Resources for staying only one step behind (not ten)

• Books
  • Web Security Sourcebook, Aviel D. Rubin, Danieal Geer, and Marcus J. Ranum (John Wiley & Sons, Inc, ISBN 0-471-18148-X)
  • Practical UNIX Security, Simson Garfinkel and Gene Spafford (O'Reilly & Associates, 1991, ISBN 0-937175-72-2)
  • Unix System Security: A Guide for Users and System Administrators, David A. Curry (Addison-Wesley, 1992, ISBN 0-201-56327-4)
  • Firewalls & Internet Security: Repelling the Wily Hacker, Cheswick, William R. and Bellowin, Steven M. (Addison-Wesley, 1994, ISBN 0-201-63357-4)
• Security organizations, hacker groups, vendor sites, and their advisories
  • CERT
    Some recent advisories:
    • CA-98.04 - Microsoft Windows-based Web Servers unauthorized access - long file names
    • CA-97.25 - Sanitizing User-Supplied Data in CGI Scripts
    • CA-97.24 - Buffer Overrun Vulnerability in Count.cgi cgi-bin Program
    • CA-97.12 - Vulnerability in webdist.cgi
    • CA-97.07 - Vulnerability in the httpd nph-test-cgi script
  • CIAC
    Some recent advisories:
    • I-013: Count.cgi Buffer Overrun Vulnerability
    • I-014: Vulnerability in GlimpseHTTP and WebGlimpse cgi-bin Packages
    • I-024: CGI Security Hole in EWS1.1 Vulnerability
    • I-025A: Windows NT based Web Servers File Access Vulnerability
    • I-041: Performer API Search Tool 2.2 pfdispaly.cgi Vulnerability
  • rootshell.com
  • Microsoft Security Advisor Program
  • NETSCAPE SECURITY SOLUTIONS
  • linux-security email list
  • Linux Security HOWTO
• Email lists, e.g. uwweb-l, netsys, linux-alert, etc.
• Unix System Security Checklist (and sites linked there)
• RFC 2196 - Site Security Handbook
• Unix Security Overview (another talk)

[End] | [Prev]