This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of ".NET Incident Response"
(→Articles & Projects) |
|||
(2 intermediate revisions by one other user not shown) | |||
Line 35: | Line 35: | ||
===References=== | ===References=== | ||
+ | |||
+ | [http://www.zeltser.com/network-os-security/security-incident-survey-cheat-sheet.pdf Cheat Sheet for Server Admin.] | ||
+ | |||
+ | [http://www.ucl.ac.uk/cert/win_intrusion.pdf Checking Microsoft Windows® Systems for Signs of Compromise] | ||
+ | |||
+ | [http://www.zeltser.com/network-os-security/security-incident-questionnaire-cheat-sheet.pdf SECURITY INCIDENT QUESTIONNAIRE FOR RESPONDERS] | ||
+ | |||
+ | [http://sans.org/resources/winsacheatsheet.pdf SAN's SysAdmin Cheat Sheet] | ||
+ | |||
[http://www.cert.org/csirts/Creating-A-CSIRT.html Creating a Computer Security Incident Response Team: A Process for Getting Started] | [http://www.cert.org/csirts/Creating-A-CSIRT.html Creating a Computer Security Incident Response Team: A Process for Getting Started] | ||
Line 40: | Line 49: | ||
[http://www.sei.cmu.edu/publications/documents/03.reports/03hb002.html Handbook for Computer Security Incident Response Teams] | [http://www.sei.cmu.edu/publications/documents/03.reports/03hb002.html Handbook for Computer Security Incident Response Teams] | ||
+ | |||
+ | [http://www.attackprevention.com/Incident_Handling/Incident_Response_Team/ Incident Response Resources] | ||
+ | |||
+ | [http://csrc.nist.gov/publications/nistpubs/800-86/SP800-86.pdf NIST SP800-86: Guide to Integrating Forensic Techniques into Incident Response] | ||
===Tools=== | ===Tools=== | ||
+ | |||
[http://oreilly.com/catalog/incidentres/chapter/ch07.html Incident Response Kit] | [http://oreilly.com/catalog/incidentres/chapter/ch07.html Incident Response Kit] |
Latest revision as of 13:36, 24 November 2008
.NET Incident Response
Understanding how to respond to an incident before it occurs is critical to recovering operations. This section contains information for incident response, and specific content for .NET web application and service incident response handling. In addition to traditional logging functions, how do we know if our application, service, database or other software has been exploited.
Areas of Concern
- Incident Response Plan
As they say, it is not if, it is when you are attacked, what is the plan?
- Communicating
Who uses your software? How do you communicate the incident to your user base?
- Activating the plan
How do we know we've been attacked. Applications and services need to be instrumented to provide information specific to functionality within the software. What guidance or tools are needed to provide information to incident response personnel.
- Containment
Limit the exposure of the incident by isolating the damage.
- Attack Identification and Severity assignment
Find the origin of the attack. Estimate exposure.
- Evidence handling best practices
- Recovery and Continuity
Articles & Projects
Avoiding a Meltdown: The Management Incident Response Team
Windows Best Practices for Security Incident Response
Guide to Integrating Forensic Techniques into Incident Response
Responding to IT Security Incidents
Forum for Incident Response and Security Teams
References
Checking Microsoft Windows® Systems for Signs of Compromise
SECURITY INCIDENT QUESTIONNAIRE FOR RESPONDERS
Creating a Computer Security Incident Response Team: A Process for Getting Started
Computer Security Incident Response Team FAQ
Handbook for Computer Security Incident Response Teams
NIST SP800-86: Guide to Integrating Forensic Techniques into Incident Response