Links for Cyber Security Professionals
Penetration Testing Resources
- Open Web Application Security Project (OWASP) – Worldwide not-for-profit charitable organization focused on improving the security of especially Web-based and Application-layer software.
- Penetration Testing Execution Standard (PTES) – Penetration testing methodology.
Penetration Testing Distributions
- Kali – GNU/Linux distribution designed for digital forensics and penetration testing.
Multi-paradigm Frameworks
- Metasploit – Software for offensive security teams to help verify vulnerabilities and manage security assessments.
- Faraday – Faraday introduces a new concept – IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distribution, indexation and analysis of the data generated during a security audit.
Vulnerability Scanners
- Nessus – Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable.
- OpenVAS – Free software implementation of the popular Nessus vulnerability assessment system.
Web Scanners
- Nikto – Noisy but fast black box web server and web application vulnerability scanner.
- Arachni – Scriptable framework for evaluating the security of web applications.
- WPScan – Black box WordPress vulnerability scanner.
Network Tools
- nmap – Free security scanner for network exploration & security audits.
- tcpdump/libpcap – Common packet analyzer that runs under the command line.
- Wireshark – Widely-used graphical, cross-platform network protocol analyzer.
Web Application Testing
- OWASP Zed Attack Proxy (ZAP) – Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
- Fiddler – Free cross-platform web debugging proxy with user-friendly companion tools.
- Burp Suite – Integrated platform for performing security testing of web applications.
Windows Utilities
- Sysinternals Suite – The Sysinternals Troubleshooting Utilities.
OSINT Tools
- Maltego – Proprietary software for open source intelligence and forensics, from Paterva.
- Shodan – World’s first search engine for Internet-connected devices.
- recon-ng – Full-featured Web Reconnaissance framework written in Python.
- Virus Total – VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
Penetration Testing Report Templates
- Public Penetration Testing Reports – Curated list of public penetration test reports released by several consulting firms and academic security groups.
- Pentesting Report Template – www.testandverification.com
- Pentesting Report Template – www.crest-approved.org
- Pentesting Report Template – www.pcisecuritystandards.org
Vulnerability Databases
- Common Vulnerabilities and Exposures (CVE) – Dictionary of common names (i.e., CVE Identifiers) for publicly known security vulnerabilities.
- National Vulnerability Database (NVD) – United States government’s National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine.
- Microsoft Security Bulletins – Announcements of security issues discovered in Microsoft software, published by the Microsoft Security Response Center (MSRC).
- Microsoft Security Advisories – Archive of security advisories impacting Microsoft software.
- Open Source Vulnerability Database (OSVDB) – Historical archive of security vulnerabilities in computerized equipment, no longer adding to its vulnerability database as of April, 2016.
Security Courses
- Cybrary – Build your cyber security or IT career, for free. Join the world’s largest cyber security workforce development community now!
Awesome Lists
- Kali Linux Tools – List of tools present in Kali Linux.
- SecTools – Top 125 Network Security Tools.
- Pentest Cheat Sheets – Collection of the cheat sheets useful for pentesting.
- Python Tools for Penetration Testers – Lots of pentesting tools are written in Python.
- Infosec – A curated list of awesome infosec courses and training resources.
- PCAP Tools – Tools for processing network traffic.
News
- Cybrary’s Open Blog – is a user contributed cyber security knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.
- Cybrary’s Official Company Blog – You’ll find official announcements and other news and stories from the team and our friends in the cyber security industry.
- Twitter – Cyber Security Twitter Profiles to Follow.
- EC-Council Official Blog – Keep up with the latest Cybersecurity trends, official EC-Council news, and advice from the industry experts!
- Bleeping Computer – Millions of visitors come to BleepingComputer.com every month to learn about the latest security threats, technology news, ways to stay protected online, and how to use their computer more efficiently.
- The Hacker News – is a leading, trusted, widely-acknowledged dedicated cybersecurity news platform, attracting over 8 million monthly readers including IT professionals, researchers, hackers, technologists, and enthusiasts.
- Threatpost – is an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.
- Hacker Noon – is everything hackers need at noon.
- TechNative – is to offer the latest product and user news, in-depth features, reports and podcast & video interviews with the leaders in business technology.
- Infosecurity Magazine – has over ten years of experience providing knowledge and insight into the information security industry.
- Dark Reading – Long one of the most widely-read cyber security news sites on the Web, Dark Reading is now the most trusted online community for security professionals like you.
- GBHackers – is Advanced Persistent Cyber Security Online platform which including Cyber Security Research,Web Application and Network Penetration Testing, Hacking Tutorials,Live Security Updates, Technology updates, Security investigations With dedicated Cyber security Expert Team and help to community more secure.
- CIS Resources – CIS® (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats.
- Heimdal Security Blog – 50+ Amazing Internet Security Blogs You Should Be Following.
- Feedspot Security Blog – Top 100 Amazing Cyber Security Blogs You Should Be Following.
- IEEE Spectrum – IEEE is the world’s largest technical professional organization dedicated to advancing technology for the benefit of humanity.