You need to assume it will run in the most hostile environments imaginable -- and design, code, and test accordingly. Writing Secure Code, Second Edition shows you how. This edition draws on the lessons learned and taught throughout Microsoft during the firm s massive 2002 Windows Security Push. It s a huge upgrade to the respected First Edition, with new coverage across the board. Michael Howard and David LeBlanc first help you define what security means to your customers -- and implement a three-pronged strategy for securing design, defaults, and deployment. There s especially useful coverage of threat modeling -- decomposing your application, identifying threats, ranking them, and mitigating them. Then, it s on to in-depth coverage of today s key security issues from the developer s standpoint. Everyone knows buffer overruns are bad: Here s a full chapter on avoiding them. You ll learn how to establish appropriate access controls and default to running with least privilege. There s detailed coverage of overcoming attacks on cryptography (for example, avoiding poor random numbers and bit-flipping attacks). You ll learn countermeasures for virtually every form of user input attack, from malicious database updates to cross-site scripting. We ve just scratched the surface: There are authoritative techniques for securing sockets and RPC, protecting against DOS attacks, building safer .NET applications, reviewing and testing code, adding privacy features, and even writing high-quality security documentation. Following these techniques won t just improve security -- it ll dramatically improve robustness and reliability, too. Bill CamardaBill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.

    In the second edition of Network Security, this most distinguished of author teams draws on hard-won experience to explain every facet of information security, from the basics to advanced cryptography and authentication; secure Web and email services; and emerging security standards. Highlights of the book's extensive new coverage include Advanced Encryption Standard (AES), IPsec, SSL, PKI Standards, and Web security.

    It combines the productivity and expressivity of Ruby with the concurrency and fault-tolerance of Erlang. Elixir makes full use of Erlang's powerful OTP library, which many developers consider the source of Erlang's greatness, so you can have mature, professional-quality functionality right out of the gate. Elixir's support for functional programming makes it a great choice for highly distributed event-driven applications like IoT systems.The Little Elixir & OTP Guidebook gets you started programming applications with Elixir and OTP. You begin with a quick overview of the Elixir language syntax, along with just enough functional programming to use it effectively. Then, you'll dive straight into OTP and learn how it helps you build scalable, fault-tolerant and distributed applications through several fun examples. Come rediscover the joy of programming with Elixir and remember how it feels like to be a beginner again.

    The exam is designed to ensure that someone who is handling computer security in a company has a standardized body of knowledge. The book is composed of 10 domains of the Common Body of Knowledge. In each section, it defines each domain. It also provides tips on how to prepare for the exam and take the exam. It also contains CISSP practice quizzes to test ones knowledge. The first domain provides information about risk analysis and mitigation. It also discusses security governance. The second domain discusses different techniques for access control, which is the basis for all the security disciplines. The third domain explains the concepts behind cryptography, which is a secure way of communicating that is understood only by certain recipients. Domain 5 discusses security system design, which is fundamental for operating the system and software security components. Domain 6 is a critical domain in the Common Body of Knowledge, the Business Continuity Planning, and Disaster Recovery Planning. It is the final control against extreme events such as injury, loss of life, or failure of an organization. Domains 7, 8, and 9 discuss telecommunications and network security, application development security, and the operations domain, respectively. Domain 10 focuses on the major legal systems that provide a framework in determining the laws about information system.

    . . . Put this one on your must-have list if you have software, love software, hate programmers, or even ARE a programmer, because Mr. Platt (who teaches programming) has set out to puncture the bloated egos of all those who think that just because they can write a program, they can make it easy to use. . . . This book is funny, but it is also an important wake-up call for software companies that want to reduce the size of their customer support bills. If you were ever stuck for an answer to the question, 'Why do good programmers make such awful software?' this book holds the answer."--John McCormick, Locksmith columnist, TechRepublic.com "I must say first, I don't get many computing manuscripts that make me laugh out loud. Between the laughs, Dave Platt delivers some very interesting insight and perspective, all in a lucid and engaging style. I don't get much of that either!"--Henry Leitner, assistant dean for information technology andsenior lecturer on computer science, Harvard University "A riotous book for all of us downtrodden computer users, written in language that we understand."--Stacy Baratelli, author's barber "David's unique take on the problems that bedevil software creation made me think about the process in new ways. If you care about the quality of the software you create or use, read this book."--Dave Chappell, principal, Chappell & Associates "I began to read it in my office but stopped before I reached the bottom of the first page. I couldn't keep a grin off my face! I'll enjoy it after I go back home and find a safe place to read."--Tsukasa Makino, IT manager "David explains, in terms that my mother-in-law can understand, why the software we use today can be so frustrating, even dangerous at times, and gives us some real ideas on what we can do about it."--Jim Brosseau, Clarrus Consulting Group, Inc. A Book for Anyone Who Uses a Computer Today...and Just Wants to Scream! Today's software sucks. There's no other good way to say it. It's unsafe, allowing criminal programs to creep through the Internet wires into our very bedrooms. It's unreliable, crashing when we need it most, wiping out hours or days of work with no way to get it back. And it's hard to use, requiring large amounts of head-banging to figure out the simplest operations.It's no secret that software sucks. You know that from personal experience, whether you use computers for work or personal tasks. In this book, programming insider David Platt explains why that's the case and, more importantly, why it doesn't have to be that way. And he explains it in plain, jargon-free English that's a joy to read, using real-world examples with which you're already familiar. In the end, he suggests what you, as a typical user, without a technical background, can do about this sad state of our software--how you, as an informed consumer, don't have to take the abuse that bad software dishes out.As you might expect from the book's title, Dave's expose is laced with humor--sometimes outrageous, but always dead on. You'll laugh out loud as you recall incidents with your own software that made you cry. You'll slap your thigh with the same hand that so often pounded your computer desk and wished it was a bad programmer's face. But Dave hasn't written this book just for laughs. He's written it to give long-overdue voice to your own discovery--that software does, indeed, suck, but it shouldn't.

    

    The High Level Assembler (HLA) that accompanies the book is the first assembler that allows you to write portable assembly language programs that run under either Linux or Windows with nothing more than a recompile. The CD-ROM includes the HLA and the HLA Standard Library, all the source code from the book, and over 50,000 lines of additional sample code, all well-documented and tested. The code compiles and runs as-is under Windows and Linux.

    Though an increasing number of criminals are using computers and computer networks, few investigators are well-versed in the evidentiary, technical, and legal issues related to digital evidence. As a result, digital evidence is often overlooked, collected incorrectly, and analyzed ineffectively. The aim of this hands-on resource is to educate students and professionals in the law enforcement, forensic science, computer security, and legal communities about digital evidence and computer crime. This work explains how computers and networks function, how they can be involved in crimes, and how they can be used as a source of evidence. As well as gaining a practical understanding of how computers and networks function and how they can be used as evidence of a crime, readers will learn about relevant legal issues and will be introduced to deductive criminal profiling, a systematic approach to focusing an investigation and understanding criminal motivations. Readers will receive access to the author's accompanying Web site which contains simulated cases that integrate many of the topics covered in the text. Frequently updated, these cases teaching individuals about: • Components of computer networks • Use of computer networks in an investigation • Abuse of computer networks • Privacy and security issues on computer networks • The law as it applies to computer networks• Provides a thorough explanation of how computers and networks function, how they can be involved in crimes, and how they can be used as a source of evidence • Offers readers information about relevant legal issues • Features coverage of the abuse of computer networks and privacy and security issues on computer networks• Free unlimited access to author's Web site which includes numerous and frequently updated case examples

    It combines the nice features of a scripting language with the powerful features of a production environment—features like persistent data structures and clean multithreading that you'll need for industrial-strength application development.The Joy of Clojure goes beyond just syntax to show you how to write fluent and idiomatic Clojure code. You'll learn a functional approach to programming and will master Lisp techniques that make Clojure so elegant and efficient. The book gives you easy access to hard soft ware areas like concurrency, interoperability, and performance. And it shows you how great it can be to think about problems the Clojure way. Purchase of the print book comes with an offer of a free PDF, ePub, and Kindle eBook from Manning. Also available is all code from the book. What's InsideThe what and why of ClojureHow to work with macrosHow to do elegant application designFunctional programming idiomsWritten for programmers coming to Clojure from another programming background—no prior experience with Clojure or Lisp is required.

    In the Mastering Emacs ebook you will learn the answers to all the concepts that take weeks, months or even years to truly learn, all in one place.“Emacs is such a hard editor to learn”But why is it so hard to learn? As it turns out, it's almost always the same handful of issues that everyone faces.If you have tried to learn Emacs you will have struggled with the same problems everyone faces, and few tutorials to see you through it.I have dedicated the first half of the book to explaining the essence of Emacs — and in doing so, how to overcome these issues:Memorizing Emacs’s keys: You will learn Emacs one key at a time, starting with the arrow keys. To feel productive in Emacs, it’s important you start on an equal footing — without too many new concepts and keys to memorize. Each chapter will introduce more keys and concepts so you can learn at your own pace. Discovering new modes and features: Emacs is a self-documenting editor, and I will teach you how to use the apropos, info, and describe system to discover new modes and features, or help you find things you forgot! Customizing Emacs: You don’t have to learn Emacs Lisp to alter a lot of Emacs’s functionality. Most changes you want to make are possible using Emacs’s Customize interface and I will show you how to use it efficiently. Understanding the terminology: Emacs is so old it predates almost every other editor and all modern user interfaces. I have an entire chapter dedicated to the unique terminology in Emacs; how it is different from other editors, and what that means to you.

    The aim of The Node Beginner Book is to get you started with developing applications for Node.js, teaching you everything you need to know about advanced JavaScript along the way on 59 pages.

    Mastering Algorithms with C offers you a unique combination of theoretical background and working code. With robust solutions for everyday programming tasks, this book avoids the abstract style of most classic data structures and algorithms texts, but still provides all of the information you need to understand the purpose and use of common programming techniques.Implementations, as well as interesting, real-world examples of each data structure and algorithm, are included.Using both a programming style and a writing style that are exceptionally clean, Kyle Loudon shows you how to use such essential data structures as lists, stacks, queues, sets, trees, heaps, priority queues, and graphs. He explains how to use algorithms for sorting, searching, numerical analysis, data compression, data encryption, common graph problems, and computational geometry. And he describes the relative efficiency of all implementations. The compression and encryption chapters not only give you working code for reasonably efficient solutions, they offer explanations of concepts in an approachable manner for people who never have had the time or expertise to study them in depth.Anyone with a basic understanding of the C language can use this book. In order to provide maintainable and extendible code, an extra level of abstraction (such as pointers to functions) is used in examples where appropriate. Understanding that these techniques may be unfamiliar to some programmers, Loudon explains them clearly in the introductory chapters.Contents include:PointersRecursionAnalysis of algorithmsData structures (lists, stacks, queues, sets, hash tables, trees, heaps, priority queues, graphs)Sorting and searchingNumerical methodsData compressionData encryptionGraph algorithmsGeometric algorithms

    You'll learn how to confidently and securely build and deploy OAuth on both the client and server sides. Foreword by Ian Glazer.Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.About the TechnologyThink of OAuth 2 as the web version of a valet key. It is an HTTP-based security protocol that allows users of a service to enable applications to use that service on their behalf without handing over full control. And OAuth is used everywhere, from Facebook and Google, to startups and cloud services.About the BookOAuth 2 in Action teaches you practical use and deployment of OAuth 2 from the perspectives of a client, an authorization server, and a resource server. You'll begin with an overview of OAuth and its components and interactions. Next, you'll get hands-on and build an OAuth client, an authorization server, and a protected resource. Then you'll dig into tokens, dynamic client registration, and more advanced topics. By the end, you'll be able to confidently and securely build and deploy OAuth on both the client and server sides.What's InsideCovers OAuth 2 protocol and designAuthorization with OAuth 2OpenID Connect and User-Managed AccessImplementation risksJOSE, introspection, revocation, and registrationProtecting and accessing REST APIsAbout the ReaderReaders need basic programming skills and knowledge of HTTP and JSON.About the AuthorJustin Richer is a systems architect and software engineer. Antonio Sanso is a security software engineer and a security researcher. Both authors contribute to open standards and open source.Table of ContentsPart 1 - First stepsWhat is OAuth 2.0 and why should you care?The OAuth dance Part 2 - Building an OAuth 2 environmentBuilding a simple OAuth clientBuilding a simple OAuth protected resourceBuilding a simple OAuth authorization serverOAuth 2.0 in the real world Part 3 - OAuth 2 implementation and vulnerabilitiesCommon client vulnerabilitiesCommon protected resources vulnerabilitiesCommon authorization server vulnerabilitiesCommon OAuth token vulnerabilities Part 4 - Taking OAuth furtherOAuth tokensDynamic client registrationUser authentication with OAuth 2.0Protocols and profiles using OAuth 2.0Beyond bearer tokensSummary and conclusions

    With countless satisfied developers, tens of thousands of freely available libraries, and continual improvements to the language and its ecosystem, modern Perl development can be easy, reliable, and fun. To take advantage of the full power of Perl 5--to become a true expert, capable of solving any problem put before you--you must understand the language. Modern Perl explains Perl 5 from theory to implementation, including Perl 5.12.

    The 'CCNA Portable Command Guide' is a supplementary guide to assist network administrators in the proper use of the Cisco IOS and of the commands needed to pass the CCNA vendor exam.