How to Measure Anything in Cybersecurity Risk


Douglas W. Hubbard - 2016
    In his bestselling book How to Measure Anything, author Douglas W. Hubbard opened the business world's eyes to the critical need for better measurement. This book expands upon that premise and draws from The Failure of Risk Management to sound the alarm in the cybersecurity realm. Some of the field's premier risk management approaches actually create more risk than they mitigate, and questionable methods have been duplicated across industries and embedded in the products accepted as gospel. This book sheds light on these blatant risks, and provides alternate techniques that can help improve your current situation. You'll also learn which approaches are too risky to save, and are actually more damaging than a total lack of any security.Dangerous risk management methods abound; there is no industry more critically in need of solutions than cybersecurity. This book provides solutions where they exist, and advises when to change tracks entirely.Discover the shortcomings of cybersecurity's best practices Learn which risk management approaches actually create risk Improve your current practices with practical alterations Learn which methods are beyond saving, and worse than doing nothing Insightful and enlightening, this book will inspire a closer examination of your company's own risk management practices in the context of cybersecurity. The end goal is airtight data protection, so finding cracks in the vault is a positive thing--as long as you get there before the bad guys do. How to Measure Anything in Cybersecurity Risk is your guide to more robust protection through better quantitative processes, approaches, and techniques.

Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet


Joseph Menn - 2010
    His guides are California surfer and computer whiz Barrett Lyon and a fearless British high-tech agent. Through these heroes, Menn shows the evolution of cyber-crime from small-time thieving to sophisticated, organized gangs, who began by attacking corporate websites but increasingly steal financial data from consumers and defense secrets from governments. Using unprecedented access to Mob businesses and Russian officials, the book reveals how top criminals earned protection from the Russian government.Fatal System Error penetrates both the Russian cyber-mob and La Cosa Nostra as the two fight over the Internet's massive spoils. The cloak-and-dagger adventure shows why cyber-crime is much worse than you thought—and why the Internet might not survive.

Python Crash Course: A Hands-On, Project-Based Introduction to Programming


Eric Matthes - 2015
    You'll also learn how to make your programs interactive and how to test your code safely before adding it to a project. In the second half of the book, you'll put your new knowledge into practice with three substantial projects: a Space Invaders-inspired arcade game, data visualizations with Python's super-handy libraries, and a simple web app you can deploy online.As you work through Python Crash Course, you'll learn how to: Use powerful Python libraries and tools, including matplotlib, NumPy, and PygalMake 2D games that respond to keypresses and mouse clicks, and that grow more difficult as the game progressesWork with data to generate interactive visualizationsCreate and customize simple web apps and deploy them safely onlineDeal with mistakes and errors so you can solve your own programming problemsIf you've been thinking seriously about digging into programming, Python Crash Course will get you up to speed and have you writing real programs fast. Why wait any longer? Start your engines and code!

Black Code: Inside the Battle for Cyberspace


Robert J. Deibert - 2013
    We depend on it for everything we do. We have reengineered our business, governance, and social relations around a planetary network unlike any before it. But there are dangers looming, and malign forces are threatening to transform this extraordinary domain.In Black Code, Ronald J. Deibert, a leading expert on digital technology, security, and human rights, lifts the lid on cyberspace and shows what’s at stake for Internet users and citizens. As cyberspace develops in unprecedented ways, powerful agents are scrambling for control. Predatory cyber criminal gangs such as Koobface have made social media their stalking ground. The discovery of Stuxnet, a computer worm reportedly developed by Israel and the United States and aimed at Iran’s nuclear facilities, showed that state cyberwar is now a very real possibility. Governments and corporations are in collusion and are setting the rules of the road behind closed doors.This is not the way it was supposed to be. The Internet’s original promise of a global commons of shared knowledge and communications is now under threat. Drawing on the first-hand experiences of one of the most important protagonists in the battle — the Citizen Lab and its global network of frontline researchers, who have spent more than a decade cracking cyber espionage rings and uncovering attacks on citizens and NGOs worldwide — Black Code takes readers on a fascinating journey into the battle for cyberspace. Thought-provoking, compelling, and sometimes frightening, it is a wakeup call to citizens who have come to take the Internet for granted. Cyberspace is ours, it is what we make of it, Deibert argues, and we need to act now before it slips through our grasp.

Penetration Testing: A Hands-On Introduction to Hacking


Georgia Weidman - 2014
    This beginner-friendly book opens with some basics of programming and helps you navigate Kali Linux, an operating system that comes preloaded with useful computer security tools like Wireshark and Metasploit. You'll learn about gathering information on a target, social engineering, capturing network traffic, analyzing vulnerabilities, developing exploits, and more. Hands-on examples discuss even advanced topics like mobile device security and bypassing anti-virus software.

The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler


Chris Eagle - 2008
    With IDA Pro, you live in a source code-optional world. IDA can automatically analyze the millions of opcodes that make up an executable and present you with a disassembly. But at that point, your work is just beginning. With The IDA Pro Book, you'll learn how to turn that mountain of mnemonics into something you can actually use.Hailed by the creator of IDA Pro as the "long-awaited" and "information-packed" guide to IDA, The IDA Pro Book covers everything from the very first steps to advanced automation techniques. While other disassemblers slow your analysis with inflexibility, IDA invites you to customize its output for improved readability and usefulness. You'll save time and effort as you learn to:Identify known library routines, so you can focus your analysis on other areas of the code Extend IDA to support new processors and filetypes, making disassembly possible for new or obscure architectures Explore popular plug-ins that make writing IDA scripts easier, allow collaborative reverse engineering, and much more Utilize IDA's built-in debugger to tackle obfuscated code that would defeat a stand-alone disassembler You'll still need serious assembly skills to tackle the toughest executables, but IDA makes things a lot easier. Whether you're analyzing the software on a black box or conducting hard-core vulnerability research, a mastery of IDA Pro is crucial to your success. Take your skills to the next level with The IDA Pro Book.

Automate the Boring Stuff with Python: Practical Programming for Total Beginners


Al Sweigart - 2014
    But what if you could have your computer do them for you?In "Automate the Boring Stuff with Python," you'll learn how to use Python to write programs that do in minutes what would take you hours to do by hand no prior programming experience required. Once you've mastered the basics of programming, you'll create Python programs that effortlessly perform useful and impressive feats of automation to: Search for text in a file or across multiple filesCreate, update, move, and rename files and foldersSearch the Web and download online contentUpdate and format data in Excel spreadsheets of any sizeSplit, merge, watermark, and encrypt PDFsSend reminder emails and text notificationsFill out online formsStep-by-step instructions walk you through each program, and practice projects at the end of each chapter challenge you to improve those programs and use your newfound skills to automate similar tasks.Don't spend your time doing work a well-trained monkey could do. Even if you've never written a line of code, you can make your computer do the grunt work. Learn how in "Automate the Boring Stuff with Python.""

Sinatra: Up and Running


Alan Harris - 2011
    With this concise book, you will quickly gain working knowledge of Sinatra and its minimalist approach to building both standalone and modular web applications. Sinatra serves as a lightweight wrapper around Rack middleware, with syntax that maps closely to functions exposed by HTTP verbs, which makes it ideal for web services and APIs. If you have experience building applications with Ruby, you’ll quickly learn language fundamentals and see under-the-hood techniques, with the help of several practical examples. Then you’ll get hands-on experience with Sinatra by building your own blog engine. Learn Sinatra’s core concepts, and get started by building a simple application Create views, manage sessions, and work with Sinatra route definitions Become familiar with the language’s internals, and take a closer look at Rack Use different subclass methods for building flexible and robust architectures Put Sinatra to work: build a blog that takes advantage of service hooks provided by the GitHub API

Head First Java


Kathy Sierra - 2005
    You might think the problem is your brain. It seems to have a mind of its own, a mind that doesn't always want to take in the dry, technical stuff you're forced to study. The fact is your brain craves novelty. It's constantly searching, scanning, waiting for something unusual to happen. After all, that's the way it was built to help you stay alive. It takes all the routine, ordinary, dull stuff and filters it to the background so it won't interfere with your brain's real work--recording things that matter. How does your brain know what matters? It's like the creators of the Head First approach say, suppose you're out for a hike and a tiger jumps in front of you, what happens in your brain? Neurons fire. Emotions crank up. Chemicals surge. That's how your brain knows.And that's how your brain will learn Java. Head First Java combines puzzles, strong visuals, mysteries, and soul-searching interviews with famous Java objects to engage you in many different ways. It's fast, it's fun, and it's effective. And, despite its playful appearance, Head First Java is serious stuff: a complete introduction to object-oriented programming and Java. You'll learn everything from the fundamentals to advanced topics, including threads, network sockets, and distributed programming with RMI. And the new. second edition focuses on Java 5.0, the latest version of the Java language and development platform. Because Java 5.0 is a major update to the platform, with deep, code-level changes, even more careful study and implementation is required. So learning the Head First way is more important than ever. If you've read a Head First book, you know what to expect--a visually rich format designed for the way your brain works. If you haven't, you're in for a treat. You'll see why people say it's unlike any other Java book you've ever read.By exploiting how your brain works, Head First Java compresses the time it takes to learn and retain--complex information. Its unique approach not only shows you what you need to know about Java syntax, it teaches you to think like a Java programmer. If you want to be bored, buy some other book. But if you want to understand Java, this book's for you.

Mac OS X Snow Leopard: The Missing Manual


David Pogue - 2009
    Fortunately, David Pogue is back, with the humor and expertise that have made this the #1 bestselling Mac book for eight years straight. You get all the answers with jargon-free introductions to:Big-ticket changes. A 64-bit overhaul. Faster everything. A rewritten Finder. Microsoft Exchange compatibility. All-new QuickTime Player. If Apple wrote it, this book covers it.Snow Leopard Spots. This book demystifies the hundreds of smaller enhancements, too, in all 50 programs that come with the Mac: Safari, Mail, iChat, Preview, Time Machine.Shortcuts. This must be the tippiest, trickiest Mac book ever written. Undocumented surprises await on every page.Power usage. Security, networking, build-your-own Services, file sharing with Windows, even Mac OS X's Unix chassis-this one witty, expert guide makes it all crystal clear.

Active Directory


Alistair G. Lowe-Norris - 2003
    Updated to cover Windows Server 2012, the fifth edition of this bestselling book gives you a thorough grounding in Microsoft's network directory service by explaining concepts in an easy-to-understand, narrative style.You'll negotiate a maze of technologies for deploying a scalable and reliable AD infrastructure, with new chapters on management tools, searching the AD database, authentication and security protocols, and Active Directory Federation Services (ADFS). This book provides real-world scenarios that let you apply what you've learned--ideal whether you're a network administrator for a small business or a multinational enterprise.Upgrade Active Directory to Windows Server 2012Learn the fundamentals, including how AD stores objectsUse the AD Administrative Center and other management toolsLearn to administer AD with Windows PowerShellSearch and gather AD data, using the LDAP query syntaxUnderstand how Group Policy functionsDesign a new Active Directory forestExamine the Kerberos security protocolGet a detailed look at the AD replication process

Android Hacker's Handbook


Joshua J. Drake - 2013
    Written by experts who rank among the world's foremost Android security researchers, this book presents vulnerability discovery, analysis, and exploitation tools for the good guys. Following a detailed explanation of how the Android OS works and its overall security architecture, the authors examine how vulnerabilities can be discovered and exploits developed for various system components, preparing you to defend against them.If you are a mobile device administrator, security researcher, Android app developer, or consultant responsible for evaluating Android security, you will find this guide is essential to your toolbox.A crack team of leading Android security researchers explain Android security risks, security design and architecture, rooting, fuzz testing, and vulnerability analysis Covers Android application building blocks and security as well as debugging and auditing Android apps Prepares mobile device administrators, security researchers, Android app developers, and security consultants to defend Android systems against attack Android Hacker's Handbook is the first comprehensive resource for IT professionals charged with smartphone security.

Core JavaServer Faces (Core Series)


David M. Geary - 2004
    Now, Core JavaServer™ Faces–the #1 guide to JSF–has been thoroughly updated in this second edition, covering the latest feature enhancements, the powerful Ajax development techniques, and open source innovations that make JSF even more valuable. Authors David Geary and Cay Horstmann delve into all facets of JSF 1.2 development, offering systematic best practices for building robust applications, minimizing handcoding, and maximizing productivity. Drawing on unsurpassed insider knowledge of the Java platform, they present solutions, hints, tips, and “how-tos” for writing superior JSF 1.2 production code, even if you’re new to JSF, JavaServer Pages™, or servlets.The second edition’s extensive new coverage includes: JSF 1.2’s improved alignment with the broader Java EE 5 platform; enhancements to the JSF APIs; controlling Web flow with Shale; and using Facelets to replace JSP with XHTML markup. The authors also introduce Ajax development with JSF–from real-time validation and Direct Web Remoting to wrapping Ajax in JSF components and using the popular Ajax4jsf framework.This book will help you Automate low-level details and eliminate unnecessary complexity in server-side development Discover JSF best practices, ranging from effective UI design and style sheets to internationalization Use JSF with Tiles to build consistent, reusable user interfaces Leverage external services such as databases, LDAP directories, authentication/authorization, and Webservices Use JBoss Seam to greatly simplify development of database-backed applications Implement custom components, converters, and validators Master the JSF 1.2 tag libararies, and extend JSF with additional tag libraries Preface Acknowledgments Chapter 1: Getting Started Chapter 2: Managed Beans Chapter 3: Navigation Chapter 4: Standard JSF Tags Chapter 5: Data Tables Chapter 6: Conversion and Validation Chapter 7: Event Handling Chapter 8: Subviews and Tiles Chapter 9: Custom Components, Converters, and Validators Chapter 10: External Services Chapter 11: Ajax Chapter 12: Open Source Chapter 13: How Do I . . . Index

Hibernate in Action


Christian Bauer - 2004
    Why is this open-source tool so popular? Because it automates a tedious task: persisting your Java objects to a relational database. The inevitable mismatch between your object-oriented code and the relational database requires you to write code that maps one to the other. This code is often complex, tedious and costly to develop. Hibernate does the mapping for you.Not only that, Hibernate makes it easy. Positioned as a layer between your application and your database, Hibernate takes care of loading and saving of objects. Hibernate applications are cheaper, more portable, and more resilient to change. And they perform better than anything you are likely to develop yourself."Hibernate in Action" carefully explains the concepts you need, then gets you going. It builds on a single example to show you how to use Hibernate in practice, how to deal with concurrency and transactions, how to efficiently retrieve objects and use caching.The authors created Hibernate and they field questions from the Hibernate community every day-they know how to make Hibernate sing. Knowledge and insight seep out of every pore of this book."What's Inside"- ORM concepts- Getting started- Many real-world tasks- The Hibernate application development process

The Hacker Crackdown: Law and Disorder on the Electronic Frontier


Bruce Sterling - 1992
    A journalist investigates the past, present, and future of computer crimes, as he attends a hacker convention, documents the extent of the computer crimes, and presents intriguing facts about hackers and their misdoings.