- Sandboxed Execution Environment (SEE) is a framework for building test automation in secured Environments. The Sandboxes, provided via libvirt, are customizable allowing high degree of flexibility. Different type of Hypervisors (Qemu, VirtualBox, LXC) can be employed to run the Test Environments.
- OWASP Zed Attack Proxy (ZAP) - helps you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing. With more tools at OWASP™ Foundation - the free and open software security community.
- Upgrade Your Security Incident Response Plan (CSIRP) : 7 Step Checklist 1) conduct a complete risk assessment, 2) identify key team members & stakeholders, 3) define security incident types, 4) inventory resources & assets, 5) plan hierarchy of information flow, 6) prepare a variety of public statements, 7) prepare an incident event log
- CISA - Assessments: Cyber Resilience Review (CRR)
- What is a Security Operations Center (SOC)? Best Practices, Benefits, & Framework - 1) establishing asset awareness, 2) preventive security monitoring, 3) keeping records of activity and communications, 4) ranking security alerts, 5) modifying defenses, 6) maintaining compliance
Security Web Sites
- Hacking Tools presented for pentesters - Kali Linux, Parrot Security OS, Black Arch, Nmap, Metasploit, Nikto (how to at Admin Magazine), Wireshark, SQLMap
- Mining Adminers – Hackers Scan the Internet For DB Scripts - I found "GET /adminer-4.4.0-mysql.php HTTP/1.1" in my own logs, one of many similar entries