| Security Site | Description |
|---|---|
| CERTs and Advisories | |
| CMU CERT | The Carnegie Mellon University CERT site. |
| US CERT | The US-CERT Vulnerability Notes Database. |
| National Vulnerability Database | A cyber security vulnerability database hosted by NIST that integrates all publicly available U.S. Government vulnerability resources and provides references to industry resources |
| CVE The CVE database |
The Common Vulnerabilities and Exposures definition is an attempt to standardize the names for vulnerabilities to improve accuracy and efficiency. |
| Bugtrac | The Security Focus bugtrac database. |
| SANS Institute Top 20 List |
SANS Institute provides training and resources for computer security. |
| The Open Source Vulnerability Database | An unbiased, vendor neutral vulnerability database that is community supported |
| Secunia | The Secunia site which has an advisories section. |
| Security Organizations | |
| The Internet Storm Center | The ISC provides a free analysis and warning service to thousands of Internet users and organizations. |
| Institute for Security and Open Methodologies | An open, collaborative, security research community. |
| Computer Security Institute | A security professional organization. |
| The Center for Internet Security | Another security professional organization. |
| Security News | |
| Internet Security News | A portal of security related news articles. |
| Hacker Highschool | Security awareness for teens. |
| Security Products | |
| Tenable Security | Home of Nessus and related products. |
| Metasploit | The Metasploit Project, for penetration testing. |
| Fear the Metasploit Framework | An article describing the Metasploit Project. |
| Shellcode.org | A Debian site designed to contain shellcode related information and resources. |
| The Debian Security Audit Project | A site with information regarding the auditing of the source code of all setui/setgid binaries within the Debian Stable Release. |
| Security Information | |
| Hitting the Sweet Spot | An article on honeypots. |
| Megasecurity.org | Exploit archive, with a search feature to crawl the web looking for exploits. |
| Milw0rm.org | A site with exploit code for analysis. |
| Defcon data | The data from the 2006 DefCon Capture the Flag contest. |
| Linux Security | |
| Linux Security | LinuxSecurity.com was launched in 1996 by a group of Open Source enthusiasts and security experts. |
| SE Linux | The NSA's site on SE Linux. |
| SELinux: Spook Tested, Admin Approved | An article providing an overview of SE Linux and links. |
| Armoring Linux | An older, but comprehensive article on setting up a secure Linux server. |
| Linux.com Security page | The list of articles on Linux.com about security. |
| Protecting Linux against automated attackers | An article on somewhat advanced security techniques. |
| Add an extra layer of security with systrace | An article about the Systrace utility, which is similar to but lighter than SE Linux |
| Security Book Reviews | Book reviews of three security books: "Linux Server Security, 2nd Edition", "Hardening Linux", and "Hardening Apache" |
This page was last updated Jan. 10, 2007.