Resources

...to provide you information to know what security risks exist, stay up to date on developing risks and security measures, and how to discover a security vulnerability before it is too late.

Websites:

"SANS is the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - the Internet Storm Center."

SANS: Top 20 Critical Security Controls

SANS: The Twenty Critical Security Controls Solutions Directory - lists vendors according to Security Control category

 "Today the Internet Storm Center gathers millions of intrusion detection log entries every day, from sensors covering over 500,000 IP addresses in over 50 countries. It is rapidly expanding in a quest to do a better job of finding new storms faster, identifying the sites that are used for attacks, and providing authoritative data on the types of attacks that are being mounted against computers in various industries and regions around the globe."

   "Stormcast's are daily 5-10 minute threat updates."

"The NCCIC serves as a central location where a diverse set of partners involved in cybersecurity and communications protection coordinate and synchronize their efforts. NCCIC's partners include other government agencies, the private sector, and international entities. Working closely with its partners, NCCIC analyzes cybersecurity and communications information, shares timely and actionable information, and coordinates response, mitigation and recovery efforts."

 "The Department of Homeland Security's United States Computer Emergency Readiness Team (US-CERT) leads efforts to improve the nation's cybersecurity posture, coordinate cyber information sharing, and proactively manage cyber risks to the Nation while protecting the constitutional rights of Americans. US-CERT strives to be a trusted global leader in cybersecurity - collaborative, agile, and responsive in a dynamic and complex environment."

"OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. "

Books/ Journals:

 Shema, Mike. Hacking Web Apps: Detecting and Preventing Web Application Security Problems. Amsterdam: Syngress, 2012. Print.

 

 

 

 

Sullivan, Bryan, and Vincent Liu. Web Application Security: A Beginner's Guide. New York: McGraw-Hill, 2012. Print.

 

Hussein Al-hamami, Alaa, Fadi Ali Oqla Najadat, and Mohammed Saad Abdul Wahhab. Http://www.cisjournal.org/journalofcomputing/archive/vol3no3/vol3no3_10.pdf." Journal of Emerging Trends in Computing and Information Sciences 3.3 (2012): 365-72. Mar. 2012. Web.