When I take a trip on the Way, Way Back Machine, one tool that impressed me was validation of old school websites. It was the W3C validator that gave me a point of reference to make improvements and ensure browser support. The differentiator for this tool was the full weight of the Consortium behind it -- the institution that standardizes many web technologies -- and of course the tool was free. This tool is still maintained though I seldom see new, hip "web designers" putting it on their pages.
Fast forward to the 21st century and there's a new(er) tool for security that I just bumped into. CIS-CAT is a security validation tool that is backed by the Center for Information Security (CIS). CIS gets a stamp from other organizations, like famous mainstay The SANS Institute. Sadly their automated validator requires buying a hefty membership. Evidently CIS hasn't gotten on board the Freemium bandwagon!
To their credit, CIS does release both the audit checklists and technical steps for verifying security compliance. They call these security documents "Benchmarks" and these are *far* more valuable to the techie than abstract drivel that's usually posted online. I just downloaded a few CIS Benchmarks based on platform for free and am thinking it will be trivial to script these.
BTW: this Blogger page fails 4 W3C compliance checks :)
No comments:
Post a Comment