• Current and Former Projects
• Business Partners
• Holden Web and Open Source
• Contact Holden Web

• Database Readings
• TCP/IP Reading
• Computer Forensics Topics
• Web Security Reading
• Network Vulnerability Assessment
• Securing Wireless Networks
• Student Comments About Steve Holden

• Family and Friends
• About the Company

If you have completed the Learning Tree 486 class, you will now have an uncomfortable awareness that there are more things that you need to know about than you can comfortably find time to track down. Don't worry, all security professionals get to feel that way from time to time. This page is intended to act as an antidote to the panic, and to help you follow up the learning you've done so far by providing links to reference materials and additional resources. Please come back from time to time. Eventually you'll find a registration system that will notify you by mail when a page changes.

Reference Sources
The first place to start any web research is with the World Wide Web Consortium, or W3C as they are often known. They have an excellent Web Security FAQ* that answers many common questions of the sort class members often raise. So, if you mail me with a question and the answer's in the W3C Security FAQ, expect to be told so!

At the time of writing the FAQ was last updated in February 2002, but for example the IIS bugs section was clearly rather older than this. Remember, though, that FAQ lists are for frequently-asked questions, and are not intended to be the most current information on a topic. A somewhat more theoretical overview is given in the W3C's Security Resources document. This document, while short, contains a large number of relevant links. You should not ignore it.

The US Department of Energy' CIAS (Computer Incident Advisory Capability) maintains a short Web Security information bulletin which includes a very useful list of best practices. The CIAS' services are available to DOE, DOE Contractors, and the NIH. Their home page is also worth a look although not all of it is web-related.

You can help your users to protect themselves by using the plugins available for McAfee's Site Advisor or similar. It's always difficult to catch issues with malicious servers, but at least this way users can be notified about some of the potential problems and avoid many of the IE-based "drive-by download" exploits.

---

*FAQ: Frequently-Asked Questions

• 
  See it at Amazon.com

• Python Code
• Python Web Programming
• Networking in Python
• Python Training
• Introduction to Python

• News feature requires JavaScript