Standards & References

Standards & References

This section provides foundational frameworks, official documentation, and widely recognized references in cybersecurity. These resources define best practices, guide security assessments, and offer authoritative structures for both offensive and defensive methodologies.

Security Frameworks

   MITRE ATT&CK – A curated knowledge base of adversary tactics and techniques based on real-world observations.

   OWASP Top Ten – The ten most critical security risks to web applications, updated periodically.

   CWE (Common Weakness Enumeration) – A catalog of software weakness patterns used in secure software development.

   CVE (Common Vulnerabilities and Exposures) – A reference system for publicly known information-security vulnerabilities.

   CAPEC (Common Attack Pattern Enumeration and Classification) – Standardized descriptions of attack patterns used by adversaries.

   CVSS (Common Vulnerability Scoring System) – An open framework for rating the severity of security vulnerabilities.

Government & Industry Standards

   NIST SP 800-115 – Technical guide to information security testing and assessment.

   NIST National Vulnerability Database – Centralized U.S. government repository for vulnerability management data.

   ISO/IEC 27001 – International standard for information security management systems (ISMS).

   ISO/IEC 30111 – Guidelines for vulnerability handling processes.

Tool Documentation

   Nmap Reference Guide – Official user manual and options documentation.

   Metasploit Documentation – Extensive guide to using the Metasploit Framework.

   Burp Suite Documentation – Reference material for web application security testing.

   Wireshark Wiki – Detailed documentation for network protocol analysis.

   Ghidra Docs – Official user guide for NSA’s reverse engineering suite.

   IDA Pro Docs – Hex-Rays’ official disassembly tool documentation.

Ethics & Codes of Conduct

   EC-Council Code of Ethics – Ethical guidelines for certified cybersecurity professionals.

   Offensive Security Code of Conduct – Professional conduct rules for penetration testers and students.

   SANS Code of Ethics – Ethical framework adopted by security practitioners trained through SANS Institute.

Glossaries & Reference Guides

   NIST Glossary of Key Information Security Terms – Authoritative definitions from U.S. standards.

   OWASP Glossary – Common terms and phrases in web security.

   Microsoft Security Bulletins – Archive of official vulnerability announcements.