Security Domain is very vast domain and there’s plethora of resources and knowledge-base available on internet for free to refer. Here, this article is listing TOP 5 resources that every cyber security consultant should refer on daily basis.
Security Domain is very vast domain and there’s plethora of resources and knowledge-base available on internet for free to refer. Here, this article is listing TOP 5 resources that every cyber security consultant should refer on daily basis.
5. SANS
Sans is mainly into providing quality and world class Cyber Security related training’s and certifications but apart from that they have published 25 software errors mainly known as SANS 25 that every security Consultant must known.
4. CIS Center for Internet Security
CIS Center for internet security has published security guidelines and benchmark for couple of components. few of them are mentioned below:
- Operating System (Linux, Windows, AIX, Redhat, Solarix, SUSE etc)
- Server Software (BIND DNS Server, Docker Vitualisation Server, IBM DB 2 server, MIT Kerberos Authentication server, VMware, MongoDB etc)
- Web Server (IIS, Apache HTTP Server, Apache Tomcat)
- Cloud Providers (AWS, Azure, Google)
- Mobile Devices (Apple IOS, Google Android)
- Network Devices (Cisco, Palo alto Networks)
- Desktop Softwares (Browsers like Mozila, Safari, Chrome and Internet Explorer, Microsoft office, Microsoft exchange Server )
Security Professional should be aware about the security standards and guidelines mentioned by CIS for Operating Systems, Databases, Web Servers, Cloud, Print Devices, Mobile and Network devices, Server software as well as desktop softwares.
Very old benchmarks that are no longer supported by CIS and the CIS Benchmarks Community are not listed on their homepage. To see the list of archived CIS Benchmarks click here.
If you are Looking for our Security Metrics? Download them here.
3. Infosec Institute
Infosec Institute has maintained a very informative website which widely covers security related certification information, information related to various Security Events, Careers related guidelines and quality
articles that every security professional should refer atleast once. Topics covers domains like Cloud computing, General Security, Incidence Response, Penetration Testing, SCADA/ICS Security, Threat Hunting, Virtualization Security, Secure Coding, Phishing, Hacking, Computer Forensics, Data Recovery, Healthcare Information Security, Management, Compliance and Auditing, Reverse Engineering, Security Awareness, PCI DSS and last but not the least Wireless Security.
2. Hackerone
Hackerone is one of the most popular bug bounty platform.
Every Security professional should visit its Hactivity section on regular basis. Under Hacktivity section, Hackerone publishes Proof of concept for all reported valid issues for which program owner has agreed to disclose after the fixes are applied.
1. OWASP
OWASP community started when Hacking and Information security was buzz and alien word to most of people in IT and other industry.
OWASP (Open Web Application Security Project) has so many things to offer to security professionals.
Few of the must visit sections under OWASP are:
The OWASP Top 10 is a powerful awareness document for web application security. It represents a broad consensus about the most critical security risks to web applications. Project members include a variety of security experts from around the world who have shared their expertise to produce this list.
OWASP urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications minimize these risks. Adopting the OWASP Top 10 is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.
OWASP has also published Mobile and IOT Top Ten which is also a must visit section in OWASP.
OWASP community has produced world class testing guide that every Penetration testers and secure coder should refer. Testing guide has different approaches of testing that one can follow from Blackbox, Whitebox to Graybox. Free and commercial tool guidelines are also provided under Testing Guide.
3. OWASP Application Security Verification Standard Project
Many organisations download ” OWASP Application Security Verification Standard 3.1 Spreadsheet” from OWASP and run these checklist in there environment to know the security posture of their organisation. Few companies consider this as minimum baseline security standards and add few more checks as per their requirement and complexity.
OWASP Application Security Verification Standard 3.1 Spreadsheet can be downloaded by clicking here.
4. OWASP ModSecurity Core Rule Set Project
A set of generic attack detection rules for use with ModSecurity or compatible web application firewalls which aims to protect web applications from a wide range of attacks
5. Secure Coding Guidelines for Java and .Net
OWASP has secure coding guidelines for all major languages (Java, .Net, PHP) and every Security Professionals must be aware about it.
There’s plethora of knowledge-base to get from OWASP and it’s never late to join OWASP local chapter.
About Author:
Suman Tiwari is a Cyber Security Professional by Profession and photographer by passion.
His Linkedin profile can be visited here for more details.