Friday, 3 July 2009
Online Resources for Emerging Threats
« Electronic Health Records: Deja vu all over again. | Main | Is 128 Bits Better than 256? »
One of the challenges of an infosec practitioner is remaining knowledgeable about the emerging threats coming down the pipeline. The following are some of the online resources I leverage to seek out emerging threats and as well as manage the information:
- Google Alerts - This tool is a no brainer. As with any other Google alert, simply supply your search terms and sit back as Google does its magic. A few of search terms I have plugged in are "hacked security computer", and "security data breach databreach" "sql injection xss" with a configuration to email me the results once a day. Overall, this simple email alert is a very effective way to be updated on recent breaches.
- XSSed Alerts - XSSed.org is a site were users report cross-site scripting vulnerabilities as they are found. The site also allows one to monitor domains for newly discovered vulnerabilities. The submitted proofs-of-concept are valuable for determining how various XSS attacks are crafted.
- Twitter - As much as I bash Twitter for their lax security, I have gotten a lot of mileage out of the very active info security community that "tweet". Combined with the very liberal usage of hashtagged topics (#security, #vulnerability, #xss being amongst my favorites), Twitter provides a quick means for seeing what security topics, events, and incidents are "hot" at any given moment.
- RSS feeds - Another no brainer for the list. There's no need to elaborate on the benefits of RSS. Instead, I'll list some of my daily security reads. These are in no particular order of importance:
Technorati Tags: emerging threats
Posted by at 7:23 PM in Research
[Trackback URL for this entry]
Check out the OWASP moderated appsec news feed. We put a lot into choosing stories that are noncommercial, technical, and well written.