A Guide to Building Secure Web Applications and Web Services
- A massive document covering all aspects of web application and web service security; published by the Open Web Application Security Project (OWASP). Current stable version is 2.0 (2006). Also available in Spanish. N.B.: Work on new revision started 2010-02-10.
A Linux-PAM page
- The primary distribution site for the Linux-PAM (Pluggable Authentication Modules for Linux) project. PAM is a flexible mechanism for authenticating users.
AFICK (Another File Integrity Checker)
- A fast and portable intrusion detection and integrity monitoring system, designed to work on all platforms. The configuration syntax is similar to tripwire/aide. Site also available in French. Latest stable release is 2.15-1, 2010-04-21
- A Slackware-based, live CD Linux security distribution with 300+ security tools useful for tasks such as security audits and penetration testing. This distribution evolved from the merger Whax and Auditor Security Collection distributions. Latest stable release is 4.0, 2010-01-01. Also available in Brazilian Portuguese, Chinese, Portuguese, and Spanish.
Bastille Linux - hardening script for security conscience
- The Bastille Hardening program "locks down" an operating system, proactively configuring the system for increased security and decreasing its susceptibility to compromise. It can also assess a system's current state of hardening, granularly reporting on each of the security settings with which it works. It currently functions on most major Linux distributions as well as Mac OSX and HP-UX. Latest release is 3.2.1, 2008-09-25.
- Bleachbit frees disk space and maintains privacy. It wipes clean 70 applications including Firefox, Flash, Google Chrome, Opera, Safari, Adobe Reader, and APT. Excellent multilingual support - available in 30+ languages. Latest release is 0.73, 2010-02-18.
Browser Security Handbook
- This handbook provides web application developers, browser engineers, and information security researchers with a one-stop reference to key security properties of contemporary web browsers. (2009)
Common Vulnerabilities and Exposures
- A list of standardized names for vulnerabilities and other information security exposures. The goal of CVE is to make it easier to share data across separate vulnerability databases and security tools.
- A utility for Linux operating systems which allows an ordinary user to mount an encrypted filing system without requiring superuser privileges. For use on systems using the 2.6 kernel series. Latest stable release is 4.0.2, 2009-12-12.
- Bruce Schneier's Crypto-Gram Newsletter is the one of best sources of information and analysis on computer and other security issues. Available in many languages.
Darik's Boot and Nuke (DBAN)
- A cross-platform application to wipe data off of a hard disk and return the disk to a pristine state for reuse. Latest stable release is 2.0.0, 2008-02-21.
Debian Security Audit Project
- The aim of the project is to audit as many of the packages within the Debian stable release as possible for potential flaws; important packages, which are contained in the unstable distribution, may also be examined for flaws as time permits.
Electronic Privacy Information Center
- A public interest research centre in Washington, D.C. It was established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the U.S. First Amendment, and constitutional values.
- A multipurpose sniffer/interceptor/logger for switched LAN. Latest stable release is 0.7.3, 2005-05-29.
Figaro's Password Manager 2
- A utility that securely stores the user's Web passwords. It is a Gtk2 port of Figaro's Password Manager with some new enhancements. Internationalization support: Basque, Bulgarian, Czech, English, French, German, Hungarian, Italian, Russian and Spanish. Latest release is 0.79, 2011-01-17.
- Freenet is free software which allows the user to anonymously share files, browse and publish "freesites" (web sites accessible only through Freenet) and chat on forums, without fear of censorship. Also available in Dutch, French, German, Italian, and Swedish. Latest stable release is 0.7.5, 2010-04-23.
Help Net Security
- Excellent meta site for webserver security, news, software and information.
- The Honeynet Project is a U.S.-based non-profit volunteer research organization dedicated to raising awareness to and improving the security of the Internet.
Insecure.Org -- Nmap Security Scanner
- Stealth port scanner for network security auditing, general internet exploration & hacking. Designed to rapidly scan large networks, although it works fine against single hosts. Latest stable release is 5.0, 2009-07-05.
LWN: Security Index
- This index covers articles that appeared in LWN on various security-related topics. Articles from 2007 onwards are indexed here.
- Honeypot software that sets up virtual machines with virtual vulnerabilities for potential crackers; aptly named after the LaBrea Tarpits in California. Latest release is 2.5, 2003-10-30. N.B.: This application still gets a fair number of downloads at SourceForge.
- This site contains primarily security-related articles, tips, and advice. Also included are tips for using LDAP as an address book, Mac OS X tips, book reviews, and software reviews.
Linux Security Documentation and Resources
- A comprehensive resouce centre; includes FAQs/HOWTOs, forums, whitepapers, resources on firewalls, host security, cryptography, network security, intrusion detection, securing Linux systems, a quick reference guide, and an administrator's guide.
Network Security Toolkit (NST)
- This bootable ISO live CD/DVD (NST Live) is based on Fedora. The toolkit was designed to provide easy access to best-of-breed open source network security applications for most x86/x86_64 platforms. Latest stable release is 2.13.0, 2010-10-06.
Open Source Software Security Wiki
- The purpose of this new site (2008) is to encourage public discussion of security flaws, concepts, and practices in the open source community. It is not intended to be an information clearinghouse, or to replace any of the current security lists and groups.
- The Open1X project is dedicated to bringing a free, open source 802.1X/WPA/WPA2/IEEE802.11i implementation to as many target platforms as possible. Latest stable release is 2.20, 2010-01-29.
OpenCA Research Labs
- An open organization that provides a framework for PKI (Public Key Infrastructure) studying and development of related projects.
OpenSSL: The Open Source toolkit for SSL/TLS
- A collaborative effort to develop a robust, commercial-grade, full-featured, and open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols. Latest major release is 1.0.0, 2010-03-29.
- An implementation of IPsec for Linux. It supports kernels 2.0, 2.2, 2.4 and 2.6, and runs on many different platforms. A code fork of the FreeS/wan project. Latest stable release is 2.6.25, 2010-03-21.
- A general Internet security site with some Linux information.
- A cross-platform password manager. Latest release is 1.5.3, 2010-05-06.
- A web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk. It runs on GNU/Linux, Windows, Mac OS X, OS/2, AmigaOS, BeOS, and most flavors of Unix. Latest stable release is 3.0.16, 2010-02-21.
RISKS-LIST: RISKS-FORUM Digest
- Forum on risks to the public in computers and related systems. Archives are available online from volume 1, 1985 to the present.
- A server for remote user authentication and accounting. Its primary use is for Internet Service Providers (ISPs). Latest release is 1.6.1, 2008-12-17.
Rootkit.nl - Protect Your Machine
- An Internet security website. It has security-related guides and articles as well as software. The three software projects are: Rootkit Hunter, Lynis, a security and system auditing tool, and Free BSD Easy Installation Generator.
Rule Set Based Access Control (RSBAC) - Homepage
- RSBAC (Rule Set Based Access Control) is an open source access control framework for current Linux kernels, which has been in stable production use since January 2000 (version 1.0.9a). Latest stable release is 1.44, 2010-04-22.
- A live CD Linux distribution with a vast collection of open source security tools.
SecurityFocus - Focus on Linux Mailing List
- This mailing list is strictly for Linux, and is recommended by computer security experts. There are lots of intelligent users that subscribe to this list so this is the site to visit if you have any security-related questions.
- An automated web application scanner that actively probes for vulnerabilities. Latest release is 1.31, 2010-04-13.
- A free, open source network intrusion detection and prevention system capable of performing real-time traffic analysis and packet logging on IP networks. There is extensive documentation. Latest release is 2.8.6, 2010-04-26.
- A steganography program that conceals data in various kinds of image- and audio-files. Latest release is 0.5.1, 2003-10-15. N.B.: this project still gets a fair number of downloads so that is why it remains on this site.
- A secure, decentralized, fault-tolerant file system. It is encrypted and spread over multiple peers in such a way that it remains available even when some of the peers are unavailable, malfunctioning, or malicious. Latest release is 1.82, 2011-01-30.
The phrack.com Homepage
- A hacker magazine by the community for the community; articles on a variety of tech issues including Linux as well as security issues.
- An anonymous Internet communication system. Great internationalization effort - ~15 languages. Latest stable release is 0.21.25, 2010-03-16.
- Cross-platform disk encryption software which features real-time, "on-the-fly" encryption (OHFE), encryption of an entire hard disk partition or a storage device such as a USB flash drive, and provides two levels of plausible deniability. Latest stable release is 7.01, 2010-09-06.
- An open source (GPLv2) security gateway complete with 14 applications including intrusion detection, spam, phish, and virus blocking, web content filtering, firewall, and remote access applications - VPN and remote access portal. Latest release is 7.3.0, 2010-06-03.
Welcome to CERT!
- A centre for Internet security research which studies Internet security vulnerabilities and long-term changes in networked systems, and develops information and training to help users improve security. Based at Carnegie Mellon University in the U.S.A.
Zebedee: Secure TCP/IP Tunnel
- A simple program to establish an encrypted, compressed tunnel for TCP/IP or UDP data transfer between two systems. Latest stable release is 2.4.1A, 2005-09-06. N.B.: This project continues to get downloads on SourceForge despite no development to speak of since 2005.