Security: Difference between revisions
From Federal Burro of Information
Jump to navigationJump to search
No edit summary |
No edit summary |
||
(10 intermediate revisions by the same user not shown) | |||
Line 14: | Line 14: | ||
6. Deploy physical security measures. | 6. Deploy physical security measures. | ||
</pre> | </pre> | ||
* [http://www.6nelweb.com/bio/papers/pwvault-ESORICS12-ext.pdf On The Security of Password Manager Database Formats] | |||
== reconnaisance context == | |||
https://github.com/lanmaster53/recon-ng | |||
== Web server test tools == | |||
https://www.ssllabs.com/ssltest/ - pretty cool. | |||
check for vulnerability to heartbleed | |||
https://filippo.io/Heartbleed/ | |||
https://github.com/robertdavidgraham/masscan | |||
https://www.robtex.com/ | |||
== Cloud Check tools == | |||
* use the AWS best prctice anaylazer | |||
* http://cloudcheckr.com/pricing-features/ | |||
* Scout2 github project. | |||
== repo checking tools == | |||
check a repo for strings that look random and could be secrets, like keys and password https://github.com/trufflesecurity/trufflehog | |||
== Metrics == | |||
* https://www.csoonline.com/article/3253332/analytics/security-metrics-telling-your-value-story.html | |||
* https://www.owasp.org/images/b/b2/Security_Metics-_What_can_we_measure-_Zed_Abbadi.pdf | |||
* | |||
== Also See == | |||
* [[Redhat Password Policy Guide]] | |||
* http://www.itworldcanada.com/blog/it-metrics-for-security-services/377117 | |||
* https://en.wikipedia.org/wiki/Canadian_Trusted_Computer_Product_Evaluation_Criteria |
Latest revision as of 21:43, 31 July 2022
The 6 most effective security measures for retailers
http://www.itbusiness.ca/blog/the-6-most-effective-security-measures-for-retailers/46599
1. Comply with Canadian privacy law. 2. Adhere to the PCI-DSS 3.0 standard. 3. Adopt EMV payment systems. 4. Employ intrusion detection technologies. 5. Conduct employee background checks. 6. Deploy physical security measures.
reconnaisance context
https://github.com/lanmaster53/recon-ng
Web server test tools
https://www.ssllabs.com/ssltest/ - pretty cool.
check for vulnerability to heartbleed
https://filippo.io/Heartbleed/
https://github.com/robertdavidgraham/masscan
Cloud Check tools
- use the AWS best prctice anaylazer
- http://cloudcheckr.com/pricing-features/
- Scout2 github project.
repo checking tools
check a repo for strings that look random and could be secrets, like keys and password https://github.com/trufflesecurity/trufflehog
Metrics
- https://www.csoonline.com/article/3253332/analytics/security-metrics-telling-your-value-story.html
- https://www.owasp.org/images/b/b2/Security_Metics-_What_can_we_measure-_Zed_Abbadi.pdf