Mantra is lite, flexible, portable and user friendly with a nice graphical user interface. You can carry it in memory cards, flash drives, CD/DVDs, etc. It can be run natively on Linux, Windows and Mac platforms. It can also be installed on to your system within minutes. Mantra is absolutely free of cost and takes no time for you to set up.

http://www.getmantra.com/index.html

Small cover dimension (WxH) = 325×475
Large cover dimesnions(WxH) =500×710

294×475

• SIGIL
• eCub – eCub – a simple to use EPUB and MobiPocket ebook creator
• Adobe inDesign
• Calibre: Convert Almost Anything To ePub
• Furhter Articles to explaing the ebub book creation process
• How to Make an eBook Anyone Can Read with ePub

More Tools…

• TagSoup – HTML cleaning tool

The phrase “security framework” has been used in a variety of ways in the security literature over the years, but in 2006 it came to be used as an aggregate term for the various documents (and some pieces of software), from a variety of sources, that give advice on topics related to information systems security, in particular regard to the planning, managing, or auditing of overall information security practices for a given institution.

OWASP – http://www.owasp.org/index.php/Main_Page

The Open Web Application Security Project (OWASP) is an open-source application security project.

OWASP community works to create freely-available articles, methodologies, documentation, tools, and technologies.

OWASP’s most successful documents:

OWASP Guide

OWASP Top 10 awareness document

OWASP Testing Guide – http://www.owasp.org/index.php/Category:OWASP_Testing_Project

The most widely used OWASP tools include the training environment WebGoat

OWASP projects are broadly divided into two main categories, development projects, and documentation projects. Its documentation projects currently consist of:

* OWASP Application Security Verification Standard (ASVS) – A standard for performing application-level security verifications. http://www.owasp.org/index.php/ASVS

* The Guide – This document that provides detailed guidance on web application security

* Top Ten Most Critical Web Application Vulnerabilities – A high-level document to help focus on the most critical issues

* Metrics – A project to define workable web application security metrics

* Legal – A project to help software buyers and sellers negotiate appropriate security in their contracts

* Testing Guide – A guide focused on effective web application security testing

* ISO 17799 – Supporting documents for organizations performing ISO17799 reviews

* AppSec FAQ – Frequently asked questions and answers about application security

Management Framework

1. Zachman Framework

2. Calder-Moir Framework

3. Balanced Scorecard

1. Zachman Framework

The Zachman Framework is a two-dimensional model used to analyze an organization or process by breaking it down into smaller characteristics or considerations.  Instead of trying to look at the entire enterprise at once, you break it down into a grid of perspectives and viewpoints.

2. Calder-Moir Framework

Supposedly in order to help you get the various security frameworks to work together harmoniously, the Calder-Moir IT Governance Framework is really only a graphical classification of the various frameworks in terms of whether they address the topics of business strategy, business and risk environment, IT strategy, operations, capabilities,

and change management

3.Balanced Scorecard

The “balanced” part of Balanced Scorecard is a reminder to view business processes from multiple perspectives, and not to neglect any. Specifically, the process recommends setting objectives, and measuring performance, for the learning and growth (employee training), (internal) business processes, customer (satisfaction), and financial

perspectives.  It is very concerned with metrics and measurement-based management.

The Open Group Architecture Framework (TOGAF)

he Open Group Architecture Framework (TOGAF) is a framework for enterprise architecture which provides a comprehensive approach to the design, planning, implementation, and governance of an enterprise information architecture.

The architecture is typically modelled at four levels or domains; Business, Application, Data, Technology. A set of foundation architectures are provided to enable the architecture team to envision the current and future state of the architecture.

http://en.wikipedia.org/wiki/The_Open_Group_Architecture_Framework

Commercial Frameworks

• CANVAS – http://www.immunitysec.com/products-canvas.shtml
• Core IMPACT – http://www.coresecurity.com/

Free Frame Works

• Durzosploit – http://engineeringforfun.com/wiki/index.php/Durzosploit_Introduction
• Fast-Track – http://www.thepentest.com/
• Inguma – http://www.darknet.org.uk/2007/08/inguma-penetration-testing-toolkit/
• Metasploit – http://www.metasploit.com/
• Netifera – http://netifera.com/
• sapyto – http://www.cybsec.com/EN/research/sapyto.php
• w3af – Web Application Attack and Audit Framework – http://w3af.sf.net/

Penetration Software Testing Methodologies & Links

http://www.penetrationtests.com/Methodology/

• Bluetooth Penetration Testing Framework – http://bluetooth-pentest.narod.ru/
• CCWAPSS (Common Criteria Web Application Security Scoring) – http://ccwapss.blogspot.com/
• Dradis Framework – http://dradisframework.org/
• Information Systems Security Assessment Framework – http://www.oissg.org/home-13.html

ISECOM

ISECOM is an open, collaborative, security research community established in January 2001. In order to fulfill its mission focus to apply critical thinking and scientific methodology to all facets of security, ISECOM is chartered as a commercial-free and non-partisan organization. ISECOM is registered non-profit organization operating from Barcelona, Spain and New York, USA.

http://www.isecom.org/

OSSTMM – Open Source Security Testing Methodology Manual

This Open Source Security Testing Methodology Manual (OSSTMM) provides a methodology for a thorough security test, now referred to as an OSSTMM audit. An OSSTMM audit is an accurate measurement of security at an operational level, void of assumptions and anecdotal evidence.

http://www.isecom.org/osstmm/

Penetration Testing Framework 0.4

This is an excellent penetration testing framework, full of information for pentesters out there.

http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html

SIP Forum Test Framework (SFTF)

The SIP Forum Test Framework (SFTF) was created to allow SIP device vendors to test their devices for common errors. And as a result of these tests improve the interoperability of the devices on the market in general. The SFTF was created by the SIP Forum Technical working Group, and is maintained here on the SIP Foundry website because the SIP Foundry has the appropriate development and other infrastructure required to properly distribute this open source project.

http://www.sipfoundry.org/index.php

LBNL/ICSI Enterprise Tracing Project (Berkeley Lab)
A set of 11GB of packet header traces from October 2004 through January 2005 is available via HTTP and FTP

http://www.icir.org/enterprise-tracing/

Traces available in the Internet Traffic Archive

http://ita.ee.lbl.gov/html/traces.html

IANA — Internet Assigned Numbers Authority
www.iana.org

Internet Engineering Task Force
www.ietf.org

Wireshak University

http://www.wiresharktraining.com/

Wireshak, The World’s most foremost network protocol analyzer

http://www.wireshark.org/

Top 100 Network Security Tools – http://sectools.org/

1. Nessus (Vulnerability Scanner)

The Nessus® vulnerability scanner, is the world-leader in active scanners, featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs, and across physically separate networks.

http://www.nessus.org/nessus/

2. Snort (IDS/IPS)

Snort® is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and over 250,000 registered users, Snort has become the de facto standard for IPS.

http://www.snort.org/

3. nmap (Network Security Scanner)

Nmap (“Network Mapper”) is a free and open source (license) utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

http://nmap.og

4. Wireshark (Network Protocol analyzer)

Wireshark is the world’s foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions.

http://www.wireshark.org

5. Metasploit

Metasploit provides useful information to people who perform penetration testing, IDS signature development, and exploit research. This project was created to provide information on exploit techniques and to create a useful resource for exploit developers and security professionals. The tools and information on this site are provided for legal security research and testing purposes only. Metasploit is a community project managed by Metasploit LLC.

http://www.metasploit.com