Security Links PHP: § Good upcoming security forum http://www.security-forums.com § A totally HUGE security archive http://neworder.box.sk/. § Current and archived exploits http://www.securiteam.com/exploits/. § 'Underground' search engine http://www.warez.com/. § Default logins for all sorts of devices http://www.mksecure.com/defpw/. § One of the top mainstream security sites http://www.securityfocus.com/. § TESO Computer security http://teso.scene.at/. § Asian security group, lotsa advisories http://www.shadowpenguin.org/. § w00w00 Security development http://www.w00w00.org/. § USSR a strong security group http://www.ussrback.com/. § Good all around security site http://www.packetstormsecurity.nl. § SANS Security Institute with articles on EVERYTHING http://www.sans.org/. § A Fairly immense WWW security FAQ http://www.w3.org/Security/Faq/. § Computer Security Encylopedia http://www.itsecurity.com/. § Java Security informationhttp://java.sun.com/security/. § Help Net Security http://www.net-security.org/. § Security Search Engine http://searchsecurity.techtarget.com/. § FreeBSD security information http://www.freebsd.org/security/. § Netscape security information http://home.netscape.com/security/. § Linux security community centre http://www.linuxsecurity.com/. § Dutch Security Information Network http://www.dsinet.org/. § A once great site from a white hat hacker http://www.antionline.com/. § Network Security Library http://secinf.net/. § Infamous happy hacker http://www.happyhacker.org/. § Infosec papers and articles http://www.infosecwriters.com/ § The BIGGEST security/privacy/crypto software archive http://www.wiretapped.net/ § The Info Sec Bible http://www.securityflaw.com/bible § Government Incident Advisory service http://www.ciac.org/ciac/ § The ultimate resource for all security tools http://www.networkintrusion.co.uk Privacy and Anonymity я All about privacy http://www.privacy.net. я Well known privacy/security portal http://www.cotse.com я Anonymity, privacy and security http://www.stack.nl/~galactus/remailers/. я Free, anonymous web surfing http://www.anonymizer.com/. я IDSecure service http://www.idzap.com/. я News, information and action http://www.privacy.org/. я Sam Spade Tools http://www.samspade.org/t/. я International PGP homepage http://www.pgpi.org. я Encryptable web-mail http://www.hushmail.com/. я Anonymity software http://www.skuz.net/potatoware/. я REALLY delete your data http://www.cs.auckland.ac.nz/~pgut001/pubs/. я Anonymous access http://www.safeproxy.org/. я Web privacy http://www.rewebber.de/. я Web anonymiser list http://mikhed.narod.ru/en/free_proxy/cgi-proxy.htm я JAP http://anon.inf.tu-dresden.de/index_en.html Cryptography & Encryption ж All about RSA http://www.rsasecurity.com/. ж Cryptography Archives http://www.kremlinencrypt.com/. ж Cryptography links http://cryptography.org/freecryp.htm. ж Cryptography Info http://world.std.com/~franl/crypto/. ж DriveCrypt http://www.e4m.net/. ж CCIPS http://www.cybercrime.gov/crypto.html. ж Cryptography resource http://www.crypto.com/. ж Bruce Schneier's operation http://www.counterpane.com ж Huge Crypto archive http://www.cryptome.org ж An upto date thread containing crypto links http://www.security-forums.com/forum/viewtopic.php?t=4761 ж Various info mainly on PGP http://www.skuz.net/. Linux/BSD/UNIX о http://www.linux.org. о http://www.redhat.com . о http://www.debian.org. о http://linux.pagina.nl. о http://www.linux.com. о http://www.linux-mandrake.com/. о http://www.slackware.com. о http://www.linux-firewall-tools.com/linux/. о http://www.suse.com/. о http://linux.box.sk. о http://www.linuxiso.org/. о http://www.distrowatch.com/. о http://www.freebsd.org. о http://www.openbsd.org. о http://www.netbsd.org. о http://wwws.sun.com/software/solaris/binaries/index.html о http://www.gentoo.org/ о http://www.turbolinux.com/ о http://www.lycoris.com/ о http://www.lindows.com о http://www.trustix.net/ о http://www.yellowdoglinux.com/ о http://www.knopper.net/knoppix/ Zines & Texts ь Great UK Zine http://www.f41th.org/. ь 2600 The hacker quarterly http://www.2600.com/. ь Massive Tutorial selection http://www.tutorialfind.com/tutorials. ь Online book collection http://www.maththinking.com/boat/booksIndex.html. ь Internet FAQ archive http://www.faqs.org/. ь The Linux documentation Project http://www.tldp.org/ ь Another fine member of the box network http://black.box.sk. ь Even more info from the box network http://blacksun.box.sk. ь Internet How To archive http://www.howtos.nl/. ь 45,000 text files old skool style http://www.textfiles.com. ь Linux Networking Overview http://www.ibiblio.org/mdw/HOWTO/. ь Currently the only Defacement mirror http://www.zone-h.org/. Virii/Trojans & Firewalls ї Trojan archive http://packetstormsecurity.nl/trojans/. ї Fearless, everything Trojan http://www.areyoufearless.com/ ї Up to date Trojan archive http://www.trojanforge.net/ ї A good archive with info on each one http://www.dark-e.com/archive/trojans/index.shtml ї Sub7's official Home Page http://www.sub7.net/ ї Another comprehensive Trojan archive http://www.tlsecurity.net/amt.htm. ї Home of BackOrifice http://www.cultdeadcow.com/. ї Huge Trojan removal database http://www.anti-trojan.org/. ї Excellent Anti-Viral software and Virii Database http://www.sophos.com/. ї Mcafee's Searchable Virus Information Library http://vil.mcafee.com/. ї Firewall Guide http://www.firewallguide.com/. ї Firewall FAQ http://www.interhack.net/pubs/fwfaq/. ї Firewall How To http://www.grennan.com/Firewall-HOWTO.html. ї Squid http://www.squid-cache.org/. ї Excellent virus news and info http://www.antivirus-online.de/english/. ї The ULTIMATE IPTables resource http://www.linuxguruz.org/iptables/. Tools Security » THE ultimate port scanner nmap. http://www.insecure.org/ » The one and only NT password cracker l0phtcrack 3. http://www.atstake.com/research/lc/ » Get the latest version of john the ripper. http://www.openwall.com/john/ » Windows process listener Inzider.http://www.ntsecurity.nu/toolbox/inzider/ » hping craft those packets http://www.hping.org/ » Netcat, hackers swiss army knife http://freshmeat.net/projects/netcat/ » TCPDump for packet aquisition http://www.tcpdump.org/ » The ONLY packet sniffer http://www.ethereal.com/ » Firewalk http://www.packetfactory.net/firewalk/ » Network grep http://www.packetfactory.net/projects/ngrep/ » Fragrouter http://packetstormsecurity.nl/UNIX/IDS/nidsbench/fragrouter.html » The best OS fingerprinter http://www.sys-security.com/html/projects/X.html » Fport port mapper http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/fport.htm » Tripwire Integrity checker http://www.tripwire.org/ » Check for rootkits http://www.chkrootkit.org/ » Open source intrusion detection http://www.snort.org/ » Security Scanner http://www.nessus.org/ » Paketto toolkit http://www.doxpara.com/read.php/code/paketto.html » Ettercap multipurpose sniffing http://ettercap.sourceforge.net/ » Whisker CGI Scanner http://sourceforge.net/projects/whisker/ » Another huge CGI scanner http://www.cirt.net/code/nikto.shtml » Kismet 802.11 sniffer http://www.kismetwireless.net/ » Airsnort the original WLAN sniffer http://airsnort.shmoo.com/ » NBTScan, NetBIOS network name scanner http://www.inetcat.org/software/nbtscan.html » Honeyd, your own honeydaemon http://www.citi.umich.edu/u/provos/honeyd/ » STunnel, secure SSH wrapper http://www.stunnel.org/ Anti-virus » Sophos - Good cross platform AV, updates can be a problem http://www.sophos.com/ » AVG Anti Virus - Provides a free AV solution, technically strong http://www.grisoft.com/ » Panda Software Includes a free online anti-virus scanner for Windows http://www.panda-software.com/ » Mcafee - Well it's ok http://www.mcafee.com/ » Norton - Standard AV solutions for Windows, Corporate editions of both (Norton and McAfee) are reasonable http://www.symantec.com/ » Kaspersky - My preferred AV solution, the most technically capable AV engine http://www.kaspersky.com/ » NOD32 - Small company, but technically strong. Slow on updates http://www.nod32.com/ » Trend/PcCillin - Has improved a lot lately, also provides online scanner http://www.trendmicro.com/ » Vet - Australian AV vendor http://www.vet.com.au/ » Norman - No experience of this one. http://www.norman.com/ » F-Secure - Very technically powerful software with a long history. http://www.f-secure.com/ » Bitdefender - Also has a free AV version with online scan. http://www.bitdefender.com/ » OpenAntiVirus - Open source AV solution. http://www.openantivirus.org/ Personal Firewalls » Kerio Personal Firewall - http://www.kerio.com/us/kpf_home.html » ZoneAlarm - http://www.zonelabs.com/ » Tiny Personal Firewall - http://www.tinysoftware.com/ » BlackIce - http://blackice.iss.net/ » Sygate Personal Firewall Pro - http://smb.sygate.com/products/spf_pro.htm » Agnitum Outpost - http://www.agnitum.com/products/outpost/ » Mcafee Personal Firewall - http://www.udsl.com/www.mcafee.com/myapps/firewall/ov_firewall.asp » Norton Personal Firewall - http://www.symantec.com/sabu/nis/npf/ » PrivateFirewall - http://www.privacyware.com/PF.html » Armor2Net - http://www.armor2net.com/ » ETrust EZ Firewall - http://www.my-etrust.com/products/Firewall.cfm » Freedom Firewall - http://www.freedom.net/products/firewall/index.html » Preventon - http://www.freedom.net/products/firewall/index.html » Steganos Online Sheild - http://www.steganos.com/en/sos/index.htm » Kasperksy Anti-Hacker - http://www.kaspersky.com/buyonline.html?chapter=964564 » Visnetic - http://www.deerfield.com/products/visnetic_firewall/ » Norman Personal Firewall - http://www.norman.com/products_npf.shtml Linux based firewall solutions » IPCop - http://www.ipcop.org/ (My favourite) » Clark Connect - http://www.clarkconnect.org/ » Smoothwall - http://www.smoothwall.org/ » Dubbele - http://www.dubbele.com/. » Astaro Security Linux - http://www.astaro.com/ » IGWall - http://www.infoguard.ch/en/templates/TmpFreestyle.cfm?contentID=1&um1ID=70 » LRP - http://www.linuxrouter.org/ » E-smith - http://www.e-smith.org/ » ClosedBSD - http://www.closedbsd.org/index.html%20 » FloppyFW - http://www.zelow.no/floppyfw/ » Freesco - http://www.freesco.org/ » TheWall - http://thewall.sourceforge.net/ » LEAF - http://leaf.sourceforge.net/ (the best of the floppy lot) Commercial Firewall solutions/Appliances » Netscreen - http://www.netscreen.com/ » Watchguard - http://www.watchguard.com/ » SonicWall - http://www.sonicwall.com/. » Barricade - http://www.privador.com/?op=body&id=13 » Nokia - http://www.nokia.com/securitysolutions/ » Checkpoint - http://www.checkpoint.com/ » Cisco PIX - http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/ » Spearhead - http://www.sphd.com/ » Protectix Prowall - http://www.protectix.com/ » Microsoft ISA - http://www.microsoft.com/isaserver/ » Symantec Enterprise Firewall - http://enterprisesecurity.symantec.com/products/products.cfm?productid=47&EID=0 Scene µ The only scene site you need http://www.stolemy.com/ (ISOnews). µ Check out the quality http://www.vcdquality.com µ VCD site http://www.vcdhelp.com/. µ Great site for Dreamcast stuff http://www.dccopyworld.com/. µ The BEST for serials, cracks and keygens http://astalavista.box.sk/. µ The best site for free DVD software http://www.dvdsoft.net. µ Massive scene archive, easily as good as isonews http://www.nforce.nl News Groups A great source of information, discussion and answers to questions (or flames) depending how you put them ;) с alt.hacking. с alt.binaries.hacking.beginner. с alt.computer.security. с alt.security. с alt.os.security. с alt.security.pgp. с alt.security.pgp.patches. с comp.os.linux.security. с comp.os.ms-windows.nt.admin.security. с comp.security.unix. с comp.security.pgp.backdoors. с comp.security.unix. с microsoft.public.security. с microsoft.public.sqlserver.security. с microsoft.public.win2000.security. 'Legal' Hacking Р Hack me http://loginmatrix.com/hackme/. Р Try2Hack http://www.try2hack.nl/. Р Hack3r/Roothack http://roothack.org/. Р Pull The Plug http://www.pulltheplug.com/. Р Root wars http://rootwars.org/. Р Hackers lab http://www.hackerslab.org/. Р Datafort http://hack.datafort.net/ Р Arcanum, Hard! http://www.arcanum.co.nz/ Р NGSec Challenge http://quiz.ngsec.biz:8080/ Programming General Scripts, Source and Books http://www.scriptsearch.com/. Programmers Heaven http://www.programmersheaven.com/. Loads of tutorials http://www.echoecho.com. Plenty of Web Development scripts http://www.hotscripts.com. Code for everything http://www.planet-source-code.com/ Freshmeat OS projects http://freshmeat.net Sourceforge! The ultimate http://sourceforge.net Thousands of HowTo's http://www.howtos.nl MS Development Centre http://search.microsoft.com/us/dev/default.asp Excellent Programmers tools archive http://protools.cjb.net PC Programming information http://www.epanorama.net/links/pc/programming.html 3000+ Programming resources http://stommel.tamu.edu/%7Ebaum/programming.html JAVA & JavaScript Resources Java & Internet Glossary http://www.mindprod.com/jgloss.html. Java homepage http://java.sun.com/. Absolute Java FAQ http://www.javafaq.nu/. Thinking in Java http://www.mindview.net/Books/TIJ/. JavaScript Resource http://www.javascript.com. JavaScripts,tutorials & references http://javascript.internet.com/. C/C++ & UNIX/Linux programming UNIX programming links http://www.cs.buffalo.edu/%7Emilun/unix.programming.html UNIX programming FAQ http://www.erlenstar.demon.co.uk/unix/faq_toc.html UNIX Sockets in C FAQ http://www.manualy.sk/sock-faq/unix-socket-faq.html Mostly C/C++ information http://vasyaa.tripod.com/ C Course http://www.strath.ac.uk/IT/Docs/Ccourse Another good C course http://www.eskimo.com/~scs/cclass/notes/top.html PHP Resources PHP home page http://www.php.net. PHP from hotscripts http://www.hotscripts.com/PHP/. PHP resource index http://php.resourceindex.com/. PHP FAQ's http://www.faqts.com/. PHP Developer resources http://www.phpbuilder.com/. Building dynamic sites with PHP http://www.phpwizard.net. PHP Developer network http://www.evilwalrus.com/. PHP Tutorials and more http://www.thescripts.com/serversidescripting/php. PHP and MySQL tips and tutorials http://www.sitepoint.com/subcat/98 Webmonkey PHP resource http://hotwired.lycos.com/webmonkey/programming/php/index.html Zend PHP tutorials http://www.zend.org/zend/tut/ Applied OO PHP http://www.horde.org/papers/kongress2002-design_patterns/ PHPPatterns http://www.phppatterns.com/ PHPArena http://www.phparena.net/ How do I make skins? http://www.domesticat.net/skins/howto.php PHPGuru http://www.phpguru.org/ ASP Resources ASPTear http://www.alphasierrapapa.com/IisDev/Components/AspTear/. ASP Codes and techniques http://www.asptoday.com/. ASP, HTML, SQL and more http://www.w3schools.com/. Think ASP think... http://www.4guysfromrolla.com/. ASP 101 http://www.asp101.com/. ASP developers site http://haneng.com/. PERL Resources PERL Archive http://www.perlarchive.com/. PERL tutorials http://www.perlmonks.org/index.pl?node=Tutorials. Old school PERL programming http://www.cgi101.com/. Databases/SQL MySQL home http://www.mysql.com. PostgreSQL home http://www.postgresql.org/. Firebird http://sourceforge.net/projects/firebird/ Various Others Windows programming tools http://www.programmerstools.org/. The art of Assembly http://webster.cs.ucr.edu/Page_asm/ArtofAssembly/0_ArtofAsm.html Python homepage http://www.python.org/. Object Oriented Programming http://www.oopweb.com/. XML 101 http://www.xml101.com. Dev-X XML zone http://www.devx.com/xml/. Search Engines ю The daddy of all search engines http://www.google.com. ю Web index pioneer http://www.yahoo.com. ю Huge numbers of results, relevance questionable http://www.altavista.com. ю C-net's offering http://www.search.com. ю Pretty good http://www.dogpile.com. ю Touted as the fast search http://www.alltheweb.com. ю The Wolf-Spider, also owns Hotbot below http://www.lycos.com/. ю Parallel scalable searching http://www.hotbot.com/. ю One of the best also owns entry below http://www.excite.com/. ю Easy to use http://www.webcrawler.com/. ю Maybe remembered as Goto.com http://www.overture.com/. ю Not as good as it once was http://www.infoseek.com/. ю Popular with beginners http://www.mamma.com/. ю Paid listing search engine http://www.northernlight.com/. ю Answers your questions *sometimes* http://www.ask.com/. ю IMO *THE* best place for finding definitions http://whatis.techtarget.com/. ю RFC search http://www.rfc-editor.org/. ю Search the search engines http://www.metacrawler.com/. ю Netscape Netcenter http://www.netcenter.com/. ю FTP Search http://www.alltheweb.com/?cat=ftp&cs=utf-8&q=&_sb_lang=en. ю Shareware/Freeware Engine http://www.tucows.com. ю Another Shareware/Freeware Engine http://shareware.cnet.com. ю Freeware site http://www.brothersoft.com/. ю Good Freeware site with reviews http://www.webattack.com/. ю A piece of software, but excellent for searches http://www.copernic.com/. I bet you didn't know there were so many ;) Others Ґ No longer hosting defacements but still good http://attrition.org/. Ґ General news for nerds, also has security content http://slashdot.org/. Ґ Excellent site for everything Computer http://www.zdnet.com/. Ґ The New Hackers Dictionary http://www.tuxedo.org/~esr/jargon/. Ґ How to become a hacker http://www.tuxedo.org/~esr/faqs/. Ґ Can't spell? One of my favourite ever sites http://www.dictionary.com. Ґ Rightly ripping GRC.com http://www.grcsucks.com/. Ґ Also GRC it's self does have *some* good stuff http://grc.com/. Ґ The best IT related news site http://www.theregister.co.uk. Ґ The best all around news site http://news.bbc.co.uk/. Ґ Cyberarmy, home of various h4x0r stuff http://www.cyberarmy.com/. Ґ Excellent place for finding ALL kinds of software http://sourceforge.net/. Ґ Intelligence Brief http://www.intelbrief.com/.
Books Code: php|architect's Guide to PHP Security -- [B]http://phparch.com/pgps[/B] Essential PHP Security by Chris Shiflett -- [B]http://phpsecurity.org/[/B] Apache Security by Ivan Ristic -- [B]http://apachesecurity.net/[/B] Articles Code: Web Application Security Papers -- [B]http://suif.stanford.edu/~livshits/work/griffin/lit.html[/B] Secure PHP Wiki -- [B]http://securephp.damonkohler.com/index.php/Main_Page[/B] Operating Systems Guides -- [B]http://www.nsa.gov/snac/downloads_os.cfm?MenuID=scg10.3.1.1[/B] Cross Site Scripting Could Make You Lose Your Cookies -- [B]http://www.sitepoint.com/blog-post-view.php?id=281643[/B] PHP Cryptography by Robert Peake -- [B]http://phpmag.net/itr/online_artikel/psecom,id,667,nodeid,114.html[/B] Security Corner: Session Fixation -- [B]http://shiflett.org/articles/security-corner-feb2004[/B] The Truth about Sessions by Chris Shiflett -- [B]http://shiflett.org/articles/the-truth-about-sessions[/B] Foiling Cross-Site Attacks by Chris Shiflett -- [B]http://shiflett.org/articles/foiling-cross-site-attacks[/B] SQL Injection Attacks by Example by Steve Friedl -- [B]http://unixwiz.net/techtips/sql-injection.html[/B] WACT: PHP Security Wiki -- [B]http://www.phpwact.org/security/web_application_security [/B] XSS Prevention -- [B]http://blog.bitflux.ch/wiki/XSS_Prevention[/B] PHP and the OWASP Top Ten Security Vulnerabilities -- [B]http://www.sklar.com/page/article/owasp-top-ten[/B] Tools Code: Chorizo Vulnerability Scanner -- [B]https://chorizo-scanner.com/[/B] Tamperdata Firefox Extension -- [B]http://tamperdata.mozdev.org/[/B] PHP Input Filter --[B] http://cyberai.com/inputfilter/[/B] MD5 Search Engine -- [B]http://md5.rednoize.com/[/B] PHP Security Scanner -- [B]http://securityscanner.lostfiles.de/[/B] ModSecurity: Open Source Web Application Firewal -- [B]http://www.modsecurity.org/[/B]
