Useful Links related to IT Security
- CERT - The CERT Division, an academic research and advisory group
- Cerias - The Center for Education and Research in Information Assurance and Security
- Dark Reading - “Connecting the Information Security Community”
- Hakin9 – “Your Source of Ethical and Unethical Hacker Knowledge”
- Information Security Magazine - “a trusted source for advancing your knowledge in the security industry”
- ISACA - “an independent, nonprofit, global association”; defines the COBIT framework and the CISA, CISM, CGEIT and CRISC certifications
- SANS Reading Room - “a cooperative research and education organization”
- 2600: The Hacker Quarterly - a classic magazine in the security world
- Thinkst ThinkstScapes - a quarterly summary of interesting research in security
- Phil Venables: Secrets of successful security programs part 1 and part2
- James Chiapetta: CISO’s Guide to a Modern AppSec Program
- [video] Kevin Fang: How this SQL Command Blew Up a Billion Dollar Company - discusses via example what happens when you don’t apply the principle of least privilege, don’t keep proper logs, and some other basic stuff..
- [video] Kyle Kotowick: Building a Passwordless Cloud Infrastructure - mostly about setting up systems that don’t need passwords to administer
Security-related blogs
- Krebs on Security - An excellent series of notes from the leading authority on online security
- Assuming the breach - Appears to be a list of links to other interesting articles (though in a very weird layout)
Authentication and Authorization protocols
- EU’s Strong Customer Authentication Directive - EU legislation passed in 2015 requiring banks to implement strong authorization for financial transactions (SMS not compliant!)
- SQRL - an open secure authentication protocol
- [video] Dominic Baier: OAuth and Proof of Possession - creating OAuth2 tokens bound to a specific source
Useful documents
- NIST Cyberframework - A PDF of about 45 pages summarizing “best practice” for IT security at a high level; mostly a list of references to other specifications.
- High Performance Browser Networking: Transport Layer Security (TLS)