Resources
Here you’ll find links and references to tools and information we’ve found effective.
Presentations
Articles
Why Johnny Can’t Write Secure Code – published in the September October 2016 issue of InfoSec Professional. An explanation of Scrum/XP development for security practitioners, with advice on how to work with agile teams.
Are You Secure in the Clouds? – published in the August 2009 issue of IASA Perspectives, the journal of the International Association of Software Architects. A review of the differences in security controls required when moving from on-premise to cloud hosted services.
SAML and Single Sign-On” – published in CSO Online, November 2006. An explanation of cross-enterprise single sign-on using the Security Assertion Markup Language (SAML).
Tools
Top 100 security tools, per vote of the nmap-hackers mailing list
Nessus, the formerly open-source penetration testing toolkit
NMAP, Linux-based network mapping tool
SNORT, the open source Intrusion Detection System
NetCat, network Swiss Army Knife
PuTTY, my favorite SSH client for Windows
Security Information
Dark Reading: Security industry news
Security Info Watch: news for security executives
CSO Online: CSO Magazine’s online edition
SANS Internet Storm Center current status
Schneier on Security: Dr. Bruce Schneier’s blog
Computerworld: interesting for overview of the field of play
Help Net Security: Infosec news
UML Tools
A picture’s worth a thousand words, they say, and UML tools are the way to document your design in pictures. In addition, each of these tools brings additional functionality to the mix. Picking the right one for you is a combination of what you want to acheive, how much you want to spend on tools, and how long you have to get the job done.
Eclipse Modeling Framework, for modeling in the Eclipse IDE
Enterprise Architect, SparxSystems’ UML modeling tool.
Rational Rose, IBM’s classic UML tool
Rose XDE, operates inside of WebSphere Studio
Together Control Center, Borlands UML modeling tool
UML Distilled is a great overview of the language, covering the most important points without getting into all the arcana.
Process
Rational Unified Process: Wikipedia has a good overview of the Rational Unified Process. Many folks are afraid of RUP, thinking it’s a heavyweight process. What most people don’t realize is that RUP is designed to be tailored to your specific needs, and this article does a nice job of addressing the need to adapt the process.
Agile: Wikipedia also does a nice job with agile development. Agile is more people-centric than RUP.
Copyright © 2008, Adept Technologies LLC
Blogroll
- Ars Technica
- Dark Reading - IT Security
- Help Net Security
- InformIT
- SANS Internet Storm Center
- Schneier on Security - Dr. Bruce Schieier’s blog
- Security Info Watch
- What to Fix - Daniel Markham, fellow consultant
- Wired Gadget Lab
- Wordpress Documentation
- WordPress Planet
- Wordpress Support Forum