The World Wide Web contains a truckload of interesting security information, ranging from archives with ancient security documents all the way to the most recent advances in security protocols and security blunders. Below you can find a list of the websites that I think are worth browsing and reading. The list will be updated regularly.


Weblogs and newsletters

    - http://www.schneier.com/blog/ (Bruce Schneier's log)

    - http://blogs.technet.com/markrussinovich/ (Mark Russinovich's blog)

    - http://www.minasi.com/nwsreg.htm (Mark Minasi's newsletter)

    - http://www.schneier.com/crypto-gram.html (Bruce Schneier's Crypto-Gram)


Certification

    - http://www.isc2.org/ (ISC2)

    - http://www.sans.org/ (SANS)

    - http://www.cert.org/ (CERT)

    - http://www.cccure.org/ (a very good CISSP exam preparation site)


Documents

    - http://csrc.nist.gov/publications/PubsSPs.html (NIST Special Publications)

    - http://eprint.iacr.org/ (Cryptology ePrint Archive)


Miscellaneous

    - http://www.securityfocus.com/

    - http://www.beveiligingnieuws.nl/

    - http://www.security-online.nl/

    - http://www.xs4all.nl/~rvy/ib-index.html (Portaal Informatiebeveiliging)

    - http://www.security.nl/ (Dutch security log, brought in an easy to understand manner)


Fun

    - http://www.stupidsecurity.com/ (How not to implement security)


Security tools

    - http://sectools.org/ (Top 100 Network Security Tools)

    - http://www.joeware.net/ (Microsoft command line tools)


Vendor-specific sites

    - http://www.microsoft.com/security (The starting point for finding Microsoft security information)

 


Battling fraud

    - http://www.fraudemeldpunt.nl/ (Steunpunt Acquisitiefraude (SAF))

    - http://www.kvk.nl/veiligondernemen/ (KvK tips)