- Training
- Training Live Events
- Training Without Travel
- Security Courses
- Security Curricula
- Certified Instructors
- Training Calendars
- SANS vLive! / SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- Coins
- SANS Onsite
- SANS SelfStudy
- SANS Summit Series
- SANS Partnership Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- List of Resources
- Top 20 List
- Top 25 Programming Errors
- 20 Coolest Jobs
- Application Security Procurement Language
- Top 10 Security Trends
- Top 5 Essential Log Reports
- Reading Room
- Webcasts
- AudioCasts
- WhatWorks
- Newsletters
- RSS Feeds
- Calendar Feeds
- Security Thought Leaders
- Security Policy Project
- Security+ Study Guide
- SANS Buyers Guide
- Security Tool Demos
- 2008 Salary Survey
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
The most trusted source for computer security training, certification and research.
Top 25 Papers
Last Updated November 13, 2009
An Overview of Hardware Security Modules
By: Jim Attridge
Category: Encryption & VPNs
Posted: January 14, 2002
Step by Step Installation of a Secure Linux Web, DNS and Mail Server
By: John Holbrook
Category: Linux Issues
Posted: April 8, 2004
OpenVPN and the SSL VPN Revolution
By: Charlie Hosner
Category: Encryption & VPNs
Posted: August 25, 2004
Why Crack When You Can Pass the Hash?
By: Christopher Hummel
Category: Penetration Testing
Posted: November 3, 2009
Information Security Policy - A Development Guide for Large and Small Companies
By: Sorcha Diver
Category: Security Policy Issues
Posted: March 2, 2004
Windows Vista: First Steps
By: Johannes Ullrich
Category: Windows Issues
Posted: December 23, 2003
An Introduction to Information System Risk Management
By: Steve Elky
Category: Auditing & Assessment
Posted: June 6, 2006
Best Practices in Data Protection: Encryption, Key Management and Tokenization
By: nuBridges, inc
Category: Application/Database Sec
Best Practices
Encryption & VPNs
Compliance
Posted: September 29, 2009
Women in IT Security Project Management
By: Gurdeep Kaur
Category: Management & Leadership
Posted: October 27, 2009
Security Concerns in Using Open Source Software for Enterprise Requirements
By: Sreenivasa Vadalasetty
Category: Security Awareness
Posted: January 11, 2004
Six Ways to Reduce PCI DSS Audit Scope by Tokenizing Cardholder data
By: nuBridges, inc
Category: Best Practices
eCommerce
Encryption & VPNs
Compliance
Posted: September 29, 2009
A Fuzzing Approach to Credentials Discovery using Burp Intruder
By: Karl Dawson
Category: Penetration Testing
Posted: October 29, 2009
Harness the Power of SIEM
By: Dereck Haye
Category: Intrusion Detection
Logging Technology and Techniques
Posted: October 6, 2009
Detecting and Preventing Anonymous Proxy Usage
By: John Brozycki
Category: Intrusion Detection
Posted: November 6, 2008
A Reverse Proxy Is A Proxy By Any Other Name
By: Art Stricek
Category: Web Servers
Posted: January 10, 2002
The Disaster Recovery Plan
By: Chad Bahan
Category: Disaster Recovery
Posted: August 13, 2003
A Guide to Security Metrics
By: Shirley Payne
Category: Auditing & Assessment
Posted: June 26, 2006
DNS Spoofing by The Man In The Middle
By: Ian Green
Category: DNS Issues
Posted: May 5, 2005
Cisco Security Agent and Incident Handling
By: Greg Farnham
Category: Incident Handling
Posted: October 1, 2009
Simple Windows Batch Scripting for Intrusion Discovery
By: Tim Proffitt
Category: Auditing & Assessment
Incident Handling
Posted: September 29, 2009
PCI DSS and Incident Handling: What is required before, during and after an incident
By: Christian J. Moldes
Category: Compliance
Posted: June 16, 2009
Data Center Physical Security Checklist
By: Sean Heare
Category: Security Awareness
Posted: December 1, 2001
SSL Man-in-the-Middle Attacks
By: Peter Burkholder
Category: Threats/Vulnerabilities
Posted: February 1, 2002
WiFi with BackTrack
By: Antonio Merola
Category: Auditing & Assessment
Posted: December 24, 2007
Easy Steps to Cisco Extended Access List
By: Nancy Navato
Category: Network Devices
Posted: July 5, 2001
By: Jim Attridge
Category: Encryption & VPNs
Posted: January 14, 2002
Step by Step Installation of a Secure Linux Web, DNS and Mail Server
By: John Holbrook
Category: Linux Issues
Posted: April 8, 2004
OpenVPN and the SSL VPN Revolution
By: Charlie Hosner
Category: Encryption & VPNs
Posted: August 25, 2004
Why Crack When You Can Pass the Hash?
By: Christopher Hummel
Category: Penetration Testing
Posted: November 3, 2009
Information Security Policy - A Development Guide for Large and Small Companies
By: Sorcha Diver
Category: Security Policy Issues
Posted: March 2, 2004
Windows Vista: First Steps
By: Johannes Ullrich
Category: Windows Issues
Posted: December 23, 2003
An Introduction to Information System Risk Management
By: Steve Elky
Category: Auditing & Assessment
Posted: June 6, 2006
Best Practices in Data Protection: Encryption, Key Management and Tokenization
By: nuBridges, inc
Category: Application/Database Sec
Best Practices
Encryption & VPNs
Compliance
Posted: September 29, 2009
Women in IT Security Project Management
By: Gurdeep Kaur
Category: Management & Leadership
Posted: October 27, 2009
Security Concerns in Using Open Source Software for Enterprise Requirements
By: Sreenivasa Vadalasetty
Category: Security Awareness
Posted: January 11, 2004
Six Ways to Reduce PCI DSS Audit Scope by Tokenizing Cardholder data
By: nuBridges, inc
Category: Best Practices
eCommerce
Encryption & VPNs
Compliance
Posted: September 29, 2009
A Fuzzing Approach to Credentials Discovery using Burp Intruder
By: Karl Dawson
Category: Penetration Testing
Posted: October 29, 2009
Harness the Power of SIEM
By: Dereck Haye
Category: Intrusion Detection
Logging Technology and Techniques
Posted: October 6, 2009
Detecting and Preventing Anonymous Proxy Usage
By: John Brozycki
Category: Intrusion Detection
Posted: November 6, 2008
A Reverse Proxy Is A Proxy By Any Other Name
By: Art Stricek
Category: Web Servers
Posted: January 10, 2002
The Disaster Recovery Plan
By: Chad Bahan
Category: Disaster Recovery
Posted: August 13, 2003
A Guide to Security Metrics
By: Shirley Payne
Category: Auditing & Assessment
Posted: June 26, 2006
DNS Spoofing by The Man In The Middle
By: Ian Green
Category: DNS Issues
Posted: May 5, 2005
Cisco Security Agent and Incident Handling
By: Greg Farnham
Category: Incident Handling
Posted: October 1, 2009
Simple Windows Batch Scripting for Intrusion Discovery
By: Tim Proffitt
Category: Auditing & Assessment
Incident Handling
Posted: September 29, 2009
PCI DSS and Incident Handling: What is required before, during and after an incident
By: Christian J. Moldes
Category: Compliance
Posted: June 16, 2009
Data Center Physical Security Checklist
By: Sean Heare
Category: Security Awareness
Posted: December 1, 2001
SSL Man-in-the-Middle Attacks
By: Peter Burkholder
Category: Threats/Vulnerabilities
Posted: February 1, 2002
WiFi with BackTrack
By: Antonio Merola
Category: Auditing & Assessment
Posted: December 24, 2007
Easy Steps to Cisco Extended Access List
By: Nancy Navato
Category: Network Devices
Posted: July 5, 2001
Check Them Out!
504 was a great course to better enhance my understanding of attack methods and how to better defend my systems
-Dustin Odsa, Indiana University
- © 2000-2009 The SANS™ Institute
- Web Privacy Policy | Web Contact |
- Press Room | Trademark Usage Policy