Security
General
News
Firewalls
csf/lfd
- http://blog.configserver.com/ - software update news
Passwords
Logging
http://www.fail2ban.org/wiki/index.php/Main_Page
Hardening
AppArmor
SELinux
Detection
Shells
- http://lshell.ghantoos.org/ - limited shell
Honeypot
Cryptography
- https://developer.mozilla.org/en/docs/Introduction_to_Public-Key_Cryptography
- http://en.wikipedia.org/wiki/Public-key_cryptography
- http://en.wikipedia.org/wiki/Public-key_infrastructure
RSA
EC
Encryption
See also Comms#Encryption
File system
- http://www.truecrypt.org/ - hard drive space
Other
- http://www.keepassx.org/ - passwords
- http://www.schneier.com/solitaire.html
- http://security.stackexchange.com/questions/25375/why-not-use-larger-cipher-keys
Homomorphic
SSL/TLS
- Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the Internet. They use asymmetric cryptography for authentication of key exchange, symmetric encryption for confidentiality and message authentication codes for message integrity. Several versions of the protocols are in widespread use in applications such as web browsing, electronic mail, Internet faxing, instant messaging and voice-over-IP (VoIP).
In the TCP/IP model view, TLS and SSL encrypt the data of network connections at a lower sublayer of its application layer. In OSI model equivalences, TLS/SSL is initialized at layer 5 (the session layer) then works at layer 6 (the presentation layer): first the session layer has a handshake using an asymmetric cipher in order to establish cipher settings and a shared key for that session; then the presentation layer encrypts the rest of the communication using a symmetric cipher and that session key. In both models, TLS and SSL work on behalf of the underlying transport layer, whose segments carry encrypted data.
HTTPS
- https://www.tbray.org/ongoing/When/201x/2012/12/02/HTTPS - basic intro
- Living with HTTPS (19 Jul 2012)
- OWASP Top 10 for .NET developers part 9: Insufficient Transport Layer Protection - Touching on HTTPS, SSL and TLS
- http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html
- SSL/TLS Deployment Best Practices - tutorial whitepaper
- http://en.wikipedia.org/wiki/Server_Name_Indication - allows more than one domain per ip address, not supported my older browsers
Certificates
Wildcard
CAs
Services
- https://www.ssl2buy.com/alphassl-wildcard.php
- http://www.vpsnodebox.com/ssl-certificates - AlphaSSL - GlobalSign certificate.
- http://lowendtalk.com/discussion/4495/regular-and-wildcard-alphassl-certificates-for-everyone-for-cheap
- HN discussion: $50 comodo wildcard SSLs (while they last)
- http://www.garrisonhost.com/ssl.htm
- http://www.rapidssl.com/buy-ssl/ssl-certificate/index.html
- http://www.rapidssl.com/buy-ssl/wildcard-ssl-certificate/index.html
Self-signed
Vulnerable to MITM as cracker can generate their own.
- How to Create A Self Signed Certificate - sslshopper.com
- How to create a self-signed SSL Certificate which can be used for testing purposes or internal usage
Cacert.org
Community group providing certs. Web of trust based assurance point system. Not carried by major browsers, just Linux distros.
StartCom
Free certs, one cert per domain, 1 year.
Tools
PFS
DNSSEC
- http://jpmens.net/2011/02/16/ssl-certificate-validation-and-dnssec/
- http://blog.huque.com/2012/10/dnssec-and-certificates.html
- http://blogs.cisco.com/security/top-of-mind-problems-with-ssl-solved-with-dnssec/
DANE
Articles
Future
HTML
Scripting
Vulnerabilities
Legal
- http://safeharbor.export.gov/list.aspx - UK DPA safe harbours
UX
Resources
Testing
Metasploit
Other
- w3af is a Web Application Attack and Audit Framework. The project's goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.