Since the early 1990s, I've been collecting and categorizing web sites
I've found useful. When I published the first version of this web site
all those years ago, that list was the focus of the site. Back then,
everybody on the web seemed to have the same idea. Eventually, some
people took the idea more seriously, and formed companies like Yahoo to commercialize their work. I've kept plugging along with my humble,
eclectic list all these years, and I can't seem to stop collecting. I
hope you find it useful, too.
- cryptographic algorithms
- Gibson Research Corporation, home of some interesting security papers and software
- GnuPG: Gnu Privacy Guard, a PGP-compatible encryption program
- Honeynet Project, whose goal is to learn the tools, tactics, and motives of the blackhat community, and share those lessons learned
- NaCl (Networking and Cryptography library): a new easy-to-use high-speed software library for network communication, encryption, decryption, signatures, etc. NaCl's goal is to provide all of the core operations needed to build higher-level cryptographic tools.
- Overclocking SSL: how to make SSL perform well
- OWASP: Open Web Application Security Project. Note particularly their list of the top ten web security vulnerabilities.
- Putty, an SSH client for Windows NT
- Ron Rivest's collection
- Scanning data for entropy anomalies: a blog entry on finding keys and other high-entropy data in otherwise normal files
- Soft Security: The idea is to protect the system and its users from harm, in gentle and unobtrusive ways.
- STunnel, universal SSL wrapper
- StupidSecurity.com: Exposing Fake Security Since 2003
- Web security technical information