Tuesday, 30 August 2011

Security Testing Research, links galore

Over at the Software Testing Club I just added a list of resources for use by members of the Security Testing Group I set up. I thought I'd add the list here for reference and encourage readers to visit the STC group.

Websites and Forums

Dark Reading: http://www.darkreading.com/
Infosecurity: http://www.infosecurity-magazine.com/
Ethical Hacking Blog Site: http://www.ehacking.net/
The Ethical Hacker Network: http://www.ethicalhacker.net/

Podcasts and Video Series
Cigital Silver Bullet Security Podcast: http://www.cigital.com/silverbullet/

Security Testing Methodologies
OWASP: https://www.owasp.org/
OSSTM: http://www.isecom.org/osstmm/
ISSAF: http://www.oissg.org/issaf/

Threat & Incident Classification
WASC-TC: http://projects.webappsec.org/w/page/13246978/Threat%20Classification
WHID: http://projects.webappsec.org/w/page/13246995/Web-Hacking-Incident-Database
Taxonomy of Coding Errors: https://www.fortify.com/vulncat/en/vulncat/index.html


Backtrack: http://www.backtrack-linux.org/
NMap: http://nmap.org/
Nessus (Home Feed): http://www.tenable.com/products

Hack to learn, dont' learn to hack.