NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
GUIDELINES ON SECURING PUBLIC WEB SERVERS<br />
Applicati<strong>on</strong> Assessment and Code Review Resources<br />
Resource/Title<br />
Detecting <strong>Web</strong> Applicati<strong>on</strong> Security<br />
Vulnerabilities<br />
DHS Build Security In Portal<br />
OWASP <strong>Web</strong>Goat<br />
OWASP <strong>Web</strong>Scarab<br />
A Process for Performing Security Code<br />
Reviews<br />
SPI Dynamics<br />
Wapiti<br />
Watchfire<br />
<strong>Web</strong> Applicati<strong>on</strong> Security C<strong>on</strong>sortium<br />
Articles<br />
URL<br />
http://www.oreillynet.com/pub/a/sysadmin/2006/11/02/webapp_sec<br />
urity_scans.html<br />
https://buildsecurityin.us-cert.gov/<br />
http://www.owasp.org/index.php/OWASP_<strong>Web</strong>Goat_Project<br />
http://www.owasp.org/index.php/OWASP_<strong>Web</strong>Scarab_Project<br />
http://www.computer.org/portal/site/security/index.jsp?pageID=sec<br />
urity_level1_article&TheCat=1001&path=security/2006/v4n4&file=b<br />
asic.xml<br />
http://www.spidynamics.com/<br />
http://wapiti.sourceforge.net/<br />
http://www.watchfire.com/<br />
http://www.webappsec.org/projects/articles/<br />
Digital Certificate Providers (Third-Party Certificate Authorities)<br />
Resource/Title<br />
CertiSign Certificadora Digital Ltda<br />
Deutsches Forschungsnetz<br />
Entrust.net Ltd.<br />
GeoTrust Inc.<br />
GlobalSign NV/SA<br />
GoDaddy<br />
IKS GmbH<br />
IdenTrust<br />
Lanechange.net<br />
Register.com<br />
TC TrustCenter<br />
Thawte<br />
VeriSign<br />
URL<br />
http://www.certisign.com.br/<br />
http://www.pca.dfn.de/<br />
http://www.entrust.net/<br />
http://www.geotrust.com/<br />
http://www.globalsign.net/<br />
http://www.godaddy.com/<br />
http://www.iks-jena.de/produkte/ca/<br />
http://www.identrust.com/<br />
http://www.lanechange.net/<br />
http://www.register.com/<br />
http://www.trustcenter.de/<br />
http://www.thawte.com/certs/server/request.html<br />
http://www.verisign.com/<br />
General <strong>Web</strong> Server Security Resources<br />
Resource/Title<br />
A Look Into <strong>Web</strong> Server and <strong>Web</strong><br />
Applicati<strong>on</strong> Attack Signatures<br />
Center for Educati<strong>on</strong> and Research in<br />
Informati<strong>on</strong> Assurance and Security<br />
(CERIAS)<br />
Computer Emergency Resp<strong>on</strong>se Team<br />
Coordinati<strong>on</strong> Center (CERT/CC), <strong>Securing</strong><br />
<strong>Public</strong> <strong>Web</strong> <strong>Servers</strong><br />
URL<br />
http://www.cgisecurity.com/papers/fingerprint-port80.txt<br />
http://www.cerias.purdue.edu/<br />
http://www.sei.cmu.edu/pub/documents/sims/pdf/sim011.pdf<br />
A-2