BACK to Blog
Security
links [6.2.2010]
(My 10+ years worth of
security bookmarks, actually. New links added frequently, hardly never
cleaned. Lots of outdated and broken links).
News &
portals
Magazines & Newsletters
Terms
Papers, presentations
Online
books
Discussions, Mailing lists
Known Bugs, Warnings
Advisories
Guidelines
Standards
Laws
Awareness
Risk Management
Security
Management
Psychology
Identity, Authentication and Access
Management
Disaster
Recovery,
Business Continuity
Organizations
Conferences
Surveys,
stats
Software security
Intrusion Detection Systems
Penetration
testing
Public Key Infrastructure
LDAP, Directories
Virtual Private Networks
Firewalls
Crypto
Biometrics
Unix
Windows
Mobile & Wireless
Ethics
Privacy
Incidents, exploits, hacks, vulnerabilities
Hackers, crackers, script-kiddies
Infowar, Hactivism
"Traditional Security"
People
Fun
Blogs & Podcasts
What's new (most
recent first)
- Profiling The Defenders
- Simplified Implementation of the Microsoft SDL
- Active Man-In-The-Middle Attacks
- Security Metrics Catalog
- KATAKRI: Kansallinen Turvallisuusauditointikriteeristö (finnish)
- ITIL v3 and Information Security
- Ponemon 2009 Annual Study: Cost of a Data Breach
- BSI standard 100-4 on Business Continuity Management
- Blog: PCI Guru
- Verified by Visa and MasterCard SecureCode: or, How Not to Design Authentication
- Deloitte: Cyber Crime: a clear and present danger
- SDL Quick Security References
- The psychology of scams: Provoking and committing errors of judgement
- SSLLabs - How Well Do You Know SSL
- Secure Web Application Framework Manifesto
- ATM Crime: Overview of the European situation and golden rules on how to avoid it
- So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users
- Bruce Schneier (fun) facts
- OISSG: pen Information Systems Security Group
- Understanding scam victims: seven principles for systems security
- Foreign Influence on Software Risks and Recourse
- Enhancing the Development Life Cycle to Produce Secure Software
- Toward an Organization for Software System Security Principles and Guidelines
- Information Assurance (IA) Newsletter
- Security Acts Magazine
- ENISA:Cloud Computing Risk Assessment
- Ross Anderson Psychology and Security Resource Page
- Observations on Balancing Discipline and Agility
- Spider for credit card and other confidential data
- InfoSec Island
News &
Portals
Magazines &
Newsletters
Terms, FAQs
Papers,
presentations
- Trust
in Cyberspace
- Lance
Spitzner
papers
- Dan
Farmer papers
- Papers
from
UC Davis
- Fred Cohen papers
- Sys-security
Group
- The
Memorability and Security of Passwords -- Some Empirical Results
- Activism,
Hacktivism, and Cyberterrorism
- Cyber
Threats and Information Security Meeting the 21st Century Challenge
- White
Papers
and Analyst Reports
- Protecting
Network Infrastructure at the Protocol Level
- Guarding
the Crown Jewels: An Overview of Internet and Network Security
- 12
Keys for
Locking Up Tight
- EU
report about Echelon
- @Stake
Research Reports
- How
to Cheat at the Lottery
- The
Future of
Internet Worms
- Trends
in Denial
of Service Attack Technology
- Open
Source Security
- Network
Defense Columns by Rik Farrow
- The
Survivor's Guide to 2002
- CERT-toiminta
Suomessa (finnish)
- SANS Security
Reading Room
- The
Information Security Group Teaching Material
- Centralized
Management - SIM products
- Ken
Thompson:
Reflections on Trusting Trust
- Computer
World: Security Manager's Journal
- Gartner
- Security
- Online
Bank
Security
- DoD
Insider Threat Migitation (doc)
- Security
In the
Information Age (US Congress)
- Keeping
Secrets in Hardware: the Microsoft XBox Case Study
- Kansallinen
Tietoturvakatsaus (finnish, pdf)
- Coffee
vs. Security
- Risk
Exposure through Instant Messaging and P2P Networks
- Marcus
Ranum: 7 Things I've Learned
- Homeland
Insecurity (about Bruce Schneier)
- Shatter
Attacks - How to break Windows
- The
Ten Immutable Laws of Security
- Practical
Architectures for Survivable Systems and Networks
- The
National (US) Strategy to Secure Cyberspace
- PhD
Thesis: Four Views on security
- InfoSec
Writers
- Economist:
Securing the Cloud
- New
Yorkin WTC-terrori-isku ja toiminnan jatkuvuus (finnish, pdf)
- Decimalisation
table attacks for PIN cracking
- Defending
Against an Internet-based Attack on the Physical World
- The
Myth of Security at Canada's Airports
- Failing
to Keep Up With the Information Revolution
- CISSP
certification experience
- Workshop
on Human-Computer Interaction and Security Systems
- Nanog
security
presentations
- Safe
and
Sound: A Treatise on Internet Security
- Lab for
Information Security
Technology (LIST)
- Securing
Storage Networks
- Cyberinsecurity:
The Cost of Monopoly
- EROS: The
Extremely Reliable
Operating System
- Semantic
hacking
- Cognitive
Hacking: A Battle for the Mind
- Simulating
and optimising worm propagation algorithms
- Attacking
the DNS Protocol Security
- Decades
after creation, viruses defy cure
- The
Future of Security
-
Scenario One
- Grand
Research Challenges in Computer Science and Engineering, 2002
- Grand
Research Challenges in Information Security & Assurance, 2003
- Timing
the Application of Security Patches for Optimal Uptime
- Survivability:
Protecting Your Critical Systems
- CERT
papers about Survivability
- Fact Squad
- FBI
Guide to Conceable Weapons
- Who
Wrote Sobig?
- Principles
of Survivability and Information Assurance
- An
analysis of Skype VoIP application for use in a corporate environment
- Trust
in the
New Economy - The Case of Finnish Banks
- Portable
Computing Device Security
- NIST:
Security Considerations for VoIP Systems
- Aspects
on Availability (
Dissertation for the degree of Doctor of Philosophy)
- Blogs:
Another Tool
in the Security Pro's Toolkit
- Remote
Physical Device Fingerptinting
- Creating
a National Framework fo Cybersecurity: An Analysis of Issues and Options
- Thesis:
Plastic card fraud, a survey of current relevant card and system
properties
- Cyber
Security: A Crisis of Prioritization
- DDoS
extortion story
- An
Analysis of the Skype Peer-to-Peer Internet Telephony Protocol
- The
Economic Impact of Cyber-Attacks
- The
Six Dumbest Ideas in Computer Security
- Skype
Security Evaluation
- Thesis:
Strategic Security
- Security
considerations of Google Desktop
- Federal
Plan for Cyber Security and Information Assurance Research and
Development
- Security
Absurdity: The Complete, Unquestionable, And Total Failure of
Information Security
- Tietoturvallisuuden
tutkimus ja opetus Suomessa 2005 (finnish)
- CIIP Handbook Volume
I and Volume
II
- 17
Mistakes Microsoft Made in the Xbox Security System
- Migitating Denial of Service Attacks in Computer Networks
- Bypassing network access control (NAC) systems
- The life of the security professional...grand it ain't!
- the underground economy: priceless
- An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks
- Exploiting SAP Internals
- “OO-OO-OO!” The Sound of a Broken OODA Loop
- Security Architecture Blueprint
- Cost of Information Assurance
- The Evolution of Security
- The Ghost In The Browser - Analysis of Web-based Malware
- House of Lords Science and Technology Committee: Personal Internet Security
- 10 Claims That Scare Security Pros
- Security Usability Fundamentals
- Commercial Malware Industry
- Virtual Machine Security Guidelines
- Guide to Security Architecture in TOGAF ADM
- Russian Business Network study
- Security Economics And The Internal Market
- Point-of-Sales Vulnerabilities
- Security Issues and Recommendations for Online Social Networks
- The New Politics of Personal Information
- Using Cartoons to Teach Internet Security
- Data Breaches: What The Underground World of "Carding" Reveals
- Large Scale Internet Attacks
- Information Security Economics – and Beyond
- SecMeter - tietoturvainformaatiota (finnish)
- Estonia Cyber Security Strategy
- Security Assessment of the Internet Protocol (IP)
- CSIS Commission: Securing Cyberspace for the 44th Presidency
- Attacks on Banks
- Suomen turvallisuus- ja puolustuspolitiikkaa 2009 (finnish)
- Virtual Machine Security Guidelines
- An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments
- Virtualization and Risk
- Bank Trojans - details uncovered
- Security Assessment of The Transmission Control Protocol (TCP)
- Optimised to Fail: Card Readers for Online Banking
- Above the Clouds: A Berkeley View of Cloud Computing
- Using Science to Battle Data Loss: Analyzing Breaches by Type and Industry
- Security Guidance for Critical Areas of Focus in Cloud Computing
- Microsoft Cloud Security Whitepaper
- Targeted attacks
- Introducing the IBM Security Framework and IBM Security Blueprint to Realize Business-Driven Security
- ENISA:Cloud Computing Risk Assessment
- So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users
- ATM Crime: Overview of the European situation and golden rules on how to avoid it
- Verified by Visa and MasterCard SecureCode: or, How Not to Design Authentication
Online books,
guides
Discussions,
Mailing-lists
Known Bugs,
Warnings
Advisories
Guidelines
- Valtionhallinnon
tietoturvallisuusohjeistus (finnish)
- RFC2504, Users'
Security Handbook
- RFC2196,
Site
Security Handbook
- PK-yritysten
tietoturvaopas (finnish)
- The
Field
Guide for Investigating Computer Crime, Part One, Two,
Three,
Four,
Five,
Six,
Seven
and Eight
- The
Open-Source Security Testing
Methodology Manual
- Simple
Security
Truths
- Contingency
Planning and
Disaster Recovery
- Commonly
Accepted Security
Practices & Recommendations
- Introduction
to Security Policies Part One, Two,
Three
and Four
- Tietoturvaa
peruskäyttäjille (finnish)
- BSI
IT Baseline Protection Manual
- Security
Auditing Guide
- Tietosuojan
ja Tietoturvan Tarkistuslista (rtf, finnish)
- NSA
Security
Recommendation Guides
- NIST
Guidelines on Securing Public Web Servers
- NIST
Guideline on Network Security Testing
- OCTAVE:
Operationally
Critical Threat, Asset, and Vulnerability Evaluation
- OECD
Security
and Privacy Guidelines
- NIST
ASSET - Automated
Security Self Evaluation Tool
- NIST
Guide to Selecting Information Security Products
- NIST
Guide to Information Technology Security Services
- Tietoturvaopas (finnish)
- The
Antivirus Defense-in-Depth Guide
- Turvallisuussopimusten
laadintaohjeistoa (finnish)
- GAISP:
Generally Accepted Information Security Principles
- NIST
Guide to Computer Security Log Management
-
The IT Audit Checklist for Information Security
- Global Technology Audit Guide (GTAG)
- Guide to information security certifications
- NIST: Information Security
- SANS 20 Critical Security Controls
- Frequently Avoided Questions about IT auditing
- Information security awareness in financial organisations - Guidelines and case studies
Standards and
"standards"
Common Criteria / ISO 15408
BS7799 / ISO17799 / ISO 27000
PCI
Laws,
directives, etc.
General
Finnish Laws
EC
Awareness
Risk Management
Methods &
tools
Security
Management
Psychology
Identity,
Authentication and Access Management
Disaster Recovery,
Business
Continuity
Organizations
CERT
Conferences,
seminars
Surveys,
stats
- Security
Survey of Key Internet Hosts (Dan
Farmer, 1996)
- SSL
Server Security Survey
- The
2000 Information Security Industry Survey
- The
2001 Information Security Industry Survey
- Attrition
Defacement Statistics
- Computerworld
Security
Statistics
- Salary
- CERT/CC
Statistics
- Security
Statistics
- SecuritySpace
Internet Research Reports
- Honeynet
project: statistics
- Riptech
Internet Security Threat Report - Attack
Trends Q3
and Q4 2001
- e-Security
- 2002 and
beyond
- The
Security of Applications: Not All Are Created Equal
- Informationweek
- Management Takes Notice
- ISS:
Internet Security Risk Summary for December 22, 2001 through March 21,
2002
- Network
World Top
Concerns Survey 2002
- Riptech
Internet Security Threat Report - Attack Trends Q1 and Q2 2002
- The
2002 Information Security Industry Survey
- ICAT
Vulnerability Statistics
- ISS
Internet Risk Impact Summary 1.1.-31.3.2003
- IFCC
Internet Fraud Reports
- Top
100 Security Tools
- Information
Security magazine 2003 product survey
- Fast
and Present Danger: In-Home Study on Broadband Security
- INFOSEC
year in Review
- Understanding
Computer Crime Studies and Statistics
- CIO
Security Study - Determine the importance of IT Security
- Blaster
worm took heavy toll: survey
- Victims
of cyberstalking: An exploratory study of harassment perpetrated via
the Internet
- ZDNet
2003 Security Survey: steady progress,
wireless worries
- The
State
of IT Security 2003 Survey
- INFOSEC
Zeitgeist
- What
keeps information security professionals up at night?
- F-Secure
Corporation's
Data Security Summary for 2003
- Imperva:
Only
10% of Web Applications are Secured Against Common Hacking Techniques
- SecurityTracker
vulnerability statistics 2002
- Symantec
Internet Security Threat Reports
- Information
Security
Breaches Survey 2004
- A
CompTIA Analysis of IT Security and the Workforce - Summary
- Kauppakamarien
yritysturvallisuustutkimus (finnish)
- Insider
Threat Study: Illicit Cyber Activity in the Banking and Finance
Sector
- PWC
7th Annual Global CEO Survey - Managing Risk
- CIO
- The State of Information Security 2004
- Hi-Tech
Crime:
The Impact on UK Business
- Authentication
Statistics Index
- F-Secure
Corporation's
Data Security Summary for 2004
- Coverity:
Linux bugs
- ISSA/BSA
Survey result 2004 (ppt)
- Identity
Theft - Summary
- Hi-Tech
Crime - The Impact on UK Business 2005
- Browser
Vulnerability Statistics 2004
- Insider
Threat Study
- Identity
and Access Management Trends Survey
- 2005
Australian Computer Crime and Security Survey
- Banks
to spend more on IT security
- Nationmaster
-
crime statistics
- Study:
Flaw disclosure hurts software maker's stock
- The
Prolexis Zombie Report
- TrustedSource
email & spam stats
- CIO
- The State of Information Security 2005 Part I and Part
II
- How
safe is it out there? - Study of web app security
- Opinion:
Investigating the FBI's 'invalid' security survey
- Top
Security Trends for 2006
- FTC
Consumer Fraud and Identity Theft Complaint Data 2005
- Swiss
Re Corporate Risk Survey: A Global Perspective
- Statistics
on web servers attacks for year 2005
- It's
raining security surveys
- F-Secure
Corporation's
Data Security Summary for 2005
- DTI
Information Security Breaches Survey 2006
- CSI/FBI
Computer Crime and Security Survey 2009, 2008, 2007, 2006, 2005,
2004,
2003
and 2002
- Survey on the Detection and Prevention of Data Breaches
- Yrityksiin kohdistuvan ja niitä hyödyntävän rikollisuuden tilannekuva 2006
- Critical look at statistics
- Web Application Security Professionals Survey
- A Chronology of Data Breaches
- 4th Annual Consumer Online Fraud Survey
- Profile of a Fraudster Survey 2007
- WASC Web Security Threat Report 1-4/2007
- Tunnisteilla turvallisuutta - tutkimus sähköisten tunnisteiden käytöstä (finnish)
- Study: Professional Security Certifications Boost Salary
- Information Security Year in Review 2007
- Ernst
& Young’s Global Information Security Survey 2007
- Independent comparatives of Anti-Virus software
- Cisco 2007 Annual Security Report
- The Web Hacking Incidents Database Annual Report 2007
- Banks: Losses from computer intrusions up in 2007
- Tietoturvallisuuden hallinta suomalaisissa organisaatioissa 2007 (finnish)
- IC3 Internet Crime Report 2007
- The (ISC)2 Global Information Security Workforce Studies
- Kauppakamarin
tutkimus yritysten rikosturvallisuudesta 2005 ja 2008 (finnish)
- Understanding the Web browser threat
- Airport Insecurity: The Case of Missing & Lost Laptops
- Information Week 2008 Security Survey: We're Spending More, But Data's No Safer Than Last Year
- Web Application Security professional Survey 2008
- Software Security Demand Rising 2007
- Compuware 2008 Study on the Uncertainty of Data Breach Detection
- Emerging Cyber Threats Report for 2009
- NRI Secure Technologies Web Application Security Assessment Trend analysis report 2008
- Europol European Organised Crime Threat Assessment (OCTA) reports
- European ATM Security Team (EAST) Crime Reports
- Microsoft Security Intelligence Report
- Dataloss DB
- Arbor Networks Infrastructure Security Report
- Adventurers and Risk-Takers: Finnish professional criminals and their organisations in the 1990s cross-border criminality
- Symantec Report on the Underground Economy
- Verizon Business Data Breach Investigations Report 2009, Supplemental Report 2009, 2008and Supplemental Report 2008
- IDC: Innovation and Security: Collaborative or Combative
- WhiteHat Website Security Statistics Report 12/2008
- Learning More About the Underground Economy: A Case-Study of Keyloggers and Dropzones
- Top 10 Financial Security Breaches 2008
- The Cisco Annual Security Report 2008 and 2009
- PWC Global State of Information Security Surveys
- IBM X-Force Trend Reports
- Security certifications (excel)
- Deloitte Annual Global Security Survey 2008, 2006, 2004, 2003
- Outpost24: Cyber Criminality
- KPMG 's 2009 IT Internal Audit Survey
- State of the CSO 2009
- Finjan Cybercrime Intelligence Report
- Yrityksiin kohdistuvan rikollisuuden tilannekuva (finnish)
- Web Application Security Statistics
- Deloitte: Cyber Crime: a clear and present danger
- Ponemon 2009 Annual Study: Cost of a Data Breach
Software security
Databases
Design
Programming
Examples, known problems
Testing
Tools -free
Tool - commercial
Web Services, XML security
Intrusion
Detection Systems
General
Articles, papers,
presentations
Commercial tools
Free tools
Trojans, vulnerabilities, port
numbers
Analysis
Snort
Snort-based commercial products
Incident handling
& forensics
Penetration
testing
General
Commercial tools
Free tools
Public Key
Infrastructure
General
Articles, papers,
presentations
Finnish Electronic Identity
(fineid)
Tools
LDAP,
Directories
General
Articles
& presentations
Free tools
Virtual Private
Networks
Firewalls
Crypto
General
IPSEC
SSL/TLS
Email
Cryptanalysis
Biometrics
Unix
Windows
Mobile &
Wireless
Ethics
Privacy
Spam
Phishing
Are you being monitored?
Incidents,
exploits, hacks,
vulnerabilities
Hackers,
crackers, script-kiddies,...
Infowar,
Hactivism, Network Centric Warfare
Traditional
Security
People
Fun
Videos, hack-tv, clips
Blogs & Podcasts
Podcasts