Here you’ll find links and references to tools and information we’ve found effective.


Agile Development Overview


Why Johnny Can’t Write Secure Code – published in the September October 2016 issue of InfoSec Professional. An explanation of Scrum/XP development for security practitioners, with advice on how to work with agile teams.

Are You Secure in the Clouds? – published in the August 2009 issue of IASA Perspectives, the journal of the International Association of Software Architects. A review of the differences in security controls required when moving from on-premise to cloud hosted services.

SAML and Single Sign-On” – published in CSO Online, November 2006. An explanation of cross-enterprise single sign-on using the Security Assertion Markup Language (SAML).


Top 100 security tools, per vote of the nmap-hackers mailing list

Nessus, the formerly open-source penetration testing toolkit

NMAP, Linux-based network mapping tool

SNORT, the open source Intrusion Detection System

NetCat, network Swiss Army Knife

PuTTY, my favorite SSH client for Windows

Security Information

Dark Reading: Security industry news

Security Info Watch: news for security executives

CSO Online: CSO Magazine’s online edition

SANS Internet Storm Center current status

Schneier on Security: Dr. Bruce Schneier’s blog

Computerworld: interesting for overview of the field of play

Help Net Security: Infosec news

UML Tools

A picture’s worth a thousand words, they say, and UML tools are the way to document your design in pictures. In addition, each of these tools brings additional functionality to the mix. Picking the right one for you is a combination of what you want to acheive, how much you want to spend on tools, and how long you have to get the job done.

Eclipse Modeling Framework, for modeling in the Eclipse IDE

Enterprise Architect, SparxSystems’ UML modeling tool.

Rational Rose, IBM’s classic UML tool

Rose XDE, operates inside of WebSphere Studio

Together Control Center, Borlands UML modeling tool

UML Distilled is a great overview of the language, covering the most important points without getting into all the arcana.


Rational Unified Process: Wikipedia has a good overview of the Rational Unified Process. Many folks are afraid of RUP, thinking it’s a heavyweight process. What most people don’t realize is that RUP is designed to be tailored to your specific needs, and this article does a nice job of addressing the need to adapt the process.

Agile: Wikipedia also does a nice job with agile development. Agile is more people-centric than RUP.

Copyright © 2008, Adept Technologies LLC