shopify visitor statistics

Page last updated: 4/6/23

page22-forumsUseful Forums
page22-orangeball Top 10 Cryptography Forums, Discussions, and Message Boards: The best Cryptography forum list curated from thousands of forums on the web and ranked by traffic, social media followers & freshness.
page22-www_iconUseful Links
page22-orangeball Computer Science Student Resource Site: Help and advice for the long-suffering, overworked student.
page22-orangeball Errata sheet: Latest list of errors, updated at most monthly. File name is Errata-CompSec4e-mmyy. If you spot any errors, please contact me at page23-email.
page22-orangeball OpenSecurity Training: Contains slide decks, do-it-yourself programming assignments, and projects that can help the student learn a number of computer security concepts.
page22-orangeball Security Cards: A fun introduction to commonly-used terms and concepts in computer security.

Chapter 1 - Overview

orangeball Cryptography and Network Security Links: An collection of PDF documents from a wide variety of sources.
orangeball IEEE Technical Committee on Security and Privacy: Home of the electronic newsletter Cipher, which provides book reviews, new crypto and security links, and links to reports and papers available online.
orangeball Computer Security Resource Center: Maintained by NIST; contains a broad range of information on security threats, technology, and standards.
orangeball European Network and Information Security Agency A source of expertise on security issues for the EU. Includes an excellent set of technical reports, plus numerous other documents and links.
orangeball United States Computer Emergency Readiness Team: US-CERT is a partnership between the Department of Homeland Security and the public and private sectors, intended to coordinate the response to security threats from the Internet. The site has a good collection of technical papers, and information and alerts on current security issues, vulnerabilities and exploits.
orangeball SANS Institute: Similar to Security Focus. Extensive collection of white papers. Maintains Internet Storm Center, which provides a warning service to Internet users and organizations concerning security threats.
orangeball Risks Digest: Forum on risks to the public in computers and related systems.
orangeball Institute for Security and Open Methodologies: An open, collaborative security research community. Lots of interesting information.
orangeball Center for Internet Security: Provides freeware benchmark and scoring tools for evaluating security of operating systems, network devices, and applications. Includes case studies and technical papers.

Chapter 2 - Cryptographic Tools

page22-orangeball The Cryptography FAQ: Lengthy and worthwhile FAQ covering all aspects of cryptography.
page22-orangeball Bouncy Castle Crypto Package: Java implementation of cryptographic algorithms. The package is organized so that it contains a light-weight API suitable for use in any environment. The package is distributed at no charge for commercial or non-commercial use.
page22-orangeball Cryptography Code: Another useful collection of software.
page22-orangeball American Cryptogram Association: An association of amateur cryptographers. The Web site includes information and links to sites concerned with classical cryptography.
page22-orangeball Crypto Corner: Simon Singh's Website. Lots of good information, plus interactive tools for learning about cryptography.

Chapter 3 - User Authentication

orangeball NIST Identity and Access Management: Documents related to user authentication and password usage.
page22-orangeball NIST Image Group: Researches measurement and evaluation methods and develop standards to advance the use of image-based biometric technologies; current modalities include fingerprint, face, iris, and tattoo. Good resource. page23-new3

Chapter 4 - Access Control

page22-orangeball NIST RBAC site: Includes numerous documents, standards, and software on RBAC

Chapter 5 - Database Security

page22-orangeball Cloud Security Alliance: Organization promoting best practices for cloud security implementation. Site contains useful documents and links.

Chapter 6 - Malicious Software

page22-orangeball SecureList: Information about viruses, hackers, and spam.

Chapter 8 - Intrusion Detection

page22-orangeball Honeynet Project: A research project studying the techniques of predatory hackers and developing honeypot products
page22-orangeball Snort: Web site for Snort, an open source network intrusion prevention and detection system.

Chapter 9 - Firewalls

page22-orangeball Numerous links to firewall references and software resources.

Chapter 10 - Buffer Overflow

page22-orangeball Metasploit: The Metasploit Project provides useful information on shellcode exploits to people who perform penetration testing, IDS signature development, and exploit research
page22-orangeball OpenBSD Security: The OpenBSD project produces a free, multiplatform 4.4BSD-based UNIX-like operating system.

Chapter 11 - Software Security

page22-orangeball CERT Secure Coding: Resource on CERT site of links to information on common coding vulnerabilities and secure programming practices.
page22-orangeball CWE/SANS Top 25 Most Dangerous Software Errors: A list of the most common types of programming errors that were exploited in many major cyber attacks, with details on how they occur and how to avoid them.
page22-orangeball David Wheeler - Secure Programming: Provides links to his book and other articles on secure programming.
page22-orangeball Fuzz Testing of Application Reliability: Provides details of the security analysis of applications using random input performed by the University of Wisconsin Madison.
page22-orangeball Open Web Application Security Project (OWASP): Dedicated to finding and fighting the causes of insecure software and providing open source tools to assist this process.

Chapter 12 - OS Security

page22-orangeball Australian Cyber Security Centre (ACSC): The Australian Defence Signals Directorate cybersecurity site includes wide range of information and advice, including on cyber incidents and intrusions.
page22-orangeball Linux Documentation Project: manuals on Linux systems administration.
page22-orangeball Microsoft Security Tools & Checklists: tools and guidance to assess security on Microsoft Windows systems.
page22-orangeball SANS - Top Cyber Security Risks: that organizations should address.

Chapter 13 - Cloud and IoT Security

orangeball NIST CLoud Computing Program:Useful information, links, and documents.
page22-orangeball Internet of Things World Forum: A number of useful documents and videos.

Chapter 14 - IT Security Management and Risk Assessment

page22-orangeball ISO 27000 Directory: An overview of the ISO 27000 series of standards reserved by ISO for information security matters.
page22-orangeball ISO 27000 Standards: Another source of 27000 information
page22-orangeball Verizon Data Breach Investigations Report provides regular updates on security issues, and their annual summary report is compiled with the assistance of the US Secret Service.

Chapter 16 - Physical Security

page22-orangeball InfraGuard: An FBI program to support infrastructure security efforts. Contains a number of useful documents and links
page22-orangeball The Infrastructure Security Partnership: A public-private partnership dealing with infrastructure security issues. Contains a number of useful documents and links.
page22-orangeball Federal Emergency Management Administration (FEMA): Contains a number of useful documents related to physical security for businesses and individuals.
page22-orangeball NIST PIV program: Contains working documents, specifications, and links related to PIV.

Chapter 17 - Human Resources

page22-orangeball Computer Security Incident Response Team: Provide security professionals with the means to report, discuss, and disseminate computer security related information to others around the world. This site provides information for reporting security incidents and information on technical resources.

Chapter 18 - Security Auditing

page22-orangeball Security Issues in Network Event Logging: This IETF working group is developing standards for system logging.

Chapter 19 - Legal and Ethical Aspects

page22-orangeball International High Technology Crime Investigation Association: A collaborative effort of law enforcement and the private sector. Contains useful set of links and other resources.
page22-orangeball The Rules: Maintained by the Ad Hoc Committee on Responsible Computing.

Chapter 20 - Symmetric Encryption and Message Confidentiality

orangeball NIST Block Ciphers: NIST documents on AES and DES.
page22-orangeball Block Cipher Modes of Operation: NIST page with full information on NIST-approved modes of operation.

Chapter 21 - Public-Key Cryptography and Message Authentication

page22-orangeball NIST Secure Hashing Page: SHA FIPS and related documents.

Chapter 22 - Internet Security Protocols and Standards

page22-orangeball S/MIME Charter: Latest RFCs and internet drafts for S/MIME.
page22-orangeball DKIM Website hosted by Mutual Internet Practices Association, this site contains a wide range of documents and information related to DKIM.
page22-orangeball DKIM Charter: Latest RFCs and internet drafts for DKIM.
page22-orangeball TLS Charter: Latest RFCs and internet drafts for TLS.
page22-orangeball OpenSSL Project: Project to develop open-source SSL and TLS software. Site includes documents and link.
page22-orangeball IPsec Maintenance and Extensions Charter: Latest RFCs and internet drafts for IPsec.

Chapter 23 - Internet Authentication Applications

page22-orangeball MIT Kerberos Site: Information about Kerberos, including the FAQ, papers and documents, and pointers to commercial product sites.
page22-orangeball MIT Kerberos Consortium: Created to establish Kerberos as the universal authentication platform for the world's computer networks.
page22-orangeball Kerberos Working Group: IETF group developing standards for Kerberos.
page22-orangeball Public-Key Infrastructure Working Group: IETF group developing standards based on X.509v3.
page22-orangeball NIST PKI Program: Good source of information.

Chapter 24 - Wireless Network Security

page22-orangeball IEEE 802.11 Wireless LAN Working Group: Contains working group documents plus discussion archives.
page22-orangeball Wi-Fi Alliance: An industry group promoting the interoperabiltiy of 802.11 products with each other and with Ethernet.
page22-orangeball Extensible Authentication Protocol (EAP) Working Group: IETF working group responsible for EAP and related issues.

Appendix C - RFCs

page22-orangeball RFCs: IETF RFC repository. Includes a complete list of all RFCs, constantly updated.