- My team at Savvis provides security assessments, design, and operational assistance for businesses.
- Learn how to analyze malware at my SANS course in New York, London, DC, and over the Web.
- My new 2-day course on Combating Malware debuts in Las Vegas at half price; full price in DC.
Information Security Cheat Sheets and Checklists
As much as we try to be proactive about information security, IT planning, or project management, we get distracted, or procrastinate. These information security cheat sheets and checklists are designed to assist IT professionals in difficult situations, even if they find themselves unprepared.
Critical Log Review Checklist for Security Incidents
This cheat sheet presents a checklist for reviewing critical logs when responding to a security incident. It can also be used for routine log review. (Co-authored with Anton Chuvakin.)
Analyzing Malicious Documents Cheat Sheet
This cheat sheet outlines tips and tools for reverse-engineering malicious documents, such as Microsoft Office (DOC, XLS, PPT) and Adobe Acrobat (PDF) files.
Security Architecture Cheat Sheet for Internet Applications
This cheat sheet offers tips for the initial design and review of a complex Internet application's security architecture.
Troubleshooting Human Communications
This cheat sheet offers communication tips for technologists, engineers, and information workers.
Security Incident Survey Cheat Sheet for Server Administrators
This cheat sheet captures tips for examining a potentially-compromised server to decide whether to escalate for formal incident response.
Initial Security Incident Questionnaire for Responders
This cheat sheet lists the questions the incident handler should consider asking when taking control of a qualified incident.
Network DDoS Incident Response Cheat Sheet
This cheat sheet captures advice for battling a network DDoS attack on your infrastructure.
Reverse-Engineering Malware Cheat Sheet
This cheat sheet presents shortcuts and tips for analyzing malicious software.
Information Security Assessment RFP Cheat Sheet
This cheat sheet offers tips for planning, issuing and reviewing RFPs for information security assessments.
How to Suck at Information Security
This cheat sheet presents common information security mistakes, so you can avoid making them.
Security-Related Cheat Sheets by Other Authors
- x86 Intel Assembly Cheat Sheet by Nick Harbour
- Win32 x86 Assembly Cheat Sheet by Peter Kankowski
- Network Cheat Sheets by Jeremy Stretch
- SQL Injection Prevention Cheat Sheet by OWASP
- XSS (Cross Site Scripting) Prevention Cheat Sheet by OWASP
- TCP/IP and Tcpdump Packet Reference by SANS Institute
- Google Hacking and Defense Cheat Sheet by SANS Institute
- Windows Command Line Cheat Sheet by Ed Skoudis
- Netcat Cheat Sheet by Ed Skoudis
- ASP.NET Security Architecture Cheat Sheet by Alik Levin
- A Directory of IT Cheat Sheets at Whatis?com
- SSL/TLS Protection Cheat Sheet by OWASP
- A Directory of Cheat Sheets for Developers maintained by Tim Church
- A Listing of Security Cheat Sheets at QuicklyCode
About the Author: Lenny Zeltser leads the security consulting practice at Savvis, where he focuses on designing and operating security programs for cloud-based IT infrastructure. Lenny's other area of specialization is malicious software; he teaches how to analyze and combat malware at SANS Institute. Lenny explores security topics at conferences, in books and in articles. He also volunteers as an incident handler at the Internet Storm Center. You can follow Lenny on Twitter to stay in touch.
Copyright © 1995-2010 Lenny Zeltser. All rights reserved. RSS Feed.
The information on this site does not necessarily represent positions or opinions of my employer.