Information Security Cheat Sheets and Checklists

As much as we try to be proactive about information security, IT planning, or project management, we get distracted, or procrastinate. These information security cheat sheets and checklists are designed to assist IT professionals in difficult situations, even if they find themselves unprepared.

REMnux Usage Tips for Malware Analysis on Linux

This cheat sheet outlines the tools and commands for analyzing malicious software on the REMnux Linux distribution.

Tips for Creating an Information Security Assessment Report

This cheat sheet presents recommendations for creating a strong report as part of an information security assessment project.

Critical Log Review Checklist for Security Incidents

This cheat sheet presents a checklist for reviewing critical logs when responding to a security incident. It can also be used for routine log review. (Co-authored with Anton Chuvakin.)

Analyzing Malicious Documents Cheat Sheet

This cheat sheet outlines tips and tools for reverse-engineering malicious documents, such as Microsoft Office (DOC, XLS, PPT) and Adobe Acrobat (PDF) files.

Security Architecture Cheat Sheet for Internet Applications

This cheat sheet offers tips for the initial design and review of a complex Internet application's security architecture.

Troubleshooting Human Communications

This cheat sheet offers communication tips for technologists, engineers, and information workers.

Security Incident Survey Cheat Sheet for Server Administrators

This cheat sheet captures tips for examining a potentially-compromised server to decide whether to escalate for formal incident response.

Initial Security Incident Questionnaire for Responders

This cheat sheet lists the questions the incident handler should consider asking when taking control of a qualified incident.

Network DDoS Incident Response Cheat Sheet

This cheat sheet captures advice for battling a network DDoS attack on your infrastructure.

Reverse-Engineering Malware Cheat Sheet

This cheat sheet presents shortcuts and tips for analyzing malicious software.

Information Security Assessment RFP Cheat Sheet

This cheat sheet offers tips for planning, issuing and reviewing RFPs for information security assessments.

How to Suck at Information Security

This cheat sheet presents common information security mistakes, so you can avoid making them.

Security-Related Cheat Sheets by Other Authors

x86 Intel Assembly Cheat Sheet by Nick Harbour
Win32 x86 Assembly Cheat Sheet by Peter Kankowski
Network Cheat Sheets by Jeremy Stretch
SQL Injection Prevention Cheat Sheet by OWASP
XSS (Cross Site Scripting) Prevention Cheat Sheet by OWASP
TCP/IP and Tcpdump Packet Reference by SANS Institute
Google Hacking and Defense Cheat Sheet by SANS Institute
Windows Command Line Cheat Sheet by Ed Skoudis
Netcat Cheat Sheet by Ed Skoudis
ASP.NET Security Architecture Cheat Sheet by Alik Levin
A Directory of IT Cheat Sheets at Whatis?com
SSL/TLS Protection Cheat Sheet by OWASP
A Directory of Cheat Sheets for Developers maintained by Tim Church
A Listing of Security Cheat Sheets at QuicklyCode

About the Author: Lenny Zeltser is a seasoned IT professional with a strong background in information security and business management. His areas of expertise include cloud services and malicious software. Lenny focuses on safeguarding customers' IT operations at Radiant Systems. He also teaches how to analyze and combat malware at SANS Institute. Lenny explores security topics at conferences, in books and in articles. He also volunteers as an incident handler at the Internet Storm Center. You should follow Lenny on Twitter and read his daily blog.