viernes, 20 de noviembre de 2020
miércoles, 4 de noviembre de 2020
- OWASP Dependency-Track - https://dependencytrack.org
Type: SCADescription: Dependency-Track is an intelligent Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components.
Dependency-Track monitors component usage across all versions of every application in its portfolio in order to proactively identify risk across an organization. The platform has an API-first design and is ideal for use in CI/CD environments.
- OpenAM - https://github.com/OpenIdentityPlatform/OpenAM
Type: IAMDescription: Open Access Management (OpenAM) is an access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security.
Cross Domain Single Sign On (CDSSO), SAML 2.0, OAuth 2.0 & OpenID Connect ensure that OpenAM integrates easily with legacy, custom and cloud applications without requiring any modifications. It's a developer-friendly, open-source control solution that allows you to own and protect your users digital identities.
- AquaSec Kube-Bench - https://github.com/aquasecurity/kube-bench
Type: Security Audit
Description: Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark.
Note that it is impossible to inspect the master nodes of managed clusters, e.g. GKE, EKS and AKS. It supports the tests for Kubernetes as defined in the CIS Benchmarks 1.3.0 to 1.5.0 respectively.
domingo, 27 de septiembre de 2020
En el dia de hoy se actualizo el libro gratuito de "Seguridad del protocolo TLS/SSL. Ataques criptoanalíticos modernos" con los ataques más famosos publicados hasta septiembre de 2020.
This Planning Kit enables you to quickly build and / or improve your Security Awareness Program using resources developed and proven by the SANS Security Awareness Community. These materials can be used for people new to awareness and just starting to build an awareness program, or those highly experienced looking to improve an existing awareness program
How to Use this Planning Kit
The planning kit consists of the following materials. Do not feel compelled to use everything, instead simply leverage the resources most useful for you. The materials are listed in the order that people would most likely use them for building a new security awareness program. For more established or mature awareness programs you most likely just want to select the specific resources you need.
- Example Project Charter: Project Charters are the first step in planning any large-scale project or initiative. This covers the key elements of a Project Charter for a new Security Awareness Program.
- Example Project Plan: A detailed example of what a complete Project Plan can look like for a comprehensive Security Awareness Program.
- Presentation: Slide deck to help you gain leadership’s support for your security awareness program.
- Metrics Matrix: This interactive matrix identifies and documents numerous ways to measure security behaviors, culture and strategic impact of your security awareness program.
- Phishing Planning Guide: This strategic guide walks you through the key elements of planning a successful phishing program.
- Maturity Model: The Security Awareness Maturity Model is a key part of planning and communicating your awareness program. Both the model and a detailed breakdown of each stage is provided in your planning kit.
- Annual Program Schedule: These templates provide examples of how you can visually document your overall security awareness plan.
- SANS Security Awareness Report: This annual data driven report enables you to benchmark your program against other organizations and prioritize your resources and initiatives.
- Working from Home Deployment Kit: Everything you need to quickly plan and deploy a Work from Home security awareness training program. Includes a strategic planning guide, training videos and additional materials in over thirty languages.