In case you neded a place to start in evaluating the steps required for building a Computer Security Incident Response Team (CSIRT) , look no further. CERT/CC has released the Action List for Developing a Computer Security Incident Response Team (CSIRT) .
Today I came across the The Standard of Good Practice for Information Security which has been produced by the Information Security Forum (ISF), an international association of over 260 leading organisations which fund and co-operate in the development of a practical research programme in information security.
The ISF’s work probably represents the most comprehensive and […]
PIRANA is a SMTP fuzzing and bruteforce exploitation framework that tests the security of a SMTP content filter. By means of a vulnerability database, the content filter to be tested will be bombarded by various emails containing a malicious payload intended to compromise the SMTP server
The Common Vulnerability Scoring System (CVSS) provides an open framework for communicating the characteristics and impacts of IT vulnerabilities.
Andres Riancho has released w3af 1.0 - the Web Application Attack and Audit Framework.This framework is written in python and resembles a bit to metasploit having an architecture based on plugins
One of the objectives of this security standards portal named “ICT Security Standards Roadmap” is to provide a central tracking facility for NIS standards. It facilitates identification of standards and standardization activities, as well as coordination among standardization bodies, reduction of duplicate work and easier identification of existing gaps.
NIST publications : Guidelines on Cell Phone Forensics, Guide for Assessing the Security Controls in Federal Information Systems, Guidelines on Securing Public Web Servers, User’s Guide to Securing External Devices for Telework and Remote Acces, Specification for the Extensible Configuration Checklist Description Format (XCCDF)
Ounce Labs released a valuable resource for everybody involved in the Software Security business. “Software Security Assurance: A Framework for Software Vulnerability Management and Audit” is more than a framework, it’s a call to action driven by the need for better understanding of roles and responsibilities in software security assurance.
Metasploit is pleased to announce the immediate, free availability of the Metasploit Framework version 3.
SANS released a paper on Web Applications Audit. It’s more of a guide to low hanging fruit website assessment, but still is a good resource . The article begins with setting up , adjusting and configuring the tool arsenal and then walks the reader trough implementation and conclusions.