• SecurityFocus

Home to BugTraq and enjoying a reputation for quality and timely security news and information.
personal note: I hate frames. I really, really hate frames. SecurityFocus is one of the ugliest framed websites I have had the miserable experience of visiting. Fortunately, once subscribed to the BugTraq mailing list I have little need to visit their website.
• Cryptome

Cryptome pulls no punchs in reporting news that Corporate Media pointedly ignores.
• SecuriTeam

SecuriTeam is a group within Beyond Security dedicated to bringing you the latest news and utilities in computer security. Having experience as Security Specialists, Programmers and System Administrators we appreciate your need for a "Security Portal".
• Whitehats

Whitehats is a resource to help network and security administrators by offering free software and community support. Whitehats supports a policy of full-disclosure and user education, and believes in the motto "knowledge is power". Our goal is to empower the network and system administrators with the knowledge and tools required to defend their networks in an ongoing struggle against irresponsible or malevolent attack.
• Attrition.org

. . . dedicated to the collection, dissemination and distribution of information about the (computer security) industry for anyone interested in the subject. They maintain one of the largest catalogs of security advisories, cryptography, text files, and denial of service attack information. They are also known for the largest mirror of Web site defacements and their crusade to expose industry frauds and inform the public about incorrect information in computer security articles.
• Counterpane Internet Security

Founded by crypto-guru Bruce Schneier and home to the monthly Crypto-Gram Newsletter
• Insecure.org

Home to Fyodor's Nmap - stealth port scanner, hacking news and links.

To update or submit a new site send an e-mail. Thank you.

Home