Security

• http://www.sans.org/reading_room/

The 6 most effective security measures for retailers

http://www.itbusiness.ca/blog/the-6-most-effective-security-measures-for-retailers/46599

1.    Comply with Canadian privacy law.
2.    Adhere to the PCI-DSS 3.0 standard.
3.    Adopt EMV payment systems.
4.    Employ intrusion detection technologies.
5.    Conduct employee background checks.
6.    Deploy physical security measures.

• On The Security of Password Manager Database Formats

reconnaisance context

https://github.com/lanmaster53/recon-ng

Web server test tools

https://www.ssllabs.com/ssltest/ - pretty cool.

check for vulnerability to heartbleed

https://filippo.io/Heartbleed/

https://github.com/robertdavidgraham/masscan

https://www.robtex.com/

Cloud Check tools

• use the AWS best prctice anaylazer
• http://cloudcheckr.com/pricing-features/

• Scout2 github project.

repo checking tools

check a repo for strings that look random and could be secrets, like keys and password https://github.com/trufflesecurity/trufflehog

Metrics

• https://www.csoonline.com/article/3253332/analytics/security-metrics-telling-your-value-story.html
• https://www.owasp.org/images/b/b2/Security_Metics-_What_can_we_measure-_Zed_Abbadi.pdf

Also See

• Redhat Password Policy Guide
• http://www.itworldcanada.com/blog/it-metrics-for-security-services/377117
• https://en.wikipedia.org/wiki/Canadian_Trusted_Computer_Product_Evaluation_Criteria