Security: Difference between revisions
From Federal Burro of Information
Jump to navigationJump to search
No edit summary |
No edit summary |
||
(One intermediate revision by the same user not shown) | |||
Line 16: | Line 16: | ||
* [http://www.6nelweb.com/bio/papers/pwvault-ESORICS12-ext.pdf On The Security of Password Manager Database Formats] | * [http://www.6nelweb.com/bio/papers/pwvault-ESORICS12-ext.pdf On The Security of Password Manager Database Formats] | ||
== reconnaisance context == | |||
https://github.com/lanmaster53/recon-ng | |||
== Web server test tools == | == Web server test tools == | ||
Line 35: | Line 40: | ||
* Scout2 github project. | * Scout2 github project. | ||
== repo checking tools == | |||
check a repo for strings that look random and could be secrets, like keys and password https://github.com/trufflesecurity/trufflehog | |||
== Metrics == | == Metrics == |
Latest revision as of 21:43, 31 July 2022
The 6 most effective security measures for retailers
http://www.itbusiness.ca/blog/the-6-most-effective-security-measures-for-retailers/46599
1. Comply with Canadian privacy law. 2. Adhere to the PCI-DSS 3.0 standard. 3. Adopt EMV payment systems. 4. Employ intrusion detection technologies. 5. Conduct employee background checks. 6. Deploy physical security measures.
reconnaisance context
https://github.com/lanmaster53/recon-ng
Web server test tools
https://www.ssllabs.com/ssltest/ - pretty cool.
check for vulnerability to heartbleed
https://filippo.io/Heartbleed/
https://github.com/robertdavidgraham/masscan
Cloud Check tools
- use the AWS best prctice anaylazer
- http://cloudcheckr.com/pricing-features/
- Scout2 github project.
repo checking tools
check a repo for strings that look random and could be secrets, like keys and password https://github.com/trufflesecurity/trufflehog
Metrics
- https://www.csoonline.com/article/3253332/analytics/security-metrics-telling-your-value-story.html
- https://www.owasp.org/images/b/b2/Security_Metics-_What_can_we_measure-_Zed_Abbadi.pdf