Standards & References

Standards & References

This section provides authoritative sources, frameworks, and technical references used throughout the cybersecurity industry. It reinforces foundational knowledge and ensures consistency with real-world methodologies, compliance standards, and professional tooling.

Security Frameworks & Standards

• MITRE ATT&CK – Adversary Tactics, Techniques, and Procedures (TTPs) mapped from real incidents.
• OWASP Top Ten – Critical web application security risks ranked and explained.
• CWE – Common Weakness Enumeration – Standardized taxonomy of software weaknesses.
• CVE – Common Vulnerabilities and Exposures – Reference system for publicly disclosed vulnerabilities.
• CAPEC – Common Attack Pattern Enumeration and Classification – Structured attack patterns and usage contexts.
• CVSS – Common Vulnerability Scoring System – Scoring system for evaluating vulnerability severity.

Government & Industry Guidelines

• NIST SP 800-115 – U.S. technical guide to security testing and assessment.
• ISO/IEC 27001 – Global standard for managing information security (ISMS).
• ISO/IEC 30111 – Guidelines for handling and resolving vulnerabilities.
• NIST NVD – U.S. government vulnerability database with CVE and CVSS integration.

Tool Documentation & Manuals

• Nmap Manual – Reference for Nmap usage, options, and scripting engine.
• Metasploit Documentation – Guide to modules, payloads, and framework configuration.
• Burp Suite Docs – Web vulnerability scanner and proxy configuration.
• Wireshark Wiki – Packet analysis techniques and filter syntax.
• Ghidra Documentation – Reverse engineering platform usage guide.
• IDA Pro Docs – Disassembler and decompiler manual (Hex-Rays).

Ethical Conduct & Certification Codes

• EC-Council Code of Ethics – Rules of behavior for certified security professionals.
• Offensive Security Conduct Code – Guidelines for professional pentesters and OSCP holders.
• SANS Code of Ethics – Values and expectations for the infosec community.

Glossaries & Reference Material

• NIST Security Glossary – Definitive terminology used in U.S. standards and compliance documents.
• OWASP Glossary – Web security terms, acronyms, and patterns.
• Microsoft Security Bulletins – Legacy archive of Microsoft vulnerability disclosures.