Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

Featuring 32 papers as of Dec 2, 2008

Achieving PCI Compliance with Log Management
SenSage - July 2008

Closing Internal User Visibility and Data Governance Gaps with PacketMotion
PacketMotion - April 2008

Understanding and Selecting a Database Activity Monitoring Solution
Guardium, Imperva, Secerno, Sentrigo, & Tizor - April 2008

Web Based Attacks

Justin Crist

January 4, 2008

- download paper

Analyzing Attack Surface Code Coverage

Justin Seitz

November 14, 2007

- download paper

Forensic Analysis of a SQL Server 2005 Database Server

Kevvie Fowler

September 28, 2007

- download paper

Automated Scanning of Oracle 10g Databases

Rory McCune

August 7, 2007

- download paper

Using Oracle Forensics to determine vulnerability to Zero Day exploits

Paul Wright

February 28, 2007

- download paper

Security in Sun Java System Application Server Platform Edition 8.0

Sid Ansari

June 29, 2005

- download paper

Web Browser Insecurity

Paul Asadoorian

June 2, 2005

- download paper

Application Firewalls: Don't Forget About Layer 7

Russell Eubanks

May 17, 2005

- download paper

Reining in the LAN client

David Monaco

February 25, 2005

- download paper

Securing SQL Connection String

Dmitry Dessiatnikov

April 8, 2004

- download paper

Assessing Vendor Application Security A Practical Way to Begin

Barton Hubbs

April 8, 2004

- download paper

Application Development Technology and Tools: Vulnerabilities and threat management with secure programming practices, a defense in-depth approach

Vilas Ankolekar

December 13, 2003

- download paper

SQL Server 2000: Permissions on System Tables Granted to Logins Due to the Public Role

K Brian Kelley

December 13, 2003

- download paper

Service Account Vulnerabilities

Barbara Guhanick

October 31, 2003

- download paper

Source Code Revelation Vulnerabilities

Christopher Short

October 31, 2003

- download paper

Database - The Final Firewall

Brian Suddeth

October 31, 2003

- download paper

An Approach to Application Security

Ian Rathie

October 31, 2003

- download paper

Distributed Object Technology: Security Perspective

Subbu Cherukuwada

October 31, 2003

- download paper

Making Your Network Safe for Databases

Duane Winner

October 31, 2003

- download paper

Web Application Security for Managers

Pierre de la Brassinne

October 31, 2003

- download paper

Distributed Systems Security: Java, CORBA, and COM+

April L. Moreno

October 31, 2003

- download paper

Security Scenarios in Analysis and Design

Dwight A. Haworth

October 31, 2003

- download paper

Framework for Secure Application Design and Development

Chris McCown

October 31, 2003

- download paper

Security for a CRM environment

Jason LaFrance

October 31, 2003

- download paper

Securing Server Side Java

William Rushmore

October 31, 2003

- download paper

Deploying a Secure Web Application: From a Coding Perspective

Jaime Spicciati

October 31, 2003

- download paper

J.D. Edwards Security using RBAC

Scott Gordee

October 31, 2003

- download paper

Securing End User Active Server Page Applications on an Intranet

Bob Bohn

October 31, 2003

- download paper

SQL Server Email - vulnerability issues and prevention strategies

Frank Ress

October 31, 2003

- download paper