Organizations
Here are some information-rich sites to make you reach for the aspirin. These have second-to-none white paper libraries, threat alerts, mailing lists, purposeful projects, and whatever else to tempt you away from that TV movie.
OWASP
The indispensible Open Web Application Security Project is made up of some of the wisest heads on the web nurturing dozens of projects (including the ModSecurity Core Rule Set Project, which we discussed in Chapter 11 and the WebGoat Project which cropped up in this section). Hats off!
SANS
The SysAdmin, Audit, Network, Security Institute is a giant in security training and their free reading room and storm center are so vastly informative you may never return:
SecurityFocus
SecurityFocus has white papers, tons of mailing lists such as the zero day alerter BugTraq (a must-sub mailing list for security pros) and a valuable Vulnerability Database:
WASC
Another Robert Auger brainchild, The Web Application Security Consortium promotes proactive projects, has a leading mailing list and its Threat Classification defines risks:
Wikipedia
Not niche, sure, but the 'pejia is always good value and details threats predictably well:
