Standards & References
Jump to navigation
Jump to search
Standards & References[edit | edit source]
This section provides authoritative sources, frameworks, and technical references used throughout the cybersecurity industry. It reinforces foundational knowledge and ensures consistency with real-world methodologies, compliance standards, and professional tooling.
Security Frameworks & Standards[edit | edit source]
- MITRE ATT&CK – Adversary Tactics, Techniques, and Procedures (TTPs) mapped from real incidents.
- OWASP Top Ten – Critical web application security risks ranked and explained.
- CWE – Common Weakness Enumeration – Standardized taxonomy of software weaknesses.
- CVE – Common Vulnerabilities and Exposures – Reference system for publicly disclosed vulnerabilities.
- CAPEC – Common Attack Pattern Enumeration and Classification – Structured attack patterns and usage contexts.
- CVSS – Common Vulnerability Scoring System – Scoring system for evaluating vulnerability severity.
Government & Industry Guidelines[edit | edit source]
- NIST SP 800-115 – U.S. technical guide to security testing and assessment.
- ISO/IEC 27001 – Global standard for managing information security (ISMS).
- ISO/IEC 30111 – Guidelines for handling and resolving vulnerabilities.
- NIST NVD – U.S. government vulnerability database with CVE and CVSS integration.
Tool Documentation & Manuals[edit | edit source]
- Nmap Manual – Reference for Nmap usage, options, and scripting engine.
- Metasploit Documentation – Guide to modules, payloads, and framework configuration.
- Burp Suite Docs – Web vulnerability scanner and proxy configuration.
- Wireshark Wiki – Packet analysis techniques and filter syntax.
- Ghidra Documentation – Reverse engineering platform usage guide.
- IDA Pro Docs – Disassembler and decompiler manual (Hex-Rays).
Ethical Conduct & Certification Codes[edit | edit source]
- EC-Council Code of Ethics – Rules of behavior for certified security professionals.
- Offensive Security Conduct Code – Guidelines for professional pentesters and OSCP holders.
- SANS Code of Ethics – Values and expectations for the infosec community.
Glossaries & Reference Material[edit | edit source]
- NIST Security Glossary – Definitive terminology used in U.S. standards and compliance documents.
- OWASP Glossary – Web security terms, acronyms, and patterns.
- Microsoft Security Bulletins – Legacy archive of Microsoft vulnerability disclosures.