I stepped into Application security evangelist role recently. As part of my responsibilities, I need to stay abreast of security issues. Can you please recommend some good websites that provide industry updates related to Web/Database security as well as on languages such as Java C# and Python. Appreciate any other advice as well to be successful in the role.
Asked
Active
Viewed 136 times
0
-
Slashdot is a good site for security as a whole. – dgatwood Aug 09 '16 at 04:53
1 Answers
3
Wow, there are lots of great sites. I would recommend:
- DISA STIGs for configuration of Operating Systems, Databases, and Web Servers.
- Open Web Application Security Project - is one of the leading application security organizations, and has a website with excellent resources including the OWASP Top 10, Application Security Verification Standard (ASVS), and Software Assurance Maturity Model (SAMM).
- OWASP and BSides both have good local confernences in different areas of the country, in addition to the bigger OWASP AppSec conferences.
- Microsoft Security Development Lifecycle and associated material they have created.
Some blogs (roughly prioritized...I think Ars Technica would cover you so you don't miss anything major in the area:
- http://arstechnica.com/security/ (general news)
- https://www.schneier.com (mix of policy and technical)
- http://www.darkreading.com (general news)
- http://threatpost.com (general news)
- http://blogs.csoonline.com (general news, and many specialized topics)
- http://krebsonsecurity.com (cyber crime reporting)
- http://www.securingthehuman.org/blog (social engineering oriented)
Veracode and Cigital also both have good blogs, although they are vendor flavored/biased. Cigital's Gary McGraw also has a good podcast, the Silver Bullet, which focuses on Application Security. I think the best all around podcast for security is Risky Business.
I don't know of resources specific to security developments/news by language. You may want to watch the National Vulnerability Database or other sources for new vulnerabilities (by CVE) associated with the software stack you use.
I'd be glad to hear additional ideas in the comments or added to this answer.
quantro
- 138
- 4