Requirement 6 – Resources

Requirement 6: Develop and maintain secure systems and applications

Patching
– Microsoft System Center Configuration Manager (SCCM) (www.microsoft.com)
– Shavlik Patch for Microsoft System Center (http://www.shavlik.com)
– Secunia PSI (http://secunia.com/)
– GFI LanGuard (www.gfi.com/LanGuard_2014)
– Kaseya (www.kaseya.com/features/security-management/patch-management)
– Lumension (https://www.lumension.com/…/patch-management-software.aspx)

Vulnerability research
– www.rapid7.com/db/
– nvd.nist.gov/
– www.cvedetails.com/
– www.exploit-db.com/
– https://cve.mitre.org/
– www.securityfocus.com/vulnerabilities
– secunia.com › Community

Software development best practices
– https://www.owasp.org/index.php/Secure_SDLC_Cheat_Sheet
– https://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide
– www.microsoft.com/security/sdl/
– http://www.mcafee.com/au/resources/data-sheets/foundstone/ds-secure-software-dev-life-cycle.pdf
– http://www.cert.org/secure-coding/research/secure-coding-standards.cfm?
– http://resources.infosecinstitute.com/intro-secure-software-development-life-cycle/
– https://www.isc2.org/uploadedFiles/%28ISC%292_Public_Content/Certification_Programs/CSSLP/ISC2_WPIV.pdf

Change control
– https://files.sans.org/summit/scada09/PDFs/Sample%20IT%20Change%20Management%20Policies%20and%20Procedures%20Guide%20%283%29.pdf

Security testing of web applications
– BURP (portswigger.net/burp)
– Acunetix (https://www.acunetix.com)
– WebInspect (http://www8.hp.com/au/en/software-solutions/software.html?compURI=1341991#.VCqrKBbggf4)
– Appscan (www.ibm.com/software/products/en/appscan)

Posted in Resources.