Security Tools and Resources

Security Resources

Common Weakness Enumeration (CWE)

The CWE is a "list of software weaknesses." It catalogs and defines types of vulnerabilities, so that these can be easily discussed and addressed.

The common Weakness Enumeration (CWE) includes examples of code that have each been identified as having a specific software weakness.

The CWE is sponsored by MITRE, which also runs the CVE program (see below).

The National Vulnerability Database (NVD)

The National Vulnerability Database (NVD) is "a repository of standards-based vulnerability management data."

The NVD includes the Common Vulnerabilities and Exposures (CVE®) list, descriptions of these CVEs, other resources such as the Common Configuration Enumeration (CCE™), and links to security checklists.

The CVE list includes "entries" for publicly known cybersecurity vulnerabilities. Each entry includes a unique identifier (CVE ID), details of the vulnerability, and links to related resources.

The Open Web Application Security Project (OWASP)

The Open Web Application Security Project (OWASP) is "an online community which produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security."

OWASP's Top 10 list "is a classification of the most common attacks on the web," and provides guidance on how to mitigate these attacks.

The SANS Institute

The SANS Institute is "the most trusted and by far the largest source for information security training in the world."

SANS offers a variety of free resources, including the Global Information Assurance Certification (GIAC) program, a large library of whitepapers, and security tools.

The United States Computer Emergency Readiness Team (US-CERT)

US-CERT "coordinates defense against and responses to computer security threats within the United States."

They offer a variety of resources for both individuals and organizations, including security tips, guidance on malware removal, and information on current threats.

## Summary

There are a variety of resources available to individuals and organizations interested in learning more about cybersecurity. These resources include the Common Weakness Enumeration (CWE), the National Vulnerability

The Common Vulnerability Scoring System (CVSS)

The CVSS is a "industry open standard designed to convey the severity of vulnerabilities."

It consists of three metric groups: Base, Temporal, and Environmental. These groups are used to calculate a score between 0.0 and 10.0, with 10.0 being the most severe.

The Open Vulnerability Assessment System (OpenVAS)

OpenVAS is "a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and management solution."

It is free and open source, and runs on Linux.

The Security Content Automation Protocol (SCAP)

The SCAP is "a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation."

It consists of a set of open standards, which are used to "create security checklists, configuration baselines, and vulnerability signatures."

Summary

There are a variety of resources available to individuals and organizations interested in learning more about cybersecurity. These resources include the Common Vulnerability Scoring System (CVSS), the Open Vulnerability Assessment System (OpenVAS), and the Security Content Automation Protocol (SCAP). By using these resources, organizations can more effectively manage and respond to cybersecurity threats.