Technology and Tools Working Group
Resources
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Weakness Enumeration (CWE)
The Data & Analysis Center for Software
Federal Plan for Cyber Security and Information Assurance Research and Development: Available for download on the National Coordination Office for Networking and Information Technology Research and Development site.
ISO/IEC SC22 OWGV Guidance for Avoiding Vulnerabilities through Language Selection and Use
The Open Source Vulnerability Database
Sandia Labs Center for SCADA Security
Security Measurement (PDF): A white paper published by Practical Software and Systems Measurement
Software Assurance Metrics and Tool Evaluation Project (SAMATE)
OWASP Testing Guide
This Open Web Application Security Project (OWASP) Testing Guide project is a "best practices" web application penetration testing framework that users can implement in their own organizations and a "low level" web application penetration testing guide that describes how to find certain issues.
OWASP ESAPI
The OWASP Enterprise Security API (ESAPI) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications. The ESAPI libraries also serve as a solid foundation for new development.
OWASP Live CD Open Source Tool Suite
The OWASP Live CD Open Source Tool Suite project makes application security tools and documentation easily available. The contents range from OWASP WebScarab and WebGoat to Wireshark and SQLBrute.