noc10.jpg
.: curphey on the art of scoping application security reviews
Mark Curphey has begun a series of posts about scoping application security reviews. Part 1 talks about the business of application security reviews. Part 2 talks about the types of testing. They're good reads, and I'm looking forward to the other parts.
by michael 09.20.07 at 4:48 PM in /general

Post a comment


terminal23_
ghosts in the wire
or
rock out with your hack out

.: about
wiki
site
author
twitter


.: categories
/
/general
/terminal23
/tools
/web

.: news
astalavista
darkreading
infosecnews
linux exposed
net-security
net sec
rootprompt
rootsecure
searchsecurity
searchwin
security-database
wifinetnews
wirelessdefence
zone-h

.: blogs/personal
1-manitdept
adminspotting
adnan's blog
andrew hay
andy itguy
anti-virus rants
anton chuvakin
artofinfosec
arved
b10[m|g]
carnal0wnage
ccckc
cdc
cipherdyne
clearnetsec
cmd line kung fu
computerdefense
cqure
dan morrill
darknet
darkoperator
dave dittrich
david piscitello
didier stevens
digital voice
dino dai zovi
dominic white
douglas schweitzer
ed smiley
errata security
f-secure
geek00l
geekybits
gnucitizen
greebo
ha.ckers.org
i-hacked
hackreport
hackosis
honeyblog
honeynets
hype-free
infonomicon
infosec potpourri
infosecplace
infosecramblings
innismir
internet storm center
ismellpackets
jeremiah grossman
joatblog
joelonsoftware
kinqpinz
krebs on security
layer8
lazyadmin
lazy genius
lifehacker
locutus
matasano chargen
mcwresearch
metasploit | book
modsecurity
msrc
nate lawson
ncircle
nettwerked
network security
newschoolsecurity
notsosecure
offensivecomputing
ogenstad
operation n
osvdb
packetlife
pci answers
penetrationtests
philosecurity
portswigger
practicalexploitation
prosectesters
rarmknecht
rational survivability
ravichar
rebecca herold
riskmanagementinsight
room362
rootkit
secure thoughts
securiteam blog
securitybuddha
security4all
securityhacks
securityincite
security mentor
security monkey
securitywizardry
securosis
shmoo group
simple nomad
spoofed.org
sysadmin1138
tao security
techbuddha
tssci security
2blocksaway
unleash networks
un-excogitate
veracode
vulnerable minds
windowsir
wirelessve
write-quit

.: things to do
another list (el)
corewars
cyberarmy
de-ice
ethicalhacker
forensics challenges
ha.ckers.org list
hackerslab
hackthissite
honeynet scans
lampsecurity
malware quizzes
moth
overthewire
packet captures
pentest mindmap
python challenge
reversing lessons
smash the stack
webgoat

.: vulns/exploits/tools
auscert
bugtraq
cert
eeye 0day tracker
knowledgecave
mcafee
milw0rm
nvd
offsec exploits
osvdb
pentests videos
securiteam
securitytracker
secwatch
us cert
vigil@nce
vupen
websense
wiretapped

.: audio/podcasts
binary revolution
blue box voip
cyberspeak
eurotr@sh
exoticliability
getmon
hackermedia
hackerpublicradio
hacker voice
lets talk computers
off the hook
off the wall
pauldotcom
runyourownserver
securabit
securityinfowatch
silver bullet security
social-engineer.org
southern fried sec
sploitcast

.: video
carnal0wnage
dojosec
darklevel
h4cky0u
hack tv
hak5
irongeek
isc2 webinars
learnsecurityonline
milw0rm videos
practicalexploitation
revision3
sans webinars
security-freak
securitytube
techcentric
the academy.ca
windows scripting

.: livecd
backtrack
katana
netsec toolkit (nst)
nubuntu
owasp
pentoo
samurai
securityonion
vipervast (voip)

.: zines
(in)secure
itaudit
phrack
securityjournal
uninformed
usenix

.: forums
antionline
catalyst community
daniweb
hacking-passion
hackinthebox
hak5
infosyssec
ism community
remote-exploit
securitycatalyst
taz forums
undergroundnews
waraxe

.: tools/apps
backtrack wiki
dirk loss
forensics - harbour
forensics toolkit
foundstone tools
mandiant tools
nirsoft
open source windows
owasp flash project
owasp phx tools
packetstorm
pcap apps
russix
securityfocus tools
securityforest
staticrez tools
top 15 hack tools
top 50 tools 2003
top 50 tools asta
top 100 tools 2006
top freeware apps
top portable apps
usb goodies on hak5
voip tacvoip tools
voip tools
web security tools
wikistc

.: resources
anon web browsing
anon web proxies
anon web proxies
ascii converters o o
auditmypc
base64 to binary
clez tools
csrc
data breaches
decode vigenere
default passwords o
dnsstuff o o
e-proxy
exploit search
firewall test
ip-to-country lookup
iso 17799 portal
linux security sheet
mac assignments
mailinator
mail relay test
md5 and sha1 lookup
nist standards
nmap-online
nmap tweaker
nocs list
nslookup
nsa standards
numbr
online net/file scan
owasp testing guide
packetfocus
penetration testing
ports list o o o
ports lookup
rainbow gen
rainbow online o
reverse ip tool
robtex dns tool
seclists
securitydistro
securityfriday
serversniff
sql injection cheatsheet
ssl check o o
startup list
unix toolbox
wardriving
wigle
wireless corner
wireless gear o
wireless links
wordlist makers o
wordlists o o o o o
xss cheatsheet

.: dashboards
atlas
cyberdefender
dshield
f-secure
internet pulse
internet weather
mynightwatchman
phishing monitor
security-database
senderbase
shadowserver
talisker radar
threat level
world virus map

.: virus info
ca
f-secure
hackfix
mcafee
messagelabs
symantec
trend
virus.org
viruslist
virustotal

.: papers/guides
giac papers
howto forge
infosecwriters
jay beale papers
nmap
open reverse engi
orkspace
secmanager papers
techtutorials

.: cons/training
blackhat | media
cccure
cissp training
defcon
guide to infosec certs
imiti
issa-ps
learnsecurityonline
metasploit unleased
nanog
offensive security
opst
sans
securitybriefings
schmoocon
sensepost
simulation exams
toorcon

.: archives
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
January 2006
August 2005
April 2005
March 2005
February 2005
December 2004
November 2004
October 2004
September 2004
August 2004