Wednesday, July 13, 2011

Security Links

First, let's start with something fun. This link is to a t-shirt design that shows bad code, why it's bad and what can happen if someone mis-uses it http://cwe.mitre.org/community/tshirt.html



Next, in order to make security testing / mitigation a priority, there needs to be some way to measure it. Here is a link to a group that is working on this http://measurablesecurity.mitre.org/ One standard that is currently used is CVSS http://www.first.org/cvss/cvss-guide.pdf

NIST (National Institute of Standards and Technology) and You

There are so many documents NIST has created that they need a document to list all the documents!http://csrc.nist.gov/publications/CSD_DocsGuide.pdf This list includes the "Technical Guide to Information Security Testing and Assessment" http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf


There's even a database of various checklists at http://checklists.nist.gov/ One example is, .NET security configuraiton checklists http://web.nvd.nist.gov/view/ncp/repository/checklistDetail?id=7

All of this information stems from looking at a tool called Retina, from eEye.

This tool allows you to scan computers on the network to look for known vulnerabilities. The scans and results provided are best interpreted in light of the links above.

Enjoy!

No comments: