Security: Difference between revisions

From Federal Burro of Information
Jump to navigationJump to search
No edit summary
No edit summary
 
(10 intermediate revisions by the same user not shown)
Line 14: Line 14:
6.    Deploy physical security measures.
6.    Deploy physical security measures.
</pre>
</pre>
* [http://www.6nelweb.com/bio/papers/pwvault-ESORICS12-ext.pdf On The Security of Password Manager Database Formats]
== reconnaisance context ==
https://github.com/lanmaster53/recon-ng
== Web server test tools ==
https://www.ssllabs.com/ssltest/ - pretty cool.
check for vulnerability to heartbleed
https://filippo.io/Heartbleed/
https://github.com/robertdavidgraham/masscan
https://www.robtex.com/
== Cloud Check tools ==
* use the AWS best prctice anaylazer
* http://cloudcheckr.com/pricing-features/
* Scout2 github project.
== repo checking tools ==
check a repo for strings that look random and could be secrets, like keys and password https://github.com/trufflesecurity/trufflehog
== Metrics ==
* https://www.csoonline.com/article/3253332/analytics/security-metrics-telling-your-value-story.html
* https://www.owasp.org/images/b/b2/Security_Metics-_What_can_we_measure-_Zed_Abbadi.pdf
*
== Also See ==
* [[Redhat Password Policy Guide]]
* http://www.itworldcanada.com/blog/it-metrics-for-security-services/377117
* https://en.wikipedia.org/wiki/Canadian_Trusted_Computer_Product_Evaluation_Criteria

Latest revision as of 21:43, 31 July 2022

The 6 most effective security measures for retailers

http://www.itbusiness.ca/blog/the-6-most-effective-security-measures-for-retailers/46599

1.    Comply with Canadian privacy law.
2.    Adhere to the PCI-DSS 3.0 standard.
3.    Adopt EMV payment systems.
4.    Employ intrusion detection technologies.
5.    Conduct employee background checks.
6.    Deploy physical security measures.

reconnaisance context

https://github.com/lanmaster53/recon-ng


Web server test tools

https://www.ssllabs.com/ssltest/ - pretty cool.

check for vulnerability to heartbleed

https://filippo.io/Heartbleed/

https://github.com/robertdavidgraham/masscan

https://www.robtex.com/

Cloud Check tools

  • Scout2 github project.

repo checking tools

check a repo for strings that look random and could be secrets, like keys and password https://github.com/trufflesecurity/trufflehog

Metrics

Also See