Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 9 years ago.
Improve this question
Where should one go to be kept updated on all of the security flaws/problems floating around? Specially in the era of open source where we tend to use libraries from everywhere.
Here's a quick list:
CVE
Security Focus
Secunia
CERT
FrSIRT
SecWatch
OWASP
Defense Information Systems Agency - Information Assurance Support Environment
Defense Information Systems Agency - Security Technical Implementation Guides
Defense Information Systems Agency - Security Readiness Review Evaluation Scripts
I find these links useful as a defense contractor, but they might have use for civilian applications as well. Look at the SRR scripts as a way to detect possible vulnerabilities on a system you are trying to secure.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a book, tool, software library, tutorial or other off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 8 years ago.
Improve this question
Would like to know if anybody knows any free(trial) time-stamp server service.
I would like to test time stamping features in itext. Like I used Start Com class 1 as free CA for testing purposes. Hope I made it clear. Hoping someone knows a place
Thanks
You can try one of these publicly accessible RFC 3161 compliant time-stamping services:
https://freetsa.org
Supports HTTP, HTTPS and TCP transports and has other features
http://time.certum.pl
http://dse200.ncipher.com/TSS/HttpTspServer
http://tsa.safecreative.org
5 free requests per day (may not be valid as root CA is 'test') - Safe Creative TSA is no longer active
http://zeitstempel.dfn.de
http://tsa.tecxoft.com
Requires registration
http://timestamp.comodoca.com/rfc3161
http://sha256timestamp.ws.symantec.com/sha256/timestamp
https://timestamp.geotrust.com/tsa
http://timestamp.globalsign.com/scripts/timstamp.dll
https://ca.signfiles.com/tsa/get.aspx
http://services.globaltrustfinder.com/adss/tsa
https://tsp.iaik.tugraz.at/tsp/TspRequest
You can also try one of these publicly accessible RFC 3161 compliant client applications:
TimeStampClient
Feel free to edit the answer and extend the list.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 8 years ago.
Improve this question
Where is a good place to start with cyber security, not necessarily directly related to programming?
I'm looking to cover a wide range of issues:
Fire walls
Networking setup
XSS
SQL Injection
An then other things I don't know I don't know.
My current experience is some programming, some networking. I know to clean my user input before sending to a database, etc.
Where should I start? I'd like some print books to read, but other resources are also welcome.
As you're new to the topic and don't yet have specialised in a specific area of computer security, I highly recommend http://www.securitytube.net/. It offers a huge amount of free video based tutorials and other video material you can learn from. Especially you should go for the "Megaprimers" :)
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 8 years ago.
Improve this question
I have an IIS webserver that is crashing occasionally. It always works just fine after restarting the AppPool. I have logging configured for the website in a standard W3C format. Looking through the logs for useful information is like sifting through vomit for a tasty treat. Are there any good tools out there for making these logs more readable? User Friendly? Useful?
Check out Smarter Stats from http://www.smartertools.com/smarterstats/web-analytics-seo-software.aspx
The free edition is really nice.
Nihuo web log analyzer is very simple, easy to configure and very good in analyzing iis and apache access log files. The reports generated by this tool are also very good.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 8 years ago.
Improve this question
Are there any pen-testing agencies that tests nodejs applications? And are there any good tools with wich you can do it yourself?
Regardless of what platform you choose a lot of the same vulnerabilities are found. I recommend the open source project skipfish or a service like Sitewatch. Skipfish doesn't have a JavaScript interpreter, so if you use client side js heavily then you should go with the open source Grendel-Scan.
Zaproxy, is a great tool for web application pentest http://sourceforge.net/projects/zaproxy/files/
A bit late in the day, however www.ZeroDayLab.com specialise in app security scans like this.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 8 years ago.
Improve this question
Hi Ive been planning on doing a social network project and im wondering if there are readings on UX Design that I can read to base my site design on. Thanks.
Check out this question. My personal favorite is Steve Krug's Don't Make Me Think.
You might be interested in reading specifically about how other social networking sites are reviewed.
Like when Facebook Redesigned:
http://www.techcrunch.com/2006/09/05/new-facebook-redesign-more-than-just-aesthetics/
Or a Twitter lead designer profile:
http://www.fastcompany.com/blog/cliff-kuang/design-innovation/design-mind-behind-twitter-hes-21
How Ning works:
http://www.technologyreview.com/communications/18321/
Definitely use as many social networking sites as possible to get inspired.
I have found Seductive Interaction Design helpful. There is a section about profile completeness and how to incorporate positive goals that compels your user to take the steps necessary towards completeness.
http://www.amazon.com/Seductive-Interaction-Design-Effective-Experiences/dp/0321725522
Other helpful sections on how to build in fun distractions and more importantly coming on too strong (and how not to!).
Hope this helps!