Wednesday, November 05, 2008
Saturday, October 18, 2008
Wednesday, September 10, 2008
Friday, May 30, 2008
'1. Tavis Ormandy, Google Security Team'
'2. Ivan Krstic, One Laptop Per Child'
'3. Chris Paget, IOActive'
'4. Bunnie Huang, Bunnie Studios'
'5. Michal Zalewski, Google'
'6. Window Snyder'
'7. The MOAB Hackers'
'8. Dino Dai Zovi'
'9. Michael Howard, Microsoft'
'10. HD Moore, Metasploit '
'11. Dave Aitel, Immunity'
'12. Bronwen Matthews, Microsoft'
'13. John Pescatore, Gartner'
'14. Rob Thomas and Team Cymru'
'15. Stefan Esser, Hardened PHP Project'
The original article can be found at :
Friday, February 08, 2008
Here are my two words, might help for your CISSP prep.
My Date :
Changes Since :
A new topic on Application Security has been added into the 10 domains
4 to 6 months
Books Covered :
1] ISC2 Official Guide for CISSP ( 1st Priority )
( http://www.amazon.com/Official-ISC-Guide-CISSP-Press/dp/0849382319/ref=sr_1_1/104-1441772-1525525?ie=UTF8&s=books&qid=1202456055&sr=1-1 )
2] Shon Harris
( http://www.amazon.com/CISSP-Certification-All-One-Guide/dp/0071497870/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1202456103&sr=1-1 )
3] Wiley - CISSP Prep Guide ( good as aux. info, can do without it )
( http://www.amazon.com/CISSP-CAP-Prep-Guide-Platinum/dp/0470007923/ref=sr_1_3?ie=UTF8&s=books&qid=1202456134&sr=1-3 )
4] cccure.org ( Good to cover corner concepts, limited use cosidering actual exam questions )
( http://www.cccure.org/ )
5] Hal Tipton - Information Security Management Handbook ( Awesome resource - only if you have >= 6 months )
( http://www.amazon.com/Information-Security-Management-Handbook-CD-ROM/dp/1420060457/ref=sr_1_3/104-1441772-1525525?ie=UTF8&s=books&qid=1202456055&sr=1-3 )
6] Michael Overly Guide ( for last 15 days )
( http://www.cccure.org/ )
Study Plan :
Would recommend giving a serious 4-6 months of dedicated effort, completing the ISC2 official guide first. Then Shon Harris, and then the rest if time permits. Prepare in a group. For the last 15 days refer Michael Overly.
All the best.
My Favorite Topics :
Telecommunication and Network Security
Monday, January 21, 2008
Information Privacy - CIPP -
Fraud Review - CFE -
IT Audit - CISA /CISM -
Internal Audit - CIA -
IT Infrastructure - ITIL -
Business Continuity and Disaster Recovery - CBCP -
Thursday, January 10, 2008
When a customers development team was recently asked to use the AntiXSS library, validate input and encode output for their web interface they replied (and I quote) “we do not use cross site scripting”.
If any customer ever asks the single most effective thing to affect a positive change on their software security security program I always respond with education and awareness. Pound for pound, dollar for dollar it is the most effective tool anyone has.