Thanks for visiting!

 Home | About Us | Alerts | Links | Site Map | Virus

Security Research


Security Research: Academic - Government - Private Sector

Academic Resources:
The following are some of the more prominent academic resources we use for research projects. For a complete list of NSA Centers of Academic Excellence in Information Assurance Education, please see NIETP.

Carnegie Mellon
Since its inception as a department in 1965, and its evolution into a School in 1988, Computer Science at Carnegie Mellon has followed a path devoted to excellence in both research and education. In the past 15 years, SCS researchers have pioneered developments in the areas of distributed systems, networking, software technology, robotics, and parallel processing.

CERIAS Purdue University
The Center for Education and Research in Information Assurance and Security, or CERIAS, is the world's foremost University center for multidisciplinary research and education in areas of information security. Our areas of research include computer, network, and communications security as well as information assurance.

CERT Coordination Center See also US CERT
The CERT Coordination Center (CERT/CC) is a center of Internet security expertise, at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University. We study Internet security vulnerabilities, handle computer security incidents, publish security alerts, research long-term changes in networked systems, and develop information and training to help you improve security at your site. Recovering from an Incident - If you believe that your site may have suffered a break-in or other type of incident, the CERT/CC has some 
documents that can help you. Cert publishes annual statistics since 1988.

CIAS University of Texas at San Antonio
The Center for Infrastructure Assurance and Security (CIAS) is the research arena at the University of Texas at San Antonio. The CIAS is designed to leverage San Antonio's Infrastructure Assurance and Security (IAS) strengths as part of the solution to the nation's Homeland Defense needs and deficit of IAS talent and resources.

CiSR Naval Postgraduate School Center for Information Systems Security Studies and Research
The NPS CISR is the Country's foremost center for military research and education in Information Assurance (IA), defensive information warfare, and computer and network security. CISR is also known throughout the field as one of the most innovative security research groups in the world and is unsurpassed in producing a cadre of military officers with MS or Ph.D. degrees qualified for assignment to critical IA-related roles.

CMU Carnegie Mellon
The National Security Agency designated Carnegie Mellon University (CMU) as a Center of Academic Excellence in Information Assurance Education. This certificate is presented in recognition of a significant contribution in meeting the national demand for information assurance education, developing a growing number of professionals with information assurance expertise in various disciplines, and ultimately contributing to the protection of the national information infrastructure.

Cornell Computer Science CNRI Technical Report Collection.

CSIS George Mason University
The Center for Secure Information Systems (CSIS) has been created to provide a dedicated environment to encourage the development of expertise in both the theoretical and applied aspects of information systems security.

Dartmouth Institute For Security Technology Studies ISTS - Technical Analysis Group TAG
A National Center For Cybersecurity and Counterterrorism Research, Development & Analysis.
The Technical Analysis Group (TAG) delivers research products that identify and address critical federal, state, and local law enforcement needs. TAG develops and coordinates law enforcement partnerships, alliances, and relationships nationally in support of the core mission of the Institute.

FSU Florida State University
The Department of Computer Science has undertaken an initiative in Information Technology Assurance and Security, which includes software reliability, information assurance, and computer and communications security.

FSU NCFS National Center for Forensic Science - LINKS
NCFS is a program of the National Institute of Justice hosted by the University of Central Florida provides Forensic Science Links to Organizations, Evidence Collection, Digital Evidence, DNA Evidence, Useful Sites, and Weapons of Mass Destruction.

GASSP Generally Accepted System Security Principles (GASSP).
The International Information Security Foundation (I2SF) - Sponsored Committee to Develop and Promulgate Generally Accepted System Security Principles.

I3P The Institute for Information Infrastructure Protection
To help protect the information infrastructure of the United States by coordinating the development of a comprehensive, prioritized research and development agenda for cyber security, and promoting collaboration and information sharing among academia, industry and government. The information infrastructure consists of technologies and capabilities for gathering, handling, and sharing information that are accessible to, or commonly depended upon by, multiple organizations, whether within a single enterprise, a critical infrastructure sector such as banking and finance, the U.S. Government, the nation as a whole, or transnationally.

IRM Information Resources Management College of the National Defense University.
The IRM College was established November 10, 1988 by Joint Memorandum of the DoD Comptroller and the President of the National Defense University, responding to Congressional direction to establish a graduate-level institution to educate leaders with IRM responsibilities. Further direction was received from the House Armed Services Committee in a report on November 20, 1989 which emphasized the need to provide information systems education to IRM officials and recognized that the IRM College was the DoD institution designated to meet this requirement. The IRM College was included in the consortium of schools forming the Defense Acquisition University when the latter institution was created in 1992. Finally, the Secretary of Defense has designated the IRM College to implement the senior level educational requirement of the Clinger-Cohen Act (Information Technology Management Reform Act of 1995), under the policy guidance of the DoD Chief Information Officer.

ISG Royal Holloway, University of London
The Information Security Group (ISG) at Royal Holloway is an interdisciplinary research group comprised of computer scientists and mathematicians. The group offers an active research environment with over ten established academic posts and a large number of research students, making it one of the largest academic security groups in the world. The group regularly hosts international visitors and has strong research links with a number of industrial and government institutions.

ISU Idaho State University
Idaho State University was designated a National Center of Academic Excellence in Information Assurance Education by the Federal Government. It was recognized for a significant contribution in meeting the national demand for Information Assurance education, developing a growing number of professionals with information assurance expertise in various disciplines, and ultimately contributing to the protection of the national information infrastructure.

JHUISI Johns Hopkins University Information Security Institute
The Johns Hopkins University Information Security Institute (ISI) is the University's focal point for research and education in information security, assurance and privacy. Securing cyberspace and our national information infrastructure is more critical now than ever before, and it can be achieved only when the core technology, legal and policy issues are adequately addressed. ISI is committed to a comprehensive approach that includes input from academia, industry and government. The University, through ISI's leadership, has thus been designated as a Center of Academic Excellence in Information Assurance by the National Security Agency and leading experts in the field.

The MIT Laboratory for Computer Science (LCS) is an interdepartmental laboratory whose principal goal is research in computer science and engineering. It is dedicated to the invention, development and understanding of information technologies which are expected to drive substantial technical and socio-economic change. See also MIT Libraries.

NCSTRL at the Massachusetts Institute of Technology
The Networked Computer Science Technical Reference Library, or NCSTRL (pronounced "ancestral") is an international collection of computer science technical reports from CS departments and industrial and government research laboratories, made available for non-commercial and educational use.

Stanford University Libraries & Academic Information Resources
Stanford Computer Science Department's Technical Report Electronic Library was part of an ARPA funded project, directed by CNRI, to develop concepts for linking electronic libraries. This server allows you to retrieve and view technical reports from participating institutions and other sources of Computer Science Technical Reports. Stanford Law School Lawrence Lessig.

UC Davis University of California at Davis Computer Science Department

UIUC University of Illinois at Urbana-Champaign Security Research Resource Links

UMD University of Maryland Virtual Technical Reports Center
The Institutions listed here provide either full-text reports, or searchable extended abstracts of their technical reports on the World Wide Web. This site contains links to technical reports, preprints, reprints, dissertations, theses, and research reports of all kinds. Some metasites are listed by subject categories, as well as by institution.

Government Resources:
See our CIO/CSO Gov/Mil link for additional government and military links.

CART FBI Laboratory - Computer Analysis and Response Team
The Computer Analysis and Response Team (CART) provides assistance to FBI field offices in the search and seizure of computer evidence as well as forensic examinations and technical support for FBI investigations. This Unit includes a state-of-the-art forensic laboratory comprised of computer specialists and a network of trained and equipped forensic examiners assigned to more than 50 field offices.

Computer Crime and Intellectual Property Section of the Criminal Division of the U.S. Department of Justice.

Computer Incident Advisory Capability for the Department of Energy publishes security bulletins and technical vulnerabilities.

CIT Center for Information Technology National Institutes of Health

Common Criteria IS15408
In June 1993, the sponsoring organizations of the existing US, Canadian, and European criterias started the CC Project to align their separate criteria into a single set of IT security criteria. Version 1.0 of the CC was completed in January 1996. Based on a number of trial evaluations and an extensive public review, Version 1.0 was extensively revised and CC Version 2.0 was produced in April of 1998. This became ISO International Standard 15408 in 1999. The CC Project subsequently incorporated the minor changes that had resulted in the ISO process, producing CC version 2.1 in August 1999.

New or newly recognized vulnerabilities of modern societies and the rising complexity of causal circles involving various kinds of risks call for an intensified international dialogue and more co-operation in the field of national risk profiling – to be undertaken in an open structure, and not a hierarchical one. A new knowledge, a better understanding of new risks, their causes, interactions, probabilities and costs is needed. The Comprehensive Risk Analysis and Management Network (CRN) is a future-oriented initiative launched by Switzerland (Center for Security Studies, ETH Zurich) and Sweden (SEMA, The Swedish Emergency Management Agency) to cope with the complexity and multidimensionality of the threats we are facing in this age of uncertainty. As a sub-network related to the ISN, CRN contains methodologies, procedures, tools and case studies for the risk profiling process on a national, subnational (cantonal) and local level. It provides open and free of charge access to information covering the full range of existential risks for modern societies. The project is supported by the Swiss Government as an official part of Switzerland's participation in Partnership for Peace (PfP).

Computer Security Resource Center is one of eight divisions within NIST grouped into five major categories: Cryptographic Standards, Security Testing, Security Research and Emerging Technologies, Security Management and Guidance, Outreach, Awareness and Education. CSRC publications present the results of NIST studies, investigations, and research on information technology security issues.

DOD CCRP Command and Control Research Program
The CCRP within the Office of the Assistant Secretary of Defense (C3I) focuses upon 1) improving both the state of the art and the state of the practice of command and control and 2) enhancing DoD's understanding of the national security implications of the Information Age. It provides "Out of the Box" thinking and explores ways to help DoD take full advantage of the opportunities afforded by the Information Age. The CCRP forges links between the operational and technical communities, and enhances the body of knowledge and research infrastructure upon which future progress depends.

DOD DCFL Department of Defense Computer Forensics Laboratory
The DCFL is the national resource and international benchmark for rapid forensic examination and analysis of electronic evidence. The DCFL provides the community with timely, unbiased evidence examination, analysis and operational support. Teamed with the Department of Defense Law Enforcement and Counterintelligence Community our unique technical expertise and computer solutions ensure information superiority for the War fighter.

DOC TA US Department of Commerce Technology Administration
The Under Secretary for Technology, supported by the Deputy Under Secretary for Technology, manages the Technology Administration's (TA) three agencies:

The Office of Technology Policy (OTP) is the only office in the federal government with the explicit mission of developing and advocating national policies and initiatives that use technology to build America's economic strength.

The National Institute of Standards and Technology (NIST) promotes economic growth and improves the quality of life by working with industry to develop and apply technology, measurements, and standards.

The National Technical Information Service (NTIS) collects and disseminates scientific, technical, engineering and related business information produced by the U.S. government and foreign sources.

GAO Technology Assessment - Cybersecurity for Critical Infrastructure Protection May 2004 (PDF)

GrayLIT Network
A Science Portal of Technical Reports, the GrayLIT Network is the world's most comprehensive portal to Federal gray literature. By offering a mode of communication for this hard-to-find class of literature, the GrayLIT Network enables convenient access by the American public to government information. The Department of Energy (DOE) provides public access to this research tool through GPO Access in partnership with the Government Printing Office. Federal Agencies participating in this project are DOD/DTIC, DOE, EPA, and NASA.

Homeland Security DHS

IASE - Information Assurance Support Environment sponsored by DISA

INTERPOL International Criminal Police Organization
Interpol exists to help create a safer world. Our aim is to provide a unique range of essential services for the law enforcement community to optimize the international effort to combat crime.

Naval Surface Warfare Center Dahlgren Lab Information Assurance Office

NIAP National Information Assurance Partnership
NIAP is a U.S. Government initiative designed to meet the security testing, evaluation, and assessment needs of both information technology (IT) producers and consumers. NIAP is a collaboration between the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) in fulfilling their respective responsibilities under the Computer Security Act of 1987.

National Institute of Justice (NIJ) is the research, development, and evaluation agency of the U.S. Department of Justice and is dedicated to researching crime control and justice issues. NIJ provides objective, independent, evidence-based knowledge and tools to meet the challenges of crime and justice, particularly at the State and local levels. NIJ's principal authorities are derived from the Omnibus Crime Control and Safe Streets Act of 1968, as amended (see 42 USC § 3721-3723). The NIJ Director is appointed by the President and confirmed by the Senate. The NIJ Director establishes the Institute's objectives, guided by the priorities of the Office of Justice Programs, the U.S. Department of Justice, and the needs of the field. The Institute actively solicits the views of criminal justice and other professionals and researchers to inform its search for the knowledge and tools to guide policy and practice.

The National Institute of Standards and Technology, an agency of the Commerce Department's Technology Administration, was founded in 1901 as the nation's first federal physical science research laboratory. Over the years, the scientists and technical staff at NIST have made solid contributions to image processing, DNA diagnostic "chips," smoke detectors, and automated error-correcting software for machine tools. NIST Computer Security Resource Center.

The National Security Agency is the Nation's cryptologic organization. It coordinates, directs, and performs highly specialized activities to protect U.S. information systems and produce foreign intelligence information. A high technology organization, NSA is on the frontiers of communications and data processing. It is also one of the most important centers of foreign language analysis and research within the Government.

The Office for Domestic Preparedness (ODP) is the principal component of the Department of Homeland Security responsible for preparing the United States for acts of terrorism. In carrying out its mission, ODP is the primary office responsible for providing training, funds for the purchase of equipment, support for the planning and execution of exercises, technical assistance and other support to assist states and local jurisdictions to prevent, plan for, and respond to acts of terrorism.

The Office of Scientific and Technical Information (OSTI) leads Department of Energy (DOE) e-government initiatives for disseminating R&D information. Located within the Office of Advanced Scientific Computing Research (OASCR) in the DOE Office of Science (SC), it is responsible for leading the Department's Technical Information Program (TIMP) and for providing direction and coordination for the dissemination of scientific and technical information (STI) resulting from DOE research and development (R&D) programs.

Rainbow Series Library
Although the Common Criteria (CC) replaces the Rainbow Series, it is still referenced in some security domains. In 1981, the Department of Defense assigned responsibility for computer security to the Director of the National Security Agency (NSA). The DoD Computer Security Center was formed that same year, and was later renamed the National Computer Security Center (NCSC). The center's charter, promulgated in DoD Directive 5215.1, specifically tasked the center to establish and maintain..."technical standards and criteria for the security evaluation of trusted computer systems that can be incorporated into the Department of Defense component life-cycle management process."

Scientific Working Group on Digital Evidence (SWGDE). The Federal Crime Laboratory Directors group formed SWGDE in 1998. It was noted that the traditional audio and video examination and processing was becoming digital and, along with digital still photography, was converging with computer forensics. As a result, they formed a group to explore digital evidence as a forensic discipline. The initial members were the forensic laboratories of the ATF, DEA, FBI, IRS-CID, US Customs, US Postal Inspection Service, and the US Secret Service. In addition, NASA and the Department of Defense Computer Forensics Laboratory participated from the beginning. In an effort to widen the participation, representatives from North Carolina, Pennsylvania, and Illinois State Crime Laboratories were invited to participate along with the Florida Department of Law Enforcement. Later on, representatives of other state and local agencies (including Ocean City, Maryland and Lakewood, Colorado) were accepted for membership.

Private Sector Resources:

AirDefense is a thought leader and innovator of wireless LAN security and operational support solutions. Founded in 2001, AirDefense has pioneered the concept of 24x7 monitoring of the airwaves and now provides the most advanced solutions for rogue WLAN detection, policy enforcement, intrusion protection and WLAN health monitoring. As a key element of wireless LAN security, AirDefense complements wireless VPNs, encryption and authentication.

Anser.Org Research Institute
Anser is a non-profit public service research institute dedicated to enhance public awareness, communication, and education for the science and technology workforce.

Applied Cryptography Handbook
The Handbook was reprinted (5th printing) in August 2001. CRC Press has generously given permission to make all chapters available for free download via this site subject to its copyright notice.

Association of Certified Fraud Examiners
The Association of Certified Fraud Examiners is an international, 25,000-member professional organization dedicated to fighting fraud and white-collar crime.

A great research source with good links to the underground.

At Stake Security
At Stake addresses digital security from strategy to incident handling.

AT&T Labs Research
A full-text resource for advanced technology research from 1996-present. is a computer security website dedicated to the collection, dissemination and distribution of information about the industry for anyone interested in the subject. They maintain one of the largest catalogs of security advisories, text files, and humorous image galleries. They are also known for the largest mirror of website defacements and their crusade to expose industry frauds and inform the public about incorrect information in computer security articles.

BITS is a nonprofit industry consortium of the 100 largest financial institutions in the United States. Serving as the strategic “brain trust” for the industry, BITS focuses on issues related to e-commerce, payments and emerging technologies. Today BITS’ top issues include cybersecurity, crisis management coordination, fraud reduction, identity theft, IT outsourcing, operational risk management and payments strategies.

CGI Security
CGI is dedicated to web application security.

The Center for Internet Security mission is to help organizations around the world effectively manage the risks related to information security. CIS provides methods and tools to improve, measure, monitor, and compare the security status of your Internet-connected systems and appliances, plus those of your business partners. CIS is not tied to any proprietary product or service. It manages a consensus process whereby members identify security threats of greatest concern, then participate in development of practical methods to reduce the threats. This consensus process is already in use and has proved viable in creating Internet security benchmarks available for widespread adoption. Download the CIS Gold Standard Minimum Security Benchmarks and Scoring Tool and test your systems for compliance.

CiteSeer - Scientific Literature Digital Library.
ResearchIndex is a scientific literature digital library that aims to improve the dissemination and feedback of scientific literature, and to provide improvements in functionality, usability, availability, cost, comprehensiveness, efficiency, and timeliness.

Computer Forensics Community
This website is intended to be a community portal for law enforcement and private sector to discuss issues of computer forensics and other related electronic investigations.

Crypto Link Farm
The Crypto Link Farm, provided by Peter Gutmann, is a comprehensive list of Encryption and Security-related Resources. Because of its large size, he only updates the online version of the page every few months, so please be patient when waiting for updates to reported changes to appear. The complete link farm is around 1/2MB of data and the links contain the complete collection broken down by topic for ease of access.

Computer Security Institute (CSI) is the world's leading membership organization specifically dedicated to serving and training the information, computer and network security professional. Since 1974, CSI has been providing education and aggressively advocating the critical importance of protecting information assets. CSI sponsors two conference and exhibitions each year, NetSec in June and the CSI Annual in November, and seminars on encryption, intrusion management, Internet, firewalls, awareness, Windows and more.

Counterpane Internet Security
Counterpane is the world's leader in Managed Security Monitoring. Their expert Security Analysts monitor your network for suspicious activities, and take immediate, effective action to keep your business running smoothly.

Cipher AES by Rijndael

Crypto Log
A good Internet source for Cryptography Research and Information.
Matt Blaze's cryptography resource on the Web. Matt is a computer security and cryptology research scientist at AT&T Labs.

Digital Defense
Founded in 1999, Digital Defense, Inc., a privately held company, is a global network security provider of proactive risk assessment solutions. Digital Defense's low-touch, highly automated security solutions combine the technical expertise of their analysts with a state-of-the-art security operations platform that maintains the most up-to-date scripts, penetration techniques, threats, and information in today's network security industry.

DoS - Denial of Service Attack Resources

The Distributed Resource Management Application API (DRMAA, pronounced "drama"), group consists of vendors interested in grid computing, including Intel, Sun, Veridian, IBM, United Devices, TurboLinux and Platform Computing. DRMAA wants to encourage independent software vendors to build grid-friendly applications. It plans to create an API that will allow applications to run in grid computing nets and also make grid creation easier.
The E-Evidence Information and Resource site, a Digital Forensics and Electronic Evidence resource, is a side effect of Christine Siedsma's research and learning process conducted in connection with her position as Project Manager at the Computer Forensic Research and Development Center at Utica College, and her ongoing search to find timely material to present to the students enrolled in the Computer Forensic course that she teaches at Utica College.

eEye Digital Security
eEye Digital Security is poised to be a leader in the emerging security software market, and is one of the fastest growing companies in the industry. Founded over three years ago, eEye released its flagship product – Retina, the Network Security Scanner - in 2000 and has steadily grown its market share in the scanner market. Since then, eEye has released two more products: Iris, the Network Traffic Analyzer and SecureIIS, Application Firewall. Many more are in the pipeline.

Encyclopedia of Computer Security
A free security resource site for the IT industry covering the latest warnings, product news, and white papers.

The core of EvidentData is a team of professionals, many with law enforcement backgrounds, experienced in investigating and prosecuting cases involving technology.

Forensics Focus
Computer Forensics News and Discussion.

Forensics Web
Forensics Web is dedicated to technology related investigations and forensics. The site caters to law enforcement and corpsec interests with a special focus on computer related forensics and investigations.

GE Corporate Research and Development
GE is actively working on advanced technology and innovation in such things as Nanotechnology, Molecular Imaging, Photonics, Advanced Propulsion, and High Performance Polymers.

Gibson Research
Gibson Research Corporation offers an array security, operating system, and mass storage data recovery & maintenance information and tools such as SpinRite, ShieldsUP, Leak Test.

Global Grid Forum
The Global Grid Forum (GGF) is a community-initiated forum of individual researchers and practitioners working on distributed computing, or "grid" technologies. GGF is the result of a merger of the Grid Forum, the eGrid European Grid Forum, and the Grid community in Asia-Pacific.

GnuPG Privacy Handbook
GnuPG is a tool for secure communication. This handbook covers the core functionality and all aspects of GnuPG. GnuPG uses public-key cryptography so that users may communicate securely. In a public-key system, each user has a pair of keys consisting of a private key and a public key. A user's private key is kept secret; it need never be revealed. The public key may be given to anyone with whom the user wants to communicate. GnuPG uses a somewhat more sophisticated scheme in which a user has a primary keypair and then zero or more additional subordinate keypairs. The primary and subordinate keypairs are bundled to facilitate key management and the bundle can often be considered simply as one keypair.
This site is NOT affiliated with, operated or funded by the Military or Government. is not a Black Hat or White Hat website. This is a security related website that proclaims Library Status. The information can be used in both positive and in negative manners. Their justification for carrying certain fringe information is that their organization follows the motto: Know thy Enemy...

High Technology Crime Investigation Association
The High Technology Crime Investigation Association (HTCIA) is designed to encourage, promote, aid and effect the voluntary interchange of data, information, experience, ideas and knowledge about methods, processes, and techniques relating to investigations and security in advanced technologies among its membership.

HP Labs
HP Labs is one of the world's great industrial research laboratories, providing technological leadership to HP, and inventing new technologies that change markets and create new business opportunities.

IATFF - Information Assurance Technical Framework Forum

IBM Research
IBM Worldwide research labs work in all areas of information technology, from physics and cognitive science to leading-edge application research. We invent innovative materials and structures and use them to create exciting machine designs and architectures. We create tools and technologies that will enable the continued evolution of computing and computing services over the network. Our work across many disciplines is often done in concert with our colleagues in academic and government research centers, as well as "in the marketplace" with customers who provide us with challenging research problems.

IdeaHamster Organization
The resource for inspired security. Open standards in development.

ISF Information Security Forum
The Information Security Forum (ISF) is an international association of over 250 leading organizations which fund and co-operate in the development of practical research about information security. The ISF Standard of Good Practice for Information Security is designed to help any organization, irrespective of market sector, size or structure, keep the risks associated with its information systems within acceptable limits. Download the PDF standard from

Information Security Research Center has compiled a good list of security related documents from an array of sources with a good selection of Security Policies.

InfraGard is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a cooperative undertaking between the U.S. Government (led by the FBI and the NIPC) and an association of businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to increasing the security of United States critical infrastructures.

With more than 23,000 members in over 100 countries, the Information Systems Audit and Control Association® (ISACA™) is a recognized global leader in IT governance, control and assurance. Founded in 1969, ISACA sponsors international conferences, administers the globally respected CISA® (Certified Information Systems Auditor™) designation earned by more than 26,000 professionals worldwide, and develops globally applicable information systems (IS) auditing and control standards.

International Information Systems Security Certifications Consortium, Inc. (ISC)2 is a global, not-for-profit organization. Governments, corporations, centers of higher learning and organizations worldwide demand a common platform for and proficiency in mastering the dynamic nature of information security. (ISC)2 helps fulfill these needs.

The Institute for Security and Open Methodologies (ISECOM) is a non-profit, international, research initiative dedicated to defining standards in security testing and business integrity testing since January 2001. ISECOM authoritatively provides impartial accreditation for security testing and analysis as well as full security audits.

The Information Systems Security Association (ISSA) is a not-for-profit international organization of information security professionals and practitioners. It provides education forums, publications and peer interaction opportunities that enhance the knowledge, skill and professional growth of its members.

The Information Warfare Site is an online resource that aims to stimulate debate about a range of subjects from information security to information operations and e-commerce. It is the aim of the site to develop a special emphasis on offensive and defensive information operations. IWS has developed a discussion forum and a mailing list to enable a more interactive debate. IWS launched INFOCON Threat Centre, a major IWS research project. The aim is to monitor different Internet sources and sub-state activities and then analyse cyberthreat trends every month, providing an INFOCON Level.

Java Security
Underlying the Java platform is a dynamic, extensible security architecture, standards-based and interoperable. Security features -- cryptography, authentication and authorization, public key infrastructure, and more -- are built in. The Java security model is based on a customizable "sandbox" in which Java software programs can run safely, without potential risk to systems or users. is designed to serve as the primary Internet-based source of information, insight and news relating to Linux and Open Source security issues, and is driven by the security needs of the users of the site. This site focuses on gathering advisories, articles and reports on Linux security.

Metasploit Project
This is the Metasploit Project. The goal is to provide useful information to people who perform penetration testing, IDS signature development, and exploit research. This site was created to fill the gaps in the information publicly available on various exploitation techniques and to create a useful resource for exploit developers. The tools and information on this site are provided for legal penetration testing and research purposes only.

mi2g pioneers practices and techniques for wealth creation and protection in the 21st century which help major financial services groups and government agencies to deliver and sustain competitive advantage through information intelligence. Our solutions pay particular regard to safety and security. We advise on the management of Digital Risk and incorporate Bespoke Security Architecture™ in our SMART sourcing methodology. We build highly secure data visualization Matrix and Radar tools that are specifically constructed from real time data and strategic knowledge to mitigate risk at board level.

Microsoft Research Publications
Predominately full-text, a resource of technology research from 1993-present.

MITRE is a not-for-profit national resource that provides systems engineering, research and development, and information technology support to the government. It operates federally funded research and development centers for the DOD, the FAA, and the IRS, with principal locations in Bedford, Massachusetts, and Northern Virginia.

The National Cyber Security Partnership (NCSP) is led by the Business Software Alliance (BSA), the Information Technology Association of America (ITAA), TechNet and the U.S. Chamber of Commerce in voluntary partnership with academicians, CEOs, federal government agencies and industry experts. Following the release of the 2003 White House National Strategy to Secure Cyberspace and the National Cyber Security Summit, this public-private partnership was established to develop shared strategies and programs to better secure and enhance America’s critical information infrastructure.

Neohapsis Archives
The people who comprise NEOHAPSIS are consultants with diverse backgrounds in the world of network and security consulting that have years of experience working in the publishing, healthcare, advertising, financial, and manufacturing industries. Their consultants have traditionally come from scientific labs, VARs, Internet Service Providers, and much larger consulting firms.

NetIQ is a leading provider of e-business infrastructure management and intelligence solutions for all the components of an organizations' e-business infrastructure—from back-end servers, networks and directories to front-end Web servers and applications. Our solutions cover Manageability, Windows 2000 Migration, Exchange Migration, Security Monitoring and Management, Network Performance Management, Storage Administration, Automated Provisioning, Directory Management, and Web Analytics. NetIQ's more than 52,000 customers span e-businesses, medium to large enterprises and xSPs. NetIQ is committed to delivering the most comprehensive and effective management solutions that our customers need to manage their distributed and complex enterprise and e-business infrastructures.
Help Net Security has a good database of articles including an archive of Lance Spitzners' White Papers.

Netstumbler is a website dedicated to wireless networking technology and security of all kinds. We do our best to keep our website up to date with the latest wireless news - we really appreciate user submitted stories. is also the official home of the NetStumbler software.

Network Security Library
The Network Security Library offers access to hundreds of articles, FAQs, white papers and books on network security, gathered from various sources throughout the industry.
The free resource for people to help avoid being hacked, security and exploiting related files and links.

The Network Reliability and Interoperability Council NRIC VII Mission: “Partner with the Federal Communications Commission, the communications industry and public safety to facilitate enhancement of emergency communications networks, homeland security, and best practices across the burgeoning telecommunications industry.” The purpose of the Council is to provide recommendations to the FCC and to the communications industry that, if implemented, shall under all reasonably foreseeable circumstances assure optimal reliability and interoperability of wireless, wireline, satellite, cable, and public data networks. This includes facilitating the reliability, robustness, security, and interoperability of communications networks including emergency communications networks. The scope of this activity also encompasses recommendations that shall ensure the security and sustainability of communications networks throughout the United States; ensure the availability of adequate communications capacity during events or periods of exceptional stress due to natural disaster, terrorist attacks or similar occurrences; and facilitate the rapid restoration of telecommunications services in the event of widespread or major disruptions in the provision of communications services.

The National Security Institute's website is the premier Internet resource for the security professional. The site features industry and product news, computer alerts, travel advisories, a calendar of events, a directory of products and services, and access to an extensive virtual security library.
One stop portal for NT Security.

Having no investigative authority of its own, the National White Collar Crime Center (NW3C) is a non-profit organization funded by Congress that provides support services to state and local law enforcement agencies and other organizations with an active interest in the prevention, investigation, and prosecution of economic and high-tech crime. Since 1980, our organization has existed to support enforcement agencies in these endeavors.

The Open Web Application Security Project (OWASP) is dedicated to helping organizations understand and improve the security of their web applications and web services. This list was created to focus government and industry on the most serious of these vulnerabilities. Web application security vulnerabilities are highly exploitable and the consequence of an attack can be devastating. These vulnerabilities represent an equivalent magnitude of risk as network security problems, and should be given the same degree of attention.

Palo Alto Research Center. In January 2002, the Xerox Palo Alto Research Center became Palo Alto Research Center Incorporated.

Razor BindView Security Researchers
BindView's RAZOR is a worldwide team of cutting-edge security researchers. We are dedicated to advancing the state of the art in securing networks and computers. RAZOR develops the art by identifying new security holes and disclosing our results publicly, so that all may benefit from our research.

Reverse Engineering Malicious Code:

Alien Autopsy: Reverse Engineering Win32 Trojans on Linux - Infocus 1641 by Joe Stewart.
Code Links
Detecting and Containing IRC-Controlled Trojans: When Firewalls, AV, and IDS Are Not Enough - Infocus 1605 by Corey Merchant and Joe Stewart.
Fravia Reverse Engineering.
Reverse Engineering Hostile Code - Infocus 1637 by Joe Stewart.
Reverse Engineering Malware by Lenny Zeltser.

The System Administration, Networking, and Security Institute, founded in 1989, is a cooperative research and education organization through which more than 156,000 security professionals, auditors, system administrators, and network administrators share the lessons they are learning and find solutions to the challenges they face. The core of the Institute is the many security practitioners in government agencies, corporations, and universities around the world who invest hundreds of hours each year in research, sharing knowledge, and teaching to help the entire sans community. SANS Intrusion Detection FAQ.

SANS Security Policy Project
Welcome to the SANS Security Policy Resource page, a consensus research project of the SANS community. The ultimate goal of the project is to offer everything you need for rapid development and implementation of information security policies. You’ll find a great set of resources posted here already including policy templates for twenty-four important security requirements.

Secure Coding is the on-line home of Secure Coding: Principles and Practices book by O'Reilly 2003 that provides information about the book and its authors; updated versions of links and tables that appear in the book and original supplemental material like op/ed pieces and vulnerability analyses.

Founded in 1992, SecureInfo Corporation's principles spearheaded the creation of the security policy accepted by the National Security Agency and standardized by the Department of Defense to protect high-risk Government systems. Having founded both the Air Force Computer Emergency Response Team (global security monitoring for Air Force networks) and the Air Force Product Assessment Certification Center (security product certification testing), SecureInfo Corporation's leaders are considered early pioneers of security policy development, information assurance, risk management and enterprise level security.

Security Focus
SecurityFocus, a privately held company, is a leading provider of enterprise security threat management systems. SecurityFocus provides customized and comprehensive alerts of impending cyber attacks worldwide - with countermeasures to prevent attacks before they occur - enabling companies to mitigate risk, manage threats, and ensure business continuity. The company also licenses the world's largest, most complete vulnerability database, hosts the most popular security community mailing list, Bugtraq™, and publishes original security content at this site. See their Library for additional information.

Security Forums Dot Com was set-up in April 2002 by a group of like-minded friends who were interested in computers and computer security, the idea was for the site to become a friendly community for security and other areas, for asking questions, gaining experience and learning in a welcoming atmosphere.

Security - Linux/Unix
A good site for Linux/Unix security information, articles, and links.

Security Protocols was founded in 2001. Here you will find information relating to the computer security field. was meant to be a site for hackers by hackers. When got started it was trying to be a huge archive for all who wanted to learn and check out some good documentation written by various authors. Here you will find information relating to the computer security field.
Security Officers Management and Analysis Project ( was started by members of SwordLord - the coding crew ( out of an observation of the security industry. The main goals of are to create and provide: an open and free Repository with security rules, guidelines and best practices; an open source Security Management Tool which uses the Repository; and, Document Templates which allow to generate documentation from the two projects above. In implementing the above projects, always has the focus to help Security Officers in doing their management and analysis concerning policies, procedures, standards and documentation as comfortable as possible.
Enterprise Security for Web Applications - WebInspect is the leading web application security product used enterprise-wide to assess security throughout the application lifecycle – from development to post-production.

Sun Microsystems Research Lab
Established in 1990, Sun Microsystems Laboratories is the applied research and advanced development arm of Sun Microsystems, Inc., with locations in California, Massachusetts and France. Researchers at Sun Labs are working on projects that are significant to the evolution of technology and to our society's future; asynchronous and high-speed circuits, optical interconnects, 3rd-generation web technologies, sensors, network scaling and Java[tm] technologies, to name a few.

Sys-Security Group is a website dedicated to computer security research. It is the home of the "ICMP Usage In Scanning" research project.

THC The Hacker's Choice
THC was founded in 1995 in Germany by a group of people involved in hacking, phreaking and anarchy. Through the years THC was joined by other experts and grew to probably Germany's best hacking group. The intention of THC is to demonstrate weaknesses in common security solutions that can be found in telecommunication and network services. On this site you will find software and papers that were released by THC members.

TISC Internet Security Conference - Resource Links
The Internet Security Conference Security Resources & Links maintains a good collection of security resources and links that were compiled by their advisory staff and readers.

TNO Physics and Electronics Laboratory (TNO-FEL) is part of the Netherlands Organization of Applied Scientific Research (TNO) - the independent knowledge organization that builds a bridge between fundamental know-how and the everyday practices of government authorities and the business community.

This site is dedicated to increasing security awareness among the general population and the technology community. The Basic Security section is focused on the average person. The Advanced Security section will be of interest to technologists, senior management and legislators. Security Development
w00w00, with 30+ active members, is currently the largest non-profit security team in the world. w00w00 was created over three years ago. We have members in 5 continents, and 11 countries (Australia, Argentina, Canada, Japan, France, Russia, England, Spain, Sweden, Germany, USA), and 14 states (USA). The members are diverse in their abilities, location, and ethnicity.

The World Wide Web Consortium (W3C) develops interoperable technologies (specifications, guidelines, software, and tools) to lead the Web to its full potential as a forum for information, commerce, communication, and collective understanding. On this page, you'll find W3C news as well as links to information about W3C technologies.

Founded in January 2004, the Web Application Security Consortium is a group of top security experts dedicated to developing and promoting standards of best practice for the World Wide Web. Through firsthand experience, the Consortium members understand the risks of conducting business online and the challenges of securing web sites against all conceivable threats. The Consortium will improve web application security by assisting developers, security professionals and software vendors. Through a collaborative effort with the community, the Consortium feels strongly that significant progress will be achieved to enhance the overall security of the Web. is an online community resource to provide support for those who are interested in network security, including network and security administrators. offers free software and community support with a policy of full-disclosure and user education. Our goal is to empower people with the knowledge and tools required to defend their networks in an ongoing struggle against irresponsible or malevolent attacks. provides Windows security news, articles, tutorials, software listings and reviews for information security professionals covering topics such as firewalls, viruses, intrusion detection and other security topics.
Xfocus is a non-profit and free technology organization which was founded in 1998 in China. We are devoting to research and demonstration of weaknesses related to network services and communication security.
Zone-h is an open site with many administrators acting from all over the world, whose faces and real names might be unknown to us therefore we cannot be held responsible for the material contained.


Apache Server 

Website best viewed using MS IE6 with a minimum screen resolution of 1024x768.

Contact | Legal | Links  | Privacy  | Search  | Site Map

Copyright © 2001-2006 McCracken Associates

Website Modified: January 27, 2006

Cnet Ranks One World No1 Host