Wednesday, July 13, 2011

Security Links

First, let's start with something fun. This link is to a t-shirt design that shows bad code, why it's bad and what can happen if someone mis-uses it

Next, in order to make security testing / mitigation a priority, there needs to be some way to measure it. Here is a link to a group that is working on this One standard that is currently used is CVSS

NIST (National Institute of Standards and Technology) and You

There are so many documents NIST has created that they need a document to list all the documents! This list includes the "Technical Guide to Information Security Testing and Assessment"

There's even a database of various checklists at One example is, .NET security configuraiton checklists

All of this information stems from looking at a tool called Retina, from eEye.

This tool allows you to scan computers on the network to look for known vulnerabilities. The scans and results provided are best interpreted in light of the links above.


No comments: