Security References#
Advantage in cybersecurity is gained by harnessing smart ideas. So we collect resources that work and are open to use. So open licensed cybersecurity references are preferred instead of resources that are a fad based on the latest technology buzz.
Creating a good solid cyber security solution is complicated. So the most valuable tip is:
Use and reuse good knowledge
Using and reusing good open cyber security references saves you time and improves the quality of your solution.
Good and excellent knowledge for building better security solutions is available under an open access licenses. This is why all references in this section are open access references or available for free under an open liberal license.
Too often information behind paywall turns out to be a fad or pure marketing information. So be warned!
Attacks methods#
Rowhammer: http://www.thirdio.com/rowhammer.pdf or https://en.wikipedia.org/wiki/Row_hammer
DDos: https://www.us-cert.gov/sites/default/files/publications/DDoS Quick Guide.pdf
Learning from attacks#
Key Reinstallation Attacks- Breaking WPA2 by forcing nonce reuse (KRACK). With hands-on description, check it out: https://www.krackattacks.com/
Thread Models#
The OWASP Automated Threat Handbook provides actionable information and resources to help defend against automated threats to web applications. https://www.owasp.org/images/3/33/Automated-threat-handbook.pdf
The Cyber Law Toolkit#
The Cyber Law Toolkit is a dynamic interactive web-based resource for legal professionals who work with matters at the intersection of international law and cyber operations. The Toolkit may be explored and utilized in a number of different ways. At its core, it presently consists of 25 hypothetical scenarios. Each scenario contains a description of cyber incidents inspired by real-world examples, accompanied by detailed legal analysis.
Great toolkit, with all material available under a nice CC BY-SA 4.0 license.
Check the toolkit on: https://cyberlaw.ccdcoe.org/wiki/Main_Page
The Common Criteria for Information Technology Security Evaluation (CC)#
If you want to launch a product is many countries and want to make sure you follow all regulations per country: A smart thing is to make use of the common criteria checks.
The Common Criteria for Information Technology Security Evaluation (CC), and the companion Common Methodology for Information Technology Security Evaluation (CEM) are the technical basis for an international agreement, the Common Criteria Recognition Arrangement (CCRA), which ensures that:
Products can be evaluated by competent and independent licensed laboratories so as to determine the fulfilment of particular security properties, to a certain extent or assurance;
Supporting documents, are used within the Common Criteria certification process to define how the criteria and evaluation methods are applied when certifying specific technologies;
The certification of the security properties of an evaluated product can be issued by a number of Certificate Authorizing Schemes, with this certification being based on the result of their evaluation. These certificates are recognized by all the signatories of the CCRA.
More information on: https://www.commoncriteriaportal.org/
Mozilla Information Security Guides#
Security Assurance and Security Operations.Technical guidelines, principles and general information as used by the infosec team of Mozilla.