安全架構設計必讀與參考材料

Web Security / 雲端資訊安全

安全架構設計必讀與參考材料

Image result for secure design

Secure Coding

https://www.securecoding.cert.org/confluence/display/seccode/SEI+CERT+Coding+Standards

http://cwe.mitre.org/top25/

http://cwe.mitre.org/data/published/cwe_v2.9.pdf

https://www.jssec.org/dl/android_securecoding_en.pdf

安全配置

https://benchmarks.cisecurity.org/downloads/

Security Benchmarks are distributed free of charge in PDF format to propagate their worldwide use and adoption as user-originated, de facto standards. The CIS Security Benchmarks are the only consensus-based, best-practice security configuration guides both developed and accepted by government, business, industry, and academia.

NIST Security

http://csrc.nist.gov/publications/PubsSPs.html

 

ETSI

http://www.etsi.org/technologies-clusters/technologies/security

http://www.etsi.org/images/files/ETSIWhitePapers/etsi_wp1_security-201506.pdf

 

CSA Cloud Security alliance

https://downloads.cloudsecurityalliance.org/assets/research/top-threats/Treacherous-12_Cloud-Computing_Top-Threats.pdf

https://downloads.cloudsecurityalliance.org/assets/research/security-guidance/csaguide.v3.0.pdf

 

OWASP

https://www.owasp.org/index.php/OWASP_Cheat_Sheet_Series

https://www.owasp.org/images/9/9a/OWASP_Cheatsheets_Book.pdf

https://www.owasp.org/images/3/33/OWASP_Application_Security_Verification_Standard_3.0.1.pdf

https://www.owasp.org/images/8/82/Esapi-design-patterns.pdf

 

德國電信

https://www.telekom.com/en/corporate-responsibility/data-protection—data-security/security

https://www.telekom.com/resource/blob/327540/d284622cddd1d6fb7ff784e1a46f9587/dl-security-requirements-data.zip

 

AWS Security

https://aws.amazon.com/whitepapers/#security

  • Introduction to AWS Security (July 2015)    PDF | Kindle
    • Introduction to AWS’ approach to security and foundational tools available to customers.
  • Overview of Security Processes (October 2016)    PDF | Kindle
    • Physical and operational security processes for network and infrastructure under AWS’ management.
  • AWS Security Best Practices (August 2016)    PDF | Kindle
    • Authoritative guidance for security when using AWS services.
  • Introduction to AWS Security Processes (June 2016)    PDF
    • Physical and operational security processes for network and infrastructure under AWS’ management.
  • Overview of AWS Security – Analytics, Mobile, and Applications Services (June 2016)    PDF
    • Security aspects of Amazon EMR, Amazon Kinesis, AWS Data Pipeline, AWS IAM, Amazon CloudWatch, AWS CloudHSM, and more.
  • Overview of AWS Security – Application Services (June 2016)    PDF
    • Security aspects of Amazon CloudSearch, Amazon SES, Amazon SNS, Amazon SQS, Amazon SWF, and more.
  • Overview of AWS Security – Compute Services (June 2016)    PDF
    • Security aspects of the hypervisor usage, instance isolation, and auto scaling.
  • Overview of AWS Security – Database Services (June 2016)    PDF
    • Security aspects of Amazon DynamoDB, Amazon RDS, encryption, and network isolation.
  • Overview of AWS Security – Network Security (August 2016)    PDF
    • Security aspects of the network architecture, access points, transmission protection, and fault-tolerant design.
  • Overview of AWS Security – Storage Services (June 2016)    PDF
    • Security aspects of storage, including data access, data transfer, durability, and access logs.
  • Security at Scale: Governance in AWS (October 2015)    PDF
    • Using governance-enabling features to drive greater security.
  • Security at Scale: Logging in AWS (October 2015)    PDF
    • Overview of common compliance requirements related to logging.
  • Cross-Domain Solutions on AWS (December 2016)    PDF
    • Best practices for deploying a cross-domain solution using AWS services.
  • Whitepaper on EU Data Protection (December 2016)    PDF
    • Meeting EU compliance requirements when using AWS services.
  • Secure Content Delivery with Amazon Cloudfront (November 2016)    PDF
    • Maintaining security while using the Amazon CDN.
  • AWS Risk and Compliance (October 2016)    PDF | Kindle
    • Integrating AWS into your existing control framework.
  • Architecting for HIPAA Security and Compliance on AWS (October 2016)    PDF | Kindle
    • HIPAA-compliant solutions using AWS services.
  • AWS Key Management Service Cryptographic Details (August 2016)    PDF
    • Detailed description of cryptographic operations when using AWS Key Management Service.
  • AWS Best Practices for DDoS Resiliency (June 2016)    PDF | Kindle
    • Techniques to mitigate Distributed Denial of Service attacks.
  • Introduction to Auditing the Use of AWS (October 2015)    PDF
    • Shared security model, tools, and appoaches for auditing security.
  • Family Educational Rights and Privacy Act (FERPA) Compliance on AWS (May 2015)    PDF
    • Considerations when using AWS services in FERPA compliance environments.
  • Single Sign-On: Integrating AWS, OpenLDAP, and Shibboleth (April 2015)    PDF
    • Integrating AWS IAM and LDAP for single sign-on solution.
  • Architecting for Genomic Data Security and Compliance in AWS(December 2014)    Executive Overview | PDF
    • Working with controlled-access datasets for genomic research repositories.
  • Encrypting Data at Rest (November 2014)    PDF | Kindle
    • Overview of options for encrypting data at rest.
  • Using Windows Active Directory Federation Services (ADFS) for Single Sign-On to EC2 (March 2010)    PDF
    • Single sign-on for hybrid environment.

 

Related Posts

“Hands-On Security in DevOps” Book Released

August 13, 2018

網絡安全技術文章彙整 

August 9, 2018

MySQL 效能監控SQL語句

August 5, 2018

Firmware 必備測試工具

May 12, 2018

軟體安全開源開發框架介紹

March 15, 2018

威脅分析的開源工具分享

March 12, 2018

Leave a Reply

Your email address will not be published. Required fields are marked *