Vulnerability Research Resources

As mentioned in the previous post, staying abreast of the latest (and greatest depending upon how you look at it) vulnerabilities out there is a vital aspect in maintaining your knowledge as a competent security professional.  While there are different aspects of cyber security, all with their own underlying importance of understanding various technologies; as a cyber security engineer and penetration tester, I find it extremely important for us to say informed of these issues.

With that being said, I’ve included a list of what I commonly use for my vulnerability research.

ExploitDB

US-CERT

Full Disclosure and BugTraq (SecLists)

SecurityFocus

Secunia Advisories

Microsoft Security Response Center

Microsoft Vulnerability Research (MSVR) Advisories Archive

Microsoft Security Research and Defense

Zero Day | ZDNet

GovernmentSecurity Vulnerability and Exploit Research

SecurityExploded

Twitter is also a very good resource for breaking security and vulnerability news, here’s a few to get you started:

http://twitter.com/threatpost

http://twitter.com/SCMagazine

http://twitter.com/pauldotcom

http://twitter.com/gcluley

http://twitter.com/CiscoSecurity

http://twitter.com/KoreSecure

http://twitter.com/DarkReading

http://twitter.com/Infosanity

http://twitter.com/websenselabs

http://twitter.com/DanielMiessler

http://twitter.com/DefenseIT

http://twitter.com/SecurityTube

http://twitter.com/FSecure

http://twitter.com/packet_storm

http://twitter.com/taosecurity

http://twitter.com/AnonyOps

…and of course http://twitter.com/securitycrush :)