Security Ressources Sites
来源:百度文库 编辑:神马文学网 时间:2024/04/27 18:12:32
Operating systems architecture
http://www.argus-systems.com/product/white_paper/pitbull/oss/ PitBull Foundation OS-Level Security
http://www.argus-systems.com/product/white_paper/lx/sae/ PitBull Foundation Secure Application Environment
http://www.phrack.com/show.php?p=57&a=15 Writing ia32 alphanumeric shellcodes
Intrusion Detection Systems
http://www.packetnexus.com/docs/packetnexus/NIDS_Placement.pdf NIDS Placement in the Real World
http://www.ngsec.com/docs/polymorphic_shellcodes_vs_app_IDSs.PDF Polymorphic Shellcodes vs. Application IDSs
http://www.robertgraham.com/mirror/Ptacek-Newsham-Evasion-98.html Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection
http://www.aciri.org/vern/papers/norm-usenix-sec-01.pdf Evasion, Traffic Normalization, and End-to-End Protocol Semantics
Cisco routers
http://www.cisco.com/warp/public/707/21.html Improving Security on Cisco Routers
http://www.cisco.com/warp/public/707/3.html Defining Strategies to Protect Against UDP Diagnostic Port Denial of Service Attacks
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secur_c/scprt3/sccbac.pdf Configuring Context-Based Access Control (PDF)
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secur_c/scprt3/sccbac.htm Configuring Context-Based Access Control (HTML)
http://nsa1.www.conxion.com/cisco/guides/cis-securityguides.zip Cisco Router Guides
http://www.cisco.com/warp/public/474/ Cisco Password Recovery
http://www.cisco.com/warp/public/474/pswdrec_2500.html Cisco 2500 series help
http://www.cisco.com/warp/public/474/pswdrec_2600.shtml Password Recovery Procedure for the Cisco 2600 Series Routers
Denial of Service attacks
http://www.cert.org/archive/pdf/DoS_trends.pdf Trends os Denial of Service Attack Technology
Firewalls
http://csrc.nist.gov/publications/drafts/Firewall-Guide.pdf Guide to Firewall: Selection and Policy Recommandations:
ftp://ftp.echogent.com/docs/FTP_and_Firewalls.pdf FTP and Firewalls
http://www.madison-gurkha.com/publications/tcp_filtering/tcp_filtering.ps Real Stateful TCP Packet Filtering in IP Filter
http://www.dataprotect.com/bh2000/blackhat-fw1.html A Stateful Inspection of FireWall-1
http://www.phoneboy.com/ PhoneBoy‘s FireWall-1 FAQ
http://csrc.nist.gov/publications/nistpubs/800-41/sp800-41.pdf NIST‘s SP 800-41 Guidelines on Firewalls and Firewall Policy
Information Warfare
http://www.itoc.usma.edu/Documents/IWARLab.pdf IWAR Range: A Laboratory for Undergraduate Information Assurance Education
Oracle security
http://www.pentest-limited.com/ Specialists in Security and Oracle
Programming
http://www.ucalgary.ca/~bgwong/n869.pdf Programming Languages - C - C99
http://hcunix.7350.org/grugq/doc/subversiveld.pdf Cheating the ELF - Subversive Dynamic Linking to Libraries
http://x86.ddj.com/ftp/manuals/tools/elf.pdf Tool Interface Standard (TIS) Executable and Linking Format (ELF) Specification Version 1.2
http://www.eecs.umich.edu/~farnam/482/Winter99/24319001.pdf Intel Architecture Software Developer‘s Manual Volume 1: Basic Architecture
http://www.eecs.umich.edu/~farnam/482/Winter99/24319102.pdf Intel Architecture Software Developer‘s Manual Volume 2: Instruction Set Reference Manual
http://www.eecs.umich.edu/~farnam/482/Winter99/24319201.pdf Intel Architecture Software Developer‘s Manual Volume 3: System Programming Guide
http://docs-pdf.sun.com/806-3774/806-3774.pdf SPARC Assembly Language Reference Manual
http://www1.corest.com/blackhat2002.htm Syscall Proxying - Simulating Remote Execution
http://www.freebsd.org/doc/en_US.ISO8859-1/books/developers-handbook/x86.html FreeBSD Developers‘ Handbook: x86 Assembly Language Programming
http://www.dwheeler.com/secure-programs/ Secure Programming for Linux and Unix HOWTO (PDF)
http://www.linuxdoc.org/HOWTO/Secure-Programs-HOWTO/ Secure Programming for Linux and Unix HOWTO (HTML)
http://www.whitefang.com/sup/ Secure UNIX Programming FAQ
http://uk.osstmm.org/osstmm.en.2.0.zip The Secure Pprogramming Standards Methodology Manual
http://www.cs.berkeley.edu/~daw/papers/setuid-usenix02.pdf Setuid Demystified
http://m.bacarella.com/papers/secsoft/ The Peon‘s Guide To Secure System Development
http://archive.devx.com/upload/free/features/zones/security/articles/2000/12dec00/mh1200/mh1200-1.asp 15 Tips for Secure Win32 Programming
Buffer overflow vulnerabilities exploitation technics
http://www.shmoo.com/phrack/Phrack49/p49-14 Smashing The Stack For Fun And Profit
http://phrack.org/phrack/55/P55-08 The Frame Pointer Overwrite (Off-by-one exploits)
http://www.phrack.com/phrack/57/p57-0x09 Once Upon a free()
http://diwww.epfl.ch/~ogay/advbof/advbof.pdf
http://diwww.epfl.ch/~ogay/advbof.tar.gz En Francais, tres complet, aborde tous les types de vulnerabilitees exploitables
http://www.cs.unm.edu/~ghandi/ SPARC Buffer Overflows (DEFCON 8, July 28, 2000, Las Vegas, NV.)
http://community.core-sdi.com/~juliano/exploit_tutorial.txt Writing buffer overflow exploits - a tutorial for beginners
http://www.corest.com/blackhat2002.htm Syscall Proxying - Simulating Remote Execution
Exploiting Buffer Overflows under Windows environment
http://www.ngssoftware.com/papers/bufferoverflowpaper.rtf
http://www.ngssoftware.com/papers/ntbufferoverflow.html Exploiting Windows NT 4 Buffer Overruns
http://www.ngssoftware.com/papers/non-stack-bo-windows.pdf Non-Stack Overflows on Windows
http://www.ngssoftware.com/papers/unicodebo.pdf Exploitation of UNICODE Buffer Overflows
Format string vulnerabilities exploitation technics
http://minimum.inria.fr/~raynal/ Howto remotely and automatically exploit a format bug
http://www.hert.org/papers/format.html Format string vulnerability
http://www.team-teso.net/articles/formatstring/ Exploiting format string vulnerabilities
http://online.securityfocus.com/archive/1/66842 Format Bugs: What are they, Where did they come from, ... How to exploit them
http://www.securityfocus.com/data/library/format-bug-analysis.pdf Analysis of Format Strings Bugs
http://www.gomor.org/Fichiers/tgz/fox0.1.tgz Howto exploit OpenBSD 2.7 ftpd format string
Other vulnerability types exploitation
http://razor.bindview.com/publish/papers/signals.txt Deliver signals for fun and profit
http://www.phrack.org/phrack/60/p60-0x0a.txt Basic Integer Overflows - by blexim
Secure programming and protection mecanisms
http://community.corest.com/~gera/InsecureProgramming/ Insecure Programming by example
http://community.core-sdi.com/~juliano/ Many resources on exploiting
http://www.lsd-pl.net/papers.html#assembly UNIX Assembly Codes Development for Vulnerabilities Illustration Purposes (HTML)
http://www.lsd-pl.net/documents/asmcodes-1.0.2.pdf UNIX Assembly Codes Development for Vulnerabilities Illustration Purposes (PDF)
http://www.lsd-pl.net/documents/winasm-1.0.1.pdf Win32 Assembly Components
http://www.bursztein.net/secu/rilc.html Using Environment for returning into Lib C
http://minimum.inria.fr/~raynal/index.php3?page=113 Secure Programming
http://www.enseirb.fr/~glaume/indexen.html A Buffer Overflow Study, Attacks & Defenses
http://immunix.org/StackGuard/discex00.pdf Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade
http://www.phrack.org/phrack/56/p56-0x05 Bypassing StackGuard and StackShield
http://www.corest.com/corelabs/papers Multiple vulnerabilities in stack smashing protection technologies
http://voodoo.somoslopeor.com/papers/nmap.html A practical approach for defeating Nmap OS-Fingerprinting
Security policy related papers
http://csrc.nist.gov/isptg/html/ISPTG-Contents.html Internet Security Policy: A Technical Guide
http://www.securityfocus.com/infocus/1193 Introduction to Security Policies, Part One: An Overview of Policies
http://www.sse-cmm.org/Papers/SSECMMv2Final.pdf Information Security involves a set of engineering processes
http://www.cert.org/archive/pdf/OCTAVEthreatProfiles.pdf OCTAVE Threat Profiles
http://csrc.nist.gov/cc/ Common Criteria for IT Security Evaluation
Wireless LAN related papers
http://www.cigitallabs.com/resources/papers/download/arppoison.pdf Wireless Access Points and ARP Poisoning:
http://www.netstumbler.com/ All you want to know about WLAN
http://www.dachb0den.com/projects/bsd-airtools/wepexp.txt Practical Exploitation of RC4 Weaknesses in WEP Environments
Fingerprinting
http://www.incidents.org/papers/OSfingerprinting.php Passive OS Fingerprinting: Details and Techniques
Microsoft security
http://www.securityfocus.com/cgi-bin/microsoft_topics.pl SecurityFocus Links
http://nsa1.www.conxion.com/win2k/guides/w2k-securityguides.zip Windows 2000 Guides
http://www.counterpane.com/pptpv2-paper.html Cryptanalysis of Microsoft‘s PPTP Authentication Extensions (MS-CHAPv2) (HTML)
http://www.counterpane.com/pptpv2.pdf Cryptanalysis of Microsoft‘s PPTP Authentication Extensions (MS-CHAPv2) (PDF)
http://people.hp.se/stnor/hpntbast13.pdf Building a Windows NT Bastion Host in Practice
Layer 2 protocols
http://www.securityfriday.com/promiscuous_detection_01.pdf Detection of Promiscuous Nodes Using ARP Packets
Certifications
http://www.cccure.org CISSP Open Study Guides
Spoofing
http://www.sans.org/cgi-bin/htdig/htsearch?method=and&config=htdig&words=ip+spoofing Spoofing with different protocols
Network protocols
http://www.sys-security.com/archive/papers/ICMP_Scanning_v3.0.pdf ICMP Usage In Scanning Research
http://rr.sans.org/audit/hping2.php The Hping2 Idle Host Scan
http://www.research.att.com/~smb/papers/ipext.pdf Security Problems in the TCP/IP Protocol Suite
Operating systems
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html Secure Deletion of Data from Magnetic and Solid-State Memory
Cross-site scripting vulnerabilites
http://www.cert.org/advisories/CA-2000-02.html Malicious HTML Tags Embedded in Client Web Requests
http://www.securityfocus.com/archive/1/138297 Full explanation, with useful links
http://www.jmu.edu/computing/info-security/engineering/issues/cross.shtml Cross-Site Scripting Web Vulnerability
Web-based attacks
http://www.securereality.com.au/studyinscarlet.txt Exploiting Common Vulnerabilities in PHP Applications
http://www.spidynamics.com/papers/SQLInjectionWhitePaper.pdf SQL Injection Are Your Web Applications Vulnerable
http://www.ngssoftware.com/papers/advanced_sql_injection.pdf Advanced SQL Injection In SQL Server Applications
http://www.nextgenss.com/papers/hpoas.pdf Hackproofing Oracle Application Server, David Litchfield
http://www.nextgenss.com/papers/iisrconfig.pdf Assessing IIS Configuration Remotely
http://www.cgisecurity.net/papers/fingerprinting-2.txt Fingerprinting Port80 Attacks
http://www.sensepost.com/misc/SQLinsertion.htm SQL insertion
http://www.idefense.com/sessionids.html Brute-Force Exploitation of Web Application Session IDs
Web security
http://www.redbooks.ibm.com/redpieces/pdfs/sg246846.pdf z/OS WebSphere and J2EE Security Handbook
Reverse Engineering
http://www.washington.edu/People/dad/ Many links on the subject, bookmarks from Dave Dittrich
Encryption
http://www.seifried.org/security/cryptography/20011108-end-of-ssl-ssh.html The end of SSL and SSH ?
Sniffing
http://robertgraham.com/pubs/sniffing-faq.html Sniffing (network wiretap, sniffer) FAQ
Misc.
http://www.lostpassword.com/excel.htm Password recovery tools
http://www.nii.co.in/tuaph.html The Unix Auditor‘s Practical Handbook
http://www.argus-systems.com/product/white_paper/pitbull/oss/ PitBull Foundation OS-Level Security
http://www.argus-systems.com/product/white_paper/lx/sae/ PitBull Foundation Secure Application Environment
http://www.phrack.com/show.php?p=57&a=15 Writing ia32 alphanumeric shellcodes
Intrusion Detection Systems
http://www.packetnexus.com/docs/packetnexus/NIDS_Placement.pdf NIDS Placement in the Real World
http://www.ngsec.com/docs/polymorphic_shellcodes_vs_app_IDSs.PDF Polymorphic Shellcodes vs. Application IDSs
http://www.robertgraham.com/mirror/Ptacek-Newsham-Evasion-98.html Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection
http://www.aciri.org/vern/papers/norm-usenix-sec-01.pdf Evasion, Traffic Normalization, and End-to-End Protocol Semantics
Cisco routers
http://www.cisco.com/warp/public/707/21.html Improving Security on Cisco Routers
http://www.cisco.com/warp/public/707/3.html Defining Strategies to Protect Against UDP Diagnostic Port Denial of Service Attacks
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secur_c/scprt3/sccbac.pdf Configuring Context-Based Access Control (PDF)
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secur_c/scprt3/sccbac.htm Configuring Context-Based Access Control (HTML)
http://nsa1.www.conxion.com/cisco/guides/cis-securityguides.zip Cisco Router Guides
http://www.cisco.com/warp/public/474/ Cisco Password Recovery
http://www.cisco.com/warp/public/474/pswdrec_2500.html Cisco 2500 series help
http://www.cisco.com/warp/public/474/pswdrec_2600.shtml Password Recovery Procedure for the Cisco 2600 Series Routers
Denial of Service attacks
http://www.cert.org/archive/pdf/DoS_trends.pdf Trends os Denial of Service Attack Technology
Firewalls
http://csrc.nist.gov/publications/drafts/Firewall-Guide.pdf Guide to Firewall: Selection and Policy Recommandations:
ftp://ftp.echogent.com/docs/FTP_and_Firewalls.pdf FTP and Firewalls
http://www.madison-gurkha.com/publications/tcp_filtering/tcp_filtering.ps Real Stateful TCP Packet Filtering in IP Filter
http://www.dataprotect.com/bh2000/blackhat-fw1.html A Stateful Inspection of FireWall-1
http://www.phoneboy.com/ PhoneBoy‘s FireWall-1 FAQ
http://csrc.nist.gov/publications/nistpubs/800-41/sp800-41.pdf NIST‘s SP 800-41 Guidelines on Firewalls and Firewall Policy
Information Warfare
http://www.itoc.usma.edu/Documents/IWARLab.pdf IWAR Range: A Laboratory for Undergraduate Information Assurance Education
Oracle security
http://www.pentest-limited.com/ Specialists in Security and Oracle
Programming
http://www.ucalgary.ca/~bgwong/n869.pdf Programming Languages - C - C99
http://hcunix.7350.org/grugq/doc/subversiveld.pdf Cheating the ELF - Subversive Dynamic Linking to Libraries
http://x86.ddj.com/ftp/manuals/tools/elf.pdf Tool Interface Standard (TIS) Executable and Linking Format (ELF) Specification Version 1.2
http://www.eecs.umich.edu/~farnam/482/Winter99/24319001.pdf Intel Architecture Software Developer‘s Manual Volume 1: Basic Architecture
http://www.eecs.umich.edu/~farnam/482/Winter99/24319102.pdf Intel Architecture Software Developer‘s Manual Volume 2: Instruction Set Reference Manual
http://www.eecs.umich.edu/~farnam/482/Winter99/24319201.pdf Intel Architecture Software Developer‘s Manual Volume 3: System Programming Guide
http://docs-pdf.sun.com/806-3774/806-3774.pdf SPARC Assembly Language Reference Manual
http://www1.corest.com/blackhat2002.htm Syscall Proxying - Simulating Remote Execution
http://www.freebsd.org/doc/en_US.ISO8859-1/books/developers-handbook/x86.html FreeBSD Developers‘ Handbook: x86 Assembly Language Programming
http://www.dwheeler.com/secure-programs/ Secure Programming for Linux and Unix HOWTO (PDF)
http://www.linuxdoc.org/HOWTO/Secure-Programs-HOWTO/ Secure Programming for Linux and Unix HOWTO (HTML)
http://www.whitefang.com/sup/ Secure UNIX Programming FAQ
http://uk.osstmm.org/osstmm.en.2.0.zip The Secure Pprogramming Standards Methodology Manual
http://www.cs.berkeley.edu/~daw/papers/setuid-usenix02.pdf Setuid Demystified
http://m.bacarella.com/papers/secsoft/ The Peon‘s Guide To Secure System Development
http://archive.devx.com/upload/free/features/zones/security/articles/2000/12dec00/mh1200/mh1200-1.asp 15 Tips for Secure Win32 Programming
Buffer overflow vulnerabilities exploitation technics
http://www.shmoo.com/phrack/Phrack49/p49-14 Smashing The Stack For Fun And Profit
http://phrack.org/phrack/55/P55-08 The Frame Pointer Overwrite (Off-by-one exploits)
http://www.phrack.com/phrack/57/p57-0x09 Once Upon a free()
http://diwww.epfl.ch/~ogay/advbof/advbof.pdf
http://diwww.epfl.ch/~ogay/advbof.tar.gz En Francais, tres complet, aborde tous les types de vulnerabilitees exploitables
http://www.cs.unm.edu/~ghandi/ SPARC Buffer Overflows (DEFCON 8, July 28, 2000, Las Vegas, NV.)
http://community.core-sdi.com/~juliano/exploit_tutorial.txt Writing buffer overflow exploits - a tutorial for beginners
http://www.corest.com/blackhat2002.htm Syscall Proxying - Simulating Remote Execution
Exploiting Buffer Overflows under Windows environment
http://www.ngssoftware.com/papers/bufferoverflowpaper.rtf
http://www.ngssoftware.com/papers/ntbufferoverflow.html Exploiting Windows NT 4 Buffer Overruns
http://www.ngssoftware.com/papers/non-stack-bo-windows.pdf Non-Stack Overflows on Windows
http://www.ngssoftware.com/papers/unicodebo.pdf Exploitation of UNICODE Buffer Overflows
Format string vulnerabilities exploitation technics
http://minimum.inria.fr/~raynal/ Howto remotely and automatically exploit a format bug
http://www.hert.org/papers/format.html Format string vulnerability
http://www.team-teso.net/articles/formatstring/ Exploiting format string vulnerabilities
http://online.securityfocus.com/archive/1/66842 Format Bugs: What are they, Where did they come from, ... How to exploit them
http://www.securityfocus.com/data/library/format-bug-analysis.pdf Analysis of Format Strings Bugs
http://www.gomor.org/Fichiers/tgz/fox0.1.tgz Howto exploit OpenBSD 2.7 ftpd format string
Other vulnerability types exploitation
http://razor.bindview.com/publish/papers/signals.txt Deliver signals for fun and profit
http://www.phrack.org/phrack/60/p60-0x0a.txt Basic Integer Overflows - by blexim
Secure programming and protection mecanisms
http://community.corest.com/~gera/InsecureProgramming/ Insecure Programming by example
http://community.core-sdi.com/~juliano/ Many resources on exploiting
http://www.lsd-pl.net/papers.html#assembly UNIX Assembly Codes Development for Vulnerabilities Illustration Purposes (HTML)
http://www.lsd-pl.net/documents/asmcodes-1.0.2.pdf UNIX Assembly Codes Development for Vulnerabilities Illustration Purposes (PDF)
http://www.lsd-pl.net/documents/winasm-1.0.1.pdf Win32 Assembly Components
http://www.bursztein.net/secu/rilc.html Using Environment for returning into Lib C
http://minimum.inria.fr/~raynal/index.php3?page=113 Secure Programming
http://www.enseirb.fr/~glaume/indexen.html A Buffer Overflow Study, Attacks & Defenses
http://immunix.org/StackGuard/discex00.pdf Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade
http://www.phrack.org/phrack/56/p56-0x05 Bypassing StackGuard and StackShield
http://www.corest.com/corelabs/papers Multiple vulnerabilities in stack smashing protection technologies
http://voodoo.somoslopeor.com/papers/nmap.html A practical approach for defeating Nmap OS-Fingerprinting
Security policy related papers
http://csrc.nist.gov/isptg/html/ISPTG-Contents.html Internet Security Policy: A Technical Guide
http://www.securityfocus.com/infocus/1193 Introduction to Security Policies, Part One: An Overview of Policies
http://www.sse-cmm.org/Papers/SSECMMv2Final.pdf Information Security involves a set of engineering processes
http://www.cert.org/archive/pdf/OCTAVEthreatProfiles.pdf OCTAVE Threat Profiles
http://csrc.nist.gov/cc/ Common Criteria for IT Security Evaluation
Wireless LAN related papers
http://www.cigitallabs.com/resources/papers/download/arppoison.pdf Wireless Access Points and ARP Poisoning:
http://www.netstumbler.com/ All you want to know about WLAN
http://www.dachb0den.com/projects/bsd-airtools/wepexp.txt Practical Exploitation of RC4 Weaknesses in WEP Environments
Fingerprinting
http://www.incidents.org/papers/OSfingerprinting.php Passive OS Fingerprinting: Details and Techniques
Microsoft security
http://www.securityfocus.com/cgi-bin/microsoft_topics.pl SecurityFocus Links
http://nsa1.www.conxion.com/win2k/guides/w2k-securityguides.zip Windows 2000 Guides
http://www.counterpane.com/pptpv2-paper.html Cryptanalysis of Microsoft‘s PPTP Authentication Extensions (MS-CHAPv2) (HTML)
http://www.counterpane.com/pptpv2.pdf Cryptanalysis of Microsoft‘s PPTP Authentication Extensions (MS-CHAPv2) (PDF)
http://people.hp.se/stnor/hpntbast13.pdf Building a Windows NT Bastion Host in Practice
Layer 2 protocols
http://www.securityfriday.com/promiscuous_detection_01.pdf Detection of Promiscuous Nodes Using ARP Packets
Certifications
http://www.cccure.org CISSP Open Study Guides
Spoofing
http://www.sans.org/cgi-bin/htdig/htsearch?method=and&config=htdig&words=ip+spoofing Spoofing with different protocols
Network protocols
http://www.sys-security.com/archive/papers/ICMP_Scanning_v3.0.pdf ICMP Usage In Scanning Research
http://rr.sans.org/audit/hping2.php The Hping2 Idle Host Scan
http://www.research.att.com/~smb/papers/ipext.pdf Security Problems in the TCP/IP Protocol Suite
Operating systems
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html Secure Deletion of Data from Magnetic and Solid-State Memory
Cross-site scripting vulnerabilites
http://www.cert.org/advisories/CA-2000-02.html Malicious HTML Tags Embedded in Client Web Requests
http://www.securityfocus.com/archive/1/138297 Full explanation, with useful links
http://www.jmu.edu/computing/info-security/engineering/issues/cross.shtml Cross-Site Scripting Web Vulnerability
Web-based attacks
http://www.securereality.com.au/studyinscarlet.txt Exploiting Common Vulnerabilities in PHP Applications
http://www.spidynamics.com/papers/SQLInjectionWhitePaper.pdf SQL Injection Are Your Web Applications Vulnerable
http://www.ngssoftware.com/papers/advanced_sql_injection.pdf Advanced SQL Injection In SQL Server Applications
http://www.nextgenss.com/papers/hpoas.pdf Hackproofing Oracle Application Server, David Litchfield
http://www.nextgenss.com/papers/iisrconfig.pdf Assessing IIS Configuration Remotely
http://www.cgisecurity.net/papers/fingerprinting-2.txt Fingerprinting Port80 Attacks
http://www.sensepost.com/misc/SQLinsertion.htm SQL insertion
http://www.idefense.com/sessionids.html Brute-Force Exploitation of Web Application Session IDs
Web security
http://www.redbooks.ibm.com/redpieces/pdfs/sg246846.pdf z/OS WebSphere and J2EE Security Handbook
Reverse Engineering
http://www.washington.edu/People/dad/ Many links on the subject, bookmarks from Dave Dittrich
Encryption
http://www.seifried.org/security/cryptography/20011108-end-of-ssl-ssh.html The end of SSL and SSH ?
Sniffing
http://robertgraham.com/pubs/sniffing-faq.html Sniffing (network wiretap, sniffer) FAQ
Misc.
http://www.lostpassword.com/excel.htm Password recovery tools
http://www.nii.co.in/tuaph.html The Unix Auditor‘s Practical Handbook
Security Ressources Sites
Security Ressources Sites
Security
ESL Sites
Redhat security
10 management web sites
Mobilizing Social Networking Sites
100 Web 2.0 Sites
Top 10 Sites for Teachers
【Weblogic Security In Action】
Bluetooth Security Still Wobbly
National Security Agency
Permeo Security Driver使用指南
Websense Security Labs
Permeo Security Driver使用指南
Homeland Security Presidential Directiv...
Are Retail Sites Driving Consumers to Stores?
Hotel Sites Go Back to Basics
Google Sites——维基后的弄潮儿
EECS Course WEB Sites from UCB
50 Web 2.0 Twitter Applications & Sites | Sho...
30+ Mind Blowing Sites Powered by Joomla
25 Sites We Can't Live Without
Top 1000 sites - DoubleClick Ad Planner