安全架構設計必讀與參考材料

安全架構設計必讀與參考材料

Image result for secure design

Secure Coding

https://www.securecoding.cert.org/confluence/display/seccode/SEI+CERT+Coding+Standards

http://cwe.mitre.org/top25/

http://cwe.mitre.org/data/published/cwe_v2.9.pdf

https://www.jssec.org/dl/android_securecoding_en.pdf

安全配置

https://benchmarks.cisecurity.org/downloads/

Security Benchmarks are distributed free of charge in PDF format to propagate their worldwide use and adoption as user-originated, de facto standards. The CIS Security Benchmarks are the only consensus-based, best-practice security configuration guides both developed and accepted by government, business, industry, and academia.

NIST Security

http://csrc.nist.gov/publications/PubsSPs.html

 

ETSI

http://www.etsi.org/technologies-clusters/technologies/security

http://www.etsi.org/images/files/ETSIWhitePapers/etsi_wp1_security-201506.pdf

 

CSA Cloud Security alliance

https://downloads.cloudsecurityalliance.org/assets/research/top-threats/Treacherous-12_Cloud-Computing_Top-Threats.pdf

https://downloads.cloudsecurityalliance.org/assets/research/security-guidance/csaguide.v3.0.pdf

 

OWASP

https://www.owasp.org/index.php/OWASP_Cheat_Sheet_Series

https://www.owasp.org/images/9/9a/OWASP_Cheatsheets_Book.pdf

https://www.owasp.org/images/3/33/OWASP_Application_Security_Verification_Standard_3.0.1.pdf

https://www.owasp.org/images/8/82/Esapi-design-patterns.pdf

 

德國電信

https://www.telekom.com/en/corporate-responsibility/data-protection—data-security/security

https://www.telekom.com/resource/blob/327540/d284622cddd1d6fb7ff784e1a46f9587/dl-security-requirements-data.zip

 

AWS Security

https://aws.amazon.com/whitepapers/#security

  • Introduction to AWS Security (July 2015)    PDF | Kindle
    • Introduction to AWS’ approach to security and foundational tools available to customers.
  • Overview of Security Processes (October 2016)    PDF | Kindle
    • Physical and operational security processes for network and infrastructure under AWS’ management.
  • AWS Security Best Practices (August 2016)    PDF | Kindle
    • Authoritative guidance for security when using AWS services.
  • Introduction to AWS Security Processes (June 2016)    PDF
    • Physical and operational security processes for network and infrastructure under AWS’ management.
  • Overview of AWS Security – Analytics, Mobile, and Applications Services (June 2016)    PDF
    • Security aspects of Amazon EMR, Amazon Kinesis, AWS Data Pipeline, AWS IAM, Amazon CloudWatch, AWS CloudHSM, and more.
  • Overview of AWS Security – Application Services (June 2016)    PDF
    • Security aspects of Amazon CloudSearch, Amazon SES, Amazon SNS, Amazon SQS, Amazon SWF, and more.
  • Overview of AWS Security – Compute Services (June 2016)    PDF
    • Security aspects of the hypervisor usage, instance isolation, and auto scaling.
  • Overview of AWS Security – Database Services (June 2016)    PDF
    • Security aspects of Amazon DynamoDB, Amazon RDS, encryption, and network isolation.
  • Overview of AWS Security – Network Security (August 2016)    PDF
    • Security aspects of the network architecture, access points, transmission protection, and fault-tolerant design.
  • Overview of AWS Security – Storage Services (June 2016)    PDF
    • Security aspects of storage, including data access, data transfer, durability, and access logs.
  • Security at Scale: Governance in AWS (October 2015)    PDF
    • Using governance-enabling features to drive greater security.
  • Security at Scale: Logging in AWS (October 2015)    PDF
    • Overview of common compliance requirements related to logging.
  • Cross-Domain Solutions on AWS (December 2016)    PDF
    • Best practices for deploying a cross-domain solution using AWS services.
  • Whitepaper on EU Data Protection (December 2016)    PDF
    • Meeting EU compliance requirements when using AWS services.
  • Secure Content Delivery with Amazon Cloudfront (November 2016)    PDF
    • Maintaining security while using the Amazon CDN.
  • AWS Risk and Compliance (October 2016)    PDF | Kindle
    • Integrating AWS into your existing control framework.
  • Architecting for HIPAA Security and Compliance on AWS (October 2016)    PDF | Kindle
    • HIPAA-compliant solutions using AWS services.
  • AWS Key Management Service Cryptographic Details (August 2016)    PDF
    • Detailed description of cryptographic operations when using AWS Key Management Service.
  • AWS Best Practices for DDoS Resiliency (June 2016)    PDF | Kindle
    • Techniques to mitigate Distributed Denial of Service attacks.
  • Introduction to Auditing the Use of AWS (October 2015)    PDF
    • Shared security model, tools, and appoaches for auditing security.
  • Family Educational Rights and Privacy Act (FERPA) Compliance on AWS (May 2015)    PDF
    • Considerations when using AWS services in FERPA compliance environments.
  • Single Sign-On: Integrating AWS, OpenLDAP, and Shibboleth (April 2015)    PDF
    • Integrating AWS IAM and LDAP for single sign-on solution.
  • Architecting for Genomic Data Security and Compliance in AWS(December 2014)    Executive Overview | PDF
    • Working with controlled-access datasets for genomic research repositories.
  • Encrypting Data at Rest (November 2014)    PDF | Kindle
    • Overview of options for encrypting data at rest.
  • Using Windows Active Directory Federation Services (ADFS) for Single Sign-On to EC2 (March 2010)    PDF
    • Single sign-on for hybrid environment.

 

Leave a Reply

Your email address will not be published.