Book picks similar to
The Art of Software Security Testing: Identifying Software Security Flaws by Chris Wysopal
tech
security
aaa-books
technical
The Tao of Network Security Monitoring: Beyond Intrusion Detection
Richard Bejtlich - 2004
This book reducesthe investigative workload of computer security incident response teams(CSIRT) by posturing organizations for incident response success.Firewalls can fail. Intrusion-detection systems can be bypassed. Networkmonitors can be overloaded. These are the alarming but true facts aboutnetwork security. In fact, too often, security administrators' tools can serve asgateways into the very networks they are defending.Now, a novel approach to network monitoring seeks to overcome theselimitations by providing dynamic information about the vulnerability of allparts of a network. Called network security monitoring (NSM), it draws on acombination of auditing, vulnerability assessment, intrusion detection andprevention, and incident response for the most comprehensive approach tonetwork security yet. By focusing on case studies and the application of opensourcetools, the author helps readers gain hands-on knowledge of how tobetter defend networks and how to mitigate damage from security incidents.
The Art of Deception: Controlling the Human Element of Security
Kevin D. Mitnick - 2001
Since his release from federal prison, in 1998, Mitnick has turned his life around and established himself as one of the most sought-after computer security experts worldwide. Now, in The Art of Deception, the world's most notorious hacker gives new meaning to the old adage, "It takes a thief to catch a thief." Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. With the help of many fascinating true stories of successful attacks on business and government, he illustrates just how susceptible even the most locked-down information systems are to a slick con artist impersonating an IRS agent. Narrating from the points of view of both the attacker and the victims, he explains why each attack was so successful and how it could have been prevented in an engaging and highly readable style reminiscent of a true-crime novel. And, perhaps most importantly, Mitnick offers advice for preventing these types of social engineering hacks through security protocols, training programs, and manuals that address the human element of security.
Hacker's Delight
Henry S. Warren Jr. - 2002
Aiming to tell the dark secrets of computer arithmetic, this title is suitable for library developers, compiler writers, and lovers of elegant hacks.
Hacking: The Art of Exploitation
Jon Erickson - 2003
This book explains the technical aspects of hacking, including stack based overflows, heap based overflows, string exploits, return-into-libc, shellcode, and cryptographic attacks on 802.11b.
The REST API Design Handbook
George Reese - 2012
The RESTful approach to web services design is rapidly become the approach of choice. Unfortunately, too few people have truly solid REST API design skills, and discussions of REST can become bogged down in dry theory.The REST API Design Handbook is a simple, practical guide to aid software engineers and software architects create lasting, scalable APIs based on REST architectural principles. The book provides a sound foundation in discussing the constraints that define a REST API. It quickly goes beyond that into the practical aspects of implementing such an API in the real world.Written by cloud computing expert George Reese, The REST API Design Handbook reflects hands on work in consuming many different third party APIs as well the development of REST-based web services APIs. It addresses all of the debates the commonly arise while creating these APIs. Subjects covered include:* REST architectural constraints* Using HTTP methods and response codes in an API* Authenticating RESTful API calls* Versioning* Asynchronous Operations* Pagination and Streaming* Polling and Push Notifications* Rate Limiting
Bulletproof SSL and TLS: The Complete Guide to Deploying Secure Servers and Web Applications
Ivan Ristic - 2014
Quite the contrary; mistakes are easy to make and can often fully compromise security. Bulletproof SSL and TLS is the first SSL book written with users in mind. It is the book you will want to read if you need to assess risks related to website encryption, manage keys and certificates, configure secure servers, and deploy secure web applications. Bulletproof SSL and TLS is based on several years of work researching SSL and how SSL is used in real life, implementing and supporting a comprehensive assessment tool running on the SSL Labs website (https://www.ssllabs.com), and assessing most of the public SSL servers on the Internet. The assessment tool helped many site owners identify and solve issues with their SSL deployments. The intent of this book is to provide a definitive reference for SSL deployment that is full of practical and relevant information.
Microsoft .NET - Architecting Applications for the Enterprise
Dino Esposito - 2014
But the principles and practices of software architecting–what the authors call the “science of hard decisions”–have been evolving for cloud, mobile, and other shifts. Now fully revised and updated, this book shares the knowledge and real-world perspectives that enable you to design for success–and deliver more successful solutions. In this fully updated Second Edition, you will: Learn how only a deep understanding of domain can lead to appropriate architecture Examine domain-driven design in both theory and implementation Shift your approach to code first, model later–including multilayer architecture Capture the benefits of prioritizing software maintainability See how readability, testability, and extensibility lead to code quality Take a user experience (UX) first approach, rather than designing for data Review patterns for organizing business logic Use event sourcing and CQRS together to model complex business domains more effectively Delve inside the persistence layer, including patterns and implementation.
Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground
Kevin Poulsen - 2011
Max 'Vision' Butler was a white-hat hacker and a celebrity throughout the programming world, even serving as a consultant to the FBI. But there was another side to Max. As the black-hat 'Iceman', he'd seen the fraudsters around him squabble, their ranks riddled with infiltrators, their methods inefficient, and in their dysfunction was the ultimate challenge: he would stage a coup and steal their ill-gotten gains from right under their noses.Through the story of Max Butler's remarkable rise, KINGPIN lays bare the workings of a silent crime wave affecting millions worldwide. It exposes vast online-fraud supermarkets stocked with credit card numbers, counterfeit cheques, hacked bank accounts and fake passports. Thanks to Kevin Poulsen's remarkable access to both cops and criminals, we step inside the quiet,desperate battle that law enforcement fights against these scammers. And learn that the boy next door may not be all he seems.
Humans vs Computers
Gojko Adzic - 2017
You'll read about humans who are invisible to computers, how a default password once caused a zombie apocalypse and why airlines sometimes give away free tickets. This is also a book on how to prevent, avoid and reduce the impact of such problems. Our lives are increasingly tracked, monitored and categorised by software, driving a flood of information into the vast sea of big data. In this brave new world, humans can't cope with information overload. Governments and companies alike rely on computers to automatically detect fraud, predict behaviour and enforce laws. Inflexible automatons, barely smarter than a fridge, now make life-changing decisions. Clever marketing tricks us into believing that phones, TV sets and even cars are somehow smart. Yet all those computer systems were created by people - people who are well-meaning but fallible and biased, clever but forgetful, and who have grand plans but are pressed for time. Digitising a piece of work doesn't mean there will be no mistakes, but instead guarantees that when mistakes happen, they'll run at a massive scale. The next time you bang your head against a digital wall, the stories in this book will help you understand better what's going on and show you where to look for problems. If nothing else, when it seems as if you're under a black-magic spell, these stories will at least allow you to see the lighter side of the binary chaos. For people involved in software delivery, this book will help you find more empathy for people suffering from our mistakes, and discover heuristics to use during analysis, development or testing to make your software less error prone. <
Web Hacking 101
Peter Yaworski
With few exceptions, existing books are overly technical, only dedicate a single chapter to website vulnerabilities or don't include any real world examples. This book is different.Using publicly disclosed vulnerabilities, Web Hacking 101 explains common web vulnerabilities and will show you how to start finding vulnerabilities and collecting bounties. With over 30 examples, the book covers topics like:HTML InjectionCross site scripting (XSS)Cross site request forgery (CSRF)Open RedirectsRemote Code Execution (RCE)Application Logicand more...Each example includes a classification of the attack, a report link, the bounty paid, easy to understand description and key takeaways. After reading this book, your eyes will be opened to the wide array of vulnerabilities that exist and you'll likely never look at a website or API the same way.
The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws
Dafydd Stuttard - 2007
The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications. The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results.The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias "PortSwigger," Dafydd developed the popular Burp Suite of web application hack tools.
The Art of Software Testing
Glenford J. Myers - 1979
You'll find the latest methodologies for the design of effective test cases, including information on psychological and economic principles, managerial aspects, test tools, high-order testing, code inspections, and debugging. Accessible, comprehensive, and always practical, this edition provides the key information you need to test successfully, whether a novice or a working programmer. Buy your copy today and end up with fewer bugs tomorrow.
Windows 10: The Missing Manual
David Pogue - 2015
Windows 10 (a free update to users of Windows 8 or Windows 7) fixes a number of the problems introduced by the revolution in Windows 8 and offers plenty of new features, such as the new Spartan web browser, Cortana voice-activated "personal assistant," new universal apps (that run on tablet, phone, and computer), and more. But to really get the most out of the new operating system, you're going to need a guide.Thankfully, Windows 10: The Missing Manual will be there to help. Like its predecessors, this book from the founder of Yahoo Tech, previous New York Times columnist, bestselling author, and Missing Manuals creator David Pogue illuminates its subject with technical insight, plenty of wit, and hardnosed objectivity for beginners, veteran standalone PC users, new tablet owners, and those who know their way around a network.
Exploring CQRS and Event Sourcing
Dominic Betts - 2012
It presents a learning journey, not definitive guidance. It describes the experiences of a development team with no prior CQRS proficiency in building, deploying (to Windows Azure), and maintaining a sample real-world, complex, enterprise system to showcase various CQRS and ES concepts, challenges, and techniques.The development team did not work in isolation; we actively sought input from industry experts and from a wide group of advisors to ensure that the guidance is both detailed and practical.The CQRS pattern and event sourcing are not mere simplistic solutions to the problems associated with large-scale, distributed systems. By providing you with both a working application and written guidance, we expect you’ll be well prepared to embark on your own CQRS journey.
Sun Certified Programmer & Developer for Java 2 Study Guide (Exam 310-035 & 310-027)
Kathy Sierra - 2002
More than 250 challenging practice questions have been completely revised to closely model the format, tone, topics, and difficulty of the real exam. An integrated study system based on proven pedagogy, exam coverage includes step-by-step exercises, special Exam Watch notes, On-the-Job elements, and Self Tests with in-depth answer explanations to help reinforce and teach practical skills.Praise for the author:"Finally A Java certification book that explains everything clearly. All you need to pass the exam is in this book."--Solveig Haugland, Technical Trainer and Former Sun Course Developer"Who better to write a Java study guide than Kathy Sierra, the reigning queen of Java instruction? Kathy Sierra has done it again--here is a study guide that almost guarantees you a certification "--James Cubeta, Systems Engineer, SGI"The thing I appreciate most about Kathy is her quest to make us all remember that we are teaching people and not just lecturing about Java. Her passion and desire for the highest quality education that meets the needs of the individual student is positively unparalleled at SunEd. Undoubtedly there are hundreds of students who have benefited from taking Kathy's classes."--Victor Peters, founder Next Step Education & Software Sun Certified Java Instructor"I want to thank Kathy for the EXCELLENT Study Guide. The book is well written, every concept is clearly explained using a real life example, and the book states what you specifically need to know for the exam. The way it's written, you feel that you're in a classroom and someone is actually teaching you the difficult concepts, but not in a dry, formal manner. The questions at the end of the chapters are also REALLY good, and I am sure they will help candidates pass the test. Watch out for this Wickedly Smart book."-Alfred Raouf, Web Solution Developer, Kemety.Net"The Sun Certification exam was certainly no walk in the park but Kathy's material allowed me to not only pass the exam, but Ace it "--Mary Whetsel, Sr. Technology Specialist, Application Strategy and Integration, The St. Paul Companies