Book picks similar to
Alice and Bob Learn Application Security by Tanya Janca
security
tech
software-engineering
cybersecurity
Laravel: Up and Running: A Framework for Building Modern PHP Apps
Matt Stauffer - 2016
This rapid application development framework and its vast ecosystem of tools let you quickly build new sites and applications with clean, readable code. With this practical guide, Matt Stauffer--a leading teacher and developer in the Laravel community--provides the definitive introduction to one of today's most popular web frameworks.The book's high-level overview and concrete examples will help experienced PHP web developers get started with Laravel right away. By the time you reach the last page, you should feel comfortable writing an entire application in Laravel from scratch.Dive into several features of this framework, including:Blade, Laravel's powerful, custom templating toolTools for gathering, validating, normalizing, and filtering user-provided dataLaravel's Eloquent ORM for working with the application's databasesThe Illuminate request object, and its role in the application lifecyclePHPUnit, Mockery, and PHPSpec for testing your PHP codeLaravel's tools for writing JSON and RESTful APIsInterfaces for file system access, sessions, cookies, caches, and searchTools for implementing queues, jobs, events, and WebSocket event publishingLaravel's specialty packages: Scout, Passport, Cashier, Echo, Elixir, Valet, and Socialite
The Problem with Software: Why Smart Engineers Write Bad Code
Adam Barr - 2018
As the size and complexity of commercial software have grown, the gap between academic computer science and industry has widened. It's an open secret that there is little engineering in software engineering, which continues to rely not on codified scientific knowledge but on intuition and experience.Barr, who worked as a programmer for more than twenty years, describes how the industry has evolved, from the era of mainframes and Fortran to today's embrace of the cloud. He explains bugs and why software has so many of them, and why today's interconnected computers offer fertile ground for viruses and worms. The difference between good and bad software can be a single line of code, and Barr includes code to illustrate the consequences of seemingly inconsequential choices by programmers. Looking to the future, Barr writes that the best prospect for improving software engineering is the move to the cloud. When software is a service and not a product, companies will have more incentive to make it good rather than "good enough to ship."
AWS Lambda: A Guide to Serverless Microservices
Matthew Fuller - 2016
Lambda enables users to develop code that executes in response to events - API calls, file uploads, schedules, etc - and upload it without worrying about managing traditional server metrics such as disk space, memory, or CPU usage. With its "per execution" cost model, Lambda can enable organizations to save hundreds or thousands of dollars on computing costs. With in-depth walkthroughs, large screenshots, and complete code samples, the reader is guided through the step-by-step process of creating new functions, responding to infrastructure events, developing API backends, executing code at specified intervals, and much more. Introduction to AWS Computing Evolution of the Computing Workload Lambda Background The Internals The Basics Functions Languages Resource Allocation Getting Set Up Hello World Uploading the Function Working with Events AWS Events Custom Events The Context Object Properties Methods Roles and Permissions Policies Trust Relationships Console Popups Cross Account Access Dependencies and Resources Node Modules OS Dependencies OS Resources OS Commands Logging Searching Logs Testing Your Function Lambda Console Tests Third-Party Testing Libraries Simulating Context Hello S3 Object The Bucket The Role The Code The Event The Trigger Testing When Lambda Isn’t the Answer Host Access Fine-Tuned Configuration Security Long-Running Tasks Where Lambda Excels AWS Event-Driven Tasks Scheduled Events (Cron) Offloading Heavy Processing API Endpoints Infrequently Used Services Real-World Use Cases S3 Image Processing Shutting Down Untagged Instances Triggering CodeDeploy with New S3 Uploads Processing Inbound Email Enforcing Security Policies Detecting Expiring Certificates Utilizing the AWS API Execution Environment The Code Pipeline Cold vs. Hot Execution What is Saved in Memory Scaling and Container Reuse From Development to Deployment Application Design Development Patterns Testing Deployment Monitoring Versioning and Aliasing Costs Short Executions Long-Running Processes High-Memory Applications Free Tier Calculating Pricing CloudFormation Reusable Template with Minimum Permissions Cross Account Access CloudWatch Alerts AWS API Gateway API Gateway Event Creating the Lambda Function Creating a New API, Resource, and Method Initial Configuration Mapping Templates Adding a Query String Using HTTP Request Information Within Lambda Deploying the API Additional Use Cases Lambda Competitors Iron.io StackHut WebTask.io Existing Cloud Providers The Future of Lambda More Resources Conclusion
The Tangled Web: A Guide to Securing Modern Web Applications
Michal Zalewski - 2011
Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. To keep users safe, it is essential for developers to confidently navigate this landscape.In The Tangled Web, Michal Zalewski, one of the world's top browser security experts, offers a compelling narrative that explains exactly how browsers work and why they're fundamentally insecure. Rather than dispense simplistic advice on vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security. You'll learn how to:Perform common but surprisingly complex tasks such as URL parsing and HTML sanitization Use modern security features like Strict Transport Security, Content Security Policy, and Cross-Origin Resource Sharing Leverage many variants of the same-origin policy to safely compartmentalize complex web applications and protect user credentials in case of XSS bugs Build mashups and embed gadgets without getting stung by the tricky frame navigation policy Embed or host user-supplied content without running into the trap of content sniffing For quick reference, "Security Engineering Cheat Sheets" at the end of each chapter offer ready solutions to problems you're most likely to encounter. With coverage extending as far as planned HTML5 features, The Tangled Web will help you create secure web applications that stand the test of time.
Get Your Hands Dirty on Clean Architecture: A hands-on guide to creating clean web applications with code examples in Java
Tom Hombergs - 2019
UNIX and Linux System Administration Handbook
Evi Nemeth - 2010
This is one of those cases. The UNIX System Administration Handbook is one of the few books we ever measured ourselves against." -From the Foreword by Tim O'Reilly, founder of O'Reilly Media "This book is fun and functional as a desktop reference. If you use UNIX and Linux systems, you need this book in your short-reach library. It covers a bit of the systems' history but doesn't bloviate. It's just straightfoward information delivered in colorful and memorable fashion." -Jason A. Nunnelley"This is a comprehensive guide to the care and feeding of UNIX and Linux systems. The authors present the facts along with seasoned advice and real-world examples. Their perspective on the variations among systems is valuable for anyone who runs a heterogeneous computing facility." -Pat Parseghian The twentieth anniversary edition of the world's best-selling UNIX system administration book has been made even better by adding coverage of the leading Linux distributions: Ubuntu, openSUSE, and RHEL. This book approaches system administration in a practical way and is an invaluable reference for both new administrators and experienced professionals. It details best practices for every facet of system administration, including storage management, network design and administration, email, web hosting, scripting, software configuration management, performance analysis, Windows interoperability, virtualization, DNS, security, management of IT service organizations, and much more. UNIX(R) and Linux(R) System Administration Handbook, Fourth Edition, reflects the current versions of these operating systems: Ubuntu(R) LinuxopenSUSE(R) LinuxRed Hat(R) Enterprise Linux(R)Oracle America(R) Solaris(TM) (formerly Sun Solaris)HP HP-UX(R)IBM AIX(R)
A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security
Tobias Klein - 2011
In this one-of-a-kind account, you'll see how the developers responsible for these flaws patched the bugs—or failed to respond at all. As you follow Klein on his journey, you'll gain deep technical knowledge and insight into how hackers approach difficult problems and experience the true joys (and frustrations) of bug hunting.Along the way you'll learn how to:Use field-tested techniques to find bugs, like identifying and tracing user input data and reverse engineering Exploit vulnerabilities like NULL pointer dereferences, buffer overflows, and type conversion flaws Develop proof of concept code that verifies the security flaw Report bugs to vendors or third party brokersA Bug Hunter's Diary is packed with real-world examples of vulnerable code and the custom programs used to find and test bugs. Whether you're hunting bugs for fun, for profit, or to make the world a safer place, you'll learn valuable new skills by looking over the shoulder of a professional bug hunter in action.
Django for Beginners: Learn web development with Django 2.0
William S. Vincent - 2018
Proceed step-by-step through five progressively more complex web applications: from a "Hello World" app all the way to a robust Newspaper app with a custom user model, complete user authentication flow, foreign key relationships, and more. Learn current best practices around class-based views, templates, urls, user authentication, testing, and deployment. The material is up-to-date with the latest versions of both Django (2.0) and Python (3.6). TABLE OF CONTENTS: * Introduction * Chapter 1: Initial Setup * Chapter 2: Hello World app * Chapter 3: Pages app * Chapter 4: Message Board app * Chapter 5: Blog app * Chapter 6: Forms * Chapter 7: User Accounts * Chapter 8: Custom User Model * Chapter 9: User Authentication * Chapter 10: Bootstrap * Chapter 11: Password Change and Reset * Chapter 12: Email * Chapter 13: Newspaper app * Chapter 14: Permissions and Authorizations * Chapter 15: Comments * Conclusion
The Best of 2600: A Hacker Odyssey
Emmanuel Goldstein - 2008
Find the best of the magazine's writing in Best of 2600: A Hacker Odyssey, a collection of the strongest, most interesting, and often most controversial articles covering 24 years of changes in technology, all from a hacker's perspective. Included are stories about the creation of the infamous tone dialer "red box" that allowed hackers to make free phone calls from payphones, the founding of the Electronic Frontier Foundation, and the insecurity of modern locks.
The Hacker Playbook 2: Practical Guide To Penetration Testing
Peter Kim - 2015
The Hacker Playbook provides them their own game plans. Written by a longtime security professional and CEO of Secure Planet, LLC, this step-by-step guide to the “game” of penetration hacking features hands-on examples and helpful advice from the top of the field.Through a series of football-style “plays,” this straightforward guide gets to the root of many of the roadblocks people may face while penetration testing—including attacking different types of networks, pivoting through security controls, privilege escalation, and evading antivirus software.From “Pregame” research to “The Drive” and “The Lateral Pass,” the practical plays listed can be read in order or referenced as needed. Either way, the valuable advice within will put you in the mindset of a penetration tester of a Fortune 500 company, regardless of your career or level of experience.This second version of The Hacker Playbook takes all the best "plays" from the original book and incorporates the latest attacks, tools, and lessons learned. Double the content compared to its predecessor, this guide further outlines building a lab, walks through test cases for attacks, and provides more customized code.Whether you’re downing energy drinks while desperately looking for an exploit, or preparing for an exciting new job in IT security, this guide is an essential part of any ethical hacker’s library—so there’s no reason not to get in the game.
Microsoft .NET - Architecting Applications for the Enterprise
Dino Esposito - 2014
But the principles and practices of software architecting–what the authors call the “science of hard decisions”–have been evolving for cloud, mobile, and other shifts. Now fully revised and updated, this book shares the knowledge and real-world perspectives that enable you to design for success–and deliver more successful solutions. In this fully updated Second Edition, you will: Learn how only a deep understanding of domain can lead to appropriate architecture Examine domain-driven design in both theory and implementation Shift your approach to code first, model later–including multilayer architecture Capture the benefits of prioritizing software maintainability See how readability, testability, and extensibility lead to code quality Take a user experience (UX) first approach, rather than designing for data Review patterns for organizing business logic Use event sourcing and CQRS together to model complex business domains more effectively Delve inside the persistence layer, including patterns and implementation.
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
Mark Dowd - 2006
Drawing on their extraordinary experience, they introduce a start-to-finish methodology for "ripping apart" applications to reveal even the most subtle and well-hidden security flaws.
Gray Hat Python: Python Programming for Hackers and Reverse Engineers
Justin Seitz - 2008
But until now, there has been no real manual on how to use Python for a variety of hacking tasks. You had to dig through forum posts and man pages, endlessly tweaking your own code to get everything working. Not anymore.Gray Hat Python explains the concepts behind hacking tools and techniques like debuggers, trojans, fuzzers, and emulators. But author Justin Seitz goes beyond theory, showing you how to harness existing Python-based security tools - and how to build your own when the pre-built ones won't cut it.You'll learn how to:Automate tedious reversing and security tasks Design and program your own debugger Learn how to fuzz Windows drivers and create powerful fuzzers from scratch Have fun with code and library injection, soft and hard hooking techniques, and other software trickery Sniff secure traffic out of an encrypted web browser session Use PyDBG, Immunity Debugger, Sulley, IDAPython, PyEMU, and more The world's best hackers are using Python to do their handiwork. Shouldn't you?
Smashing Node.Js: JavaScript Everywhere
Guillermo Rauch - 2012
With more traditional web servers becoming obsolete, having knowledge on servers that achieve high scalability and optimal resource consumption using Node.js is the key to your app development success. Teaching you the essentials to making event-driven server-side apps, this book demonstrates how you can use less space and take less time for communication between web client and server.Contains numerous hands-on examples Explains implementation of real-time apps including Socket.IO and HTML5, and WebSockets Addresses practical Node.js advantages from specific design choices Demonstrates why knowledge and use of JavaScript is beneficial Includes an interactive online component with sample chapters Explains components of stand out apps including brevity and benchmarks Looking to enhance your abilities even further? Smashing Node.js: JavaScript Everywhere makes developing server-side apps accessible with its focus on JavaScript, open source, and easy-to-use language.