Publications


HolisticInfoSec

HolisticInfoSec.org’s Russ McRee writes regularly regarding information security topics in the hope of sharing knowledge and resources with a wide audience.

February’s toolsmith snapshot focuses on network-wide ad blocking via your own Linux hardware with Pi-hole.
Older article copies, particularly from September 2015 through August 2018 are available here and older PDF copies prior to September 2015 are available here.
Award winning toolsmith offers insights on tools useful to the information security practitioner, typically open source and free.

ADMIN Magazine’s Issue 24/2014: Visualize Security features Russ’ article, Security data analytics and visualization with R.

The September 2012 issue of Information Security magazine, as part of TechTarget’s SearchSecurity, includes Russ’ article Mobile application security best practices in a BYOD world.

InfoSec Resources, part of the InfoSec Institute, has published Russ’ article OWASP Top Ten Tools and Tactics which discusses a tool for each of the OWASP Top 10 to aid in discovering and remediating each vulnerabilty type.

InfoSec Resources also offers Security Incident Response Testing To Meet Audit Requirements, Russ’s article on practical guidance and tools to ensure maximum readiness for incident response teams including drill tactics.

SearchFinancialSecurity.com features three of Russ’ articles:

  1. Financials and the need for software regression testing

  2. Why financials must implement Web application security best practices

  3. Security questions to ask SaaS vendors when outsourcing services

Russ’ article regarding security data visualization is available in Issue 106 (September 2009) of Linux Magazine.

Additionally, his article regarding the open source laptop tracking and recovery offering Adeona is available in Issue 100 (March 2009) of Linux Magazine.

Russ’ article, Safe Keeping, regarding TrueCrypt, is now available in Information Security magazine. TrueCrypt is an open source laptop encryption alternative for your organization. This article also includes a sidebar on Adeona, an open source system for tracking the location of your lost or stolen laptop that does not rely on a proprietary, central service.

July 2008’s (IN)SECURE features Russ’s article Open Redirect Vulnerabilities: Definition and Prevention. Download Issue 17 .

June’s ISSA Journal features Russ’s article, Anatomy of an XSS Attack, as its title piece. This is a unique effort written in the 1st person, as a cybercriminal, to exemplify the grave harm that can come to users and consumers when cross-site scripting (XSS) vulnerabilities are left unmitigated. With kind permission from the ISSA Journal, holistiinfosec.org is able to bring non-members the pdf copy of Anatomy of an XSS Attack. Please consider joining the ISSA today.

Testy Eft , Russ’s article on security testing with nUbuntu , is available in the November 2007 issue 84 of Linux Magazine.

A piece covering Network Security Monitoring and Sguil via Knoppix-NSM is available in the October 2007 Information Security Magazine titled Putting Snort to Work.

OWASP offers Secure Web App Server , in its Papers collection. The paper covers the use of SELinux, iptables, mod_jk, mod_security, and mod_evasive to build a secure web app server. This paper is a living document, updated as needed to stay current. Current version is 1.3 with change notes included.

SMaK - Smoothwall, MySQL and Kiwi Syslog Daemon: Cost Effective Firewall and Logging with Database and Analysis

Systems Security Assessment: A Simple Baseline

Guest Blog Posts

Microsoft Internet Explorer Blog: Statistical Validation of the IE8 XSS Filter

Microsoft Malware Protection Center Threat Research & Response Blog: Another Reason to Avoid Piracy