Standards & References: Difference between revisions
Jump to navigation
Jump to search
Created page with "== Standards & References == This section provides foundational frameworks, official documentation, and widely recognized references in cybersecurity. These resources define best practices, guide security assessments, and offer authoritative structures for both offensive and defensive methodologies. === Security Frameworks === [https://attack.mitre.org MITRE ATT&CK] – A curated knowledge base of adversary tactics and techniques based on real-world observations...." |
No edit summary |
||
| Line 1: | Line 1: | ||
== Standards & References == | == Standards & References == | ||
This section provides | This section provides authoritative sources, frameworks, and technical references used throughout the cybersecurity industry. It reinforces foundational knowledge and ensures consistency with real-world methodologies, compliance standards, and professional tooling. | ||
=== Security Frameworks === | === Security Frameworks & Standards === | ||
* [https://attack.mitre.org MITRE ATT&CK] – Adversary Tactics, Techniques, and Procedures (TTPs) mapped from real incidents. | |||
* [https://owasp.org/www-project-top-ten/ OWASP Top Ten] – Critical web application security risks ranked and explained. | |||
* [https://cwe.mitre.org CWE – Common Weakness Enumeration] – Standardized taxonomy of software weaknesses. | |||
* [https://cve.mitre.org CVE – Common Vulnerabilities and Exposures] – Reference system for publicly disclosed vulnerabilities. | |||
* [https://capec.mitre.org CAPEC – Common Attack Pattern Enumeration and Classification] – Structured attack patterns and usage contexts. | |||
* [https://www.first.org/cvss CVSS – Common Vulnerability Scoring System] – Scoring system for evaluating vulnerability severity. | |||
=== Government & Industry Guidelines === | |||
* [https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf NIST SP 800-115] – U.S. technical guide to security testing and assessment. | |||
* [https://www.iso.org/isoiec-27001-information-security.html ISO/IEC 27001] – Global standard for managing information security (ISMS). | |||
* [https://www.iso.org/standard/72140.html ISO/IEC 30111] – Guidelines for handling and resolving vulnerabilities. | |||
* [https://nvd.nist.gov/ NIST NVD] – U.S. government vulnerability database with CVE and CVSS integration. | |||
=== Tool Documentation & Manuals === | |||
* [https://nmap.org/book/man.html Nmap Manual] – Reference for Nmap usage, options, and scripting engine. | |||
* [https://docs.rapid7.com/metasploit Metasploit Documentation] – Guide to modules, payloads, and framework configuration. | |||
* [https://portswigger.net/burp/documentation Burp Suite Docs] – Web vulnerability scanner and proxy configuration. | |||
* [https://wiki.wireshark.org Wireshark Wiki] – Packet analysis techniques and filter syntax. | |||
* [https://docs.ghidra-sre.org Ghidra Documentation] – Reverse engineering platform usage guide. | |||
* [https://www.ida.team/docs IDA Pro Docs] – Disassembler and decompiler manual (Hex-Rays). | |||
=== Ethical Conduct & Certification Codes === | |||
* [https://www.eccouncil.org/code-of-ethics/ EC-Council Code of Ethics] – Rules of behavior for certified security professionals. | |||
* [https://www.offsec.com/code-of-conduct/ Offensive Security Conduct Code] – Guidelines for professional pentesters and OSCP holders. | |||
* [https://www.sans.org/about/code-of-ethics/ SANS Code of Ethics] – Values and expectations for the infosec community. | |||
=== Glossaries & Reference Material === | |||
* [https://csrc.nist.gov/glossary NIST Security Glossary] – Definitive terminology used in U.S. standards and compliance documents. | |||
* [https://owasp.org/www-community/Glossary OWASP Glossary] – Web security terms, acronyms, and patterns. | |||
* [https://docs.microsoft.com/en-us/security-updates/securitybulletins Microsoft Security Bulletins] – Legacy archive of Microsoft vulnerability disclosures. | |||
=== Glossaries & Reference | |||
Latest revision as of 17:57, 24 May 2025
Standards & References[edit | edit source]
This section provides authoritative sources, frameworks, and technical references used throughout the cybersecurity industry. It reinforces foundational knowledge and ensures consistency with real-world methodologies, compliance standards, and professional tooling.
Security Frameworks & Standards[edit | edit source]
- MITRE ATT&CK – Adversary Tactics, Techniques, and Procedures (TTPs) mapped from real incidents.
- OWASP Top Ten – Critical web application security risks ranked and explained.
- CWE – Common Weakness Enumeration – Standardized taxonomy of software weaknesses.
- CVE – Common Vulnerabilities and Exposures – Reference system for publicly disclosed vulnerabilities.
- CAPEC – Common Attack Pattern Enumeration and Classification – Structured attack patterns and usage contexts.
- CVSS – Common Vulnerability Scoring System – Scoring system for evaluating vulnerability severity.
Government & Industry Guidelines[edit | edit source]
- NIST SP 800-115 – U.S. technical guide to security testing and assessment.
- ISO/IEC 27001 – Global standard for managing information security (ISMS).
- ISO/IEC 30111 – Guidelines for handling and resolving vulnerabilities.
- NIST NVD – U.S. government vulnerability database with CVE and CVSS integration.
Tool Documentation & Manuals[edit | edit source]
- Nmap Manual – Reference for Nmap usage, options, and scripting engine.
- Metasploit Documentation – Guide to modules, payloads, and framework configuration.
- Burp Suite Docs – Web vulnerability scanner and proxy configuration.
- Wireshark Wiki – Packet analysis techniques and filter syntax.
- Ghidra Documentation – Reverse engineering platform usage guide.
- IDA Pro Docs – Disassembler and decompiler manual (Hex-Rays).
Ethical Conduct & Certification Codes[edit | edit source]
- EC-Council Code of Ethics – Rules of behavior for certified security professionals.
- Offensive Security Conduct Code – Guidelines for professional pentesters and OSCP holders.
- SANS Code of Ethics – Values and expectations for the infosec community.
Glossaries & Reference Material[edit | edit source]
- NIST Security Glossary – Definitive terminology used in U.S. standards and compliance documents.
- OWASP Glossary – Web security terms, acronyms, and patterns.
- Microsoft Security Bulletins – Legacy archive of Microsoft vulnerability disclosures.