Editing Standards & References

== Standards & References ==

This section provides foundational frameworks, official documentation, and widely recognized references in cybersecurity. These resources define best practices, guide security assessments, and offer authoritative structures for both offensive and defensive methodologies.

=== Security Frameworks ===

    [https://attack.mitre.org MITRE ATT&CK] – A curated knowledge base of adversary tactics and techniques based on real-world observations.

    [https://owasp.org/www-project-top-ten/ OWASP Top Ten] – The ten most critical security risks to web applications, updated periodically.

    [https://cwe.mitre.org CWE (Common Weakness Enumeration)] – A catalog of software weakness patterns used in secure software development.

    [https://cve.mitre.org CVE (Common Vulnerabilities and Exposures)] – A reference system for publicly known information-security vulnerabilities.

    [https://capec.mitre.org CAPEC (Common Attack Pattern Enumeration and Classification)] – Standardized descriptions of attack patterns used by adversaries.

    [https://www.first.org/cvss CVSS (Common Vulnerability Scoring System)] – An open framework for rating the severity of security vulnerabilities.

=== Government & Industry Standards ===

    [https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf NIST SP 800-115] – Technical guide to information security testing and assessment.

    [https://nvd.nist.gov/ NIST National Vulnerability Database] – Centralized U.S. government repository for vulnerability management data.

    [https://www.iso.org/isoiec-27001-information-security.html ISO/IEC 27001] – International standard for information security management systems (ISMS).

    [https://www.iso.org/standard/72140.html ISO/IEC 30111] – Guidelines for vulnerability handling processes.

=== Tool Documentation ===

    [https://nmap.org/book/man.html Nmap Reference Guide] – Official user manual and options documentation.

    [https://docs.rapid7.com/metasploit Metasploit Documentation] – Extensive guide to using the Metasploit Framework.

    [https://portswigger.net/burp/documentation Burp Suite Documentation] – Reference material for web application security testing.

    [https://wiki.wireshark.org Wireshark Wiki] – Detailed documentation for network protocol analysis.

    [https://docs.ghidra-sre.org Ghidra Docs] – Official user guide for NSA’s reverse engineering suite.

    [https://www.ida.team/docs IDA Pro Docs] – Hex-Rays’ official disassembly tool documentation.

=== Ethics & Codes of Conduct ===

    [https://www.eccouncil.org/code-of-ethics/ EC-Council Code of Ethics] – Ethical guidelines for certified cybersecurity professionals.

    [https://www.offsec.com/code-of-conduct/ Offensive Security Code of Conduct] – Professional conduct rules for penetration testers and students.

    [https://www.sans.org/about/code-of-ethics/ SANS Code of Ethics] – Ethical framework adopted by security practitioners trained through SANS Institute.

=== Glossaries & Reference Guides ===

    [https://csrc.nist.gov/glossary NIST Glossary of Key Information Security Terms] – Authoritative definitions from U.S. standards.

    [https://owasp.org/www-community/Glossary OWASP Glossary] – Common terms and phrases in web security.

    [https://docs.microsoft.com/en-us/security-updates/securitybulletins Microsoft Security Bulletins] – Archive of official vulnerability announcements.