From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, this book suits all levels of security and networking professionals. A 42-page reference guide documents every Nmap feature and option, while the rest of the book demonstrates how to apply those features to quickly solve real-world tasks. Examples and diagrams show actual communication on the wire. Topics include subverting firewalls and intrusion detection systems, optimizing Nmap performance, and automating common networking tasks with the Nmap Scripting Engine. Hints and instructions are provided for common uses such as taking network inventory, penetration testing, detecting rogue wireless access points, and quashing network worm outbreaks. Nmap runs on Windows, Linux, and Mac OS X.Nmap's original author, Gordon "Fyodor" Lyon, wrote this book to share everything he has learned about network scanning during more than 11 years of Nmap development. Visit http: //nmap.org/book for more information and sample chapters.

    Each idiom comes with a detailed description, example code showing the "wrong" way to do it, and code for the idiomatic, "Pythonic" alternative. *This version of the book is for Python 2.7.3+. There is also a Python 3.3+ version available.* "Writing Idiomatic Python" contains the most common and important Python idioms in a format that maximizes identification and understanding. Each idiom is presented as a recommendation to write some commonly used piece of code. It is followed by an explanation of why the idiom is important. It also contains two code samples: the "Harmful" way to write it and the "Idiomatic" way. * The "Harmful" way helps you identify the idiom in your own code. * The "Idiomatic" way shows you how to easily translate that code into idiomatic Python. This book is perfect for you: * If you're coming to Python from another programming language * If you're learning Python as a first programming language * If you're looking to increase the readability, maintainability, and correctness of your Python code What is "Idiomatic" Python? Every programming language has its own idioms. Programming language idioms are nothing more than the generally accepted way of writing a certain piece of code. Consistently writing idiomatic code has a number of important benefits: * Others can read and understand your code easily * Others can maintain and enhance your code with minimal effort * Your code will contain fewer bugs * Your code will teach others to write correct code without any effort on your part

    Using sample charts, graphics, case studies, and war stories, Yankee Group Security Expert Andrew Jaquith demonstrates exactly how to establish effective metrics based on your organization's unique requirements. You'll discover how to quantify hard-to-measure security activities, compile and analyze all relevant data, identify strengths and weaknesses, set cost-effective priorities for improvement, and craft compelling messages for senior management. Security Metrics successfully bridges management's quantitative viewpoint with the nuts-and-bolts approach typically taken by security professionals. It brings together expert solutions drawn from Jaquith's extensive consulting work in the software, aerospace, and financial services industries, including new metrics presented nowhere else. You'll learn how to: - Replace nonstop crisis response with a systematic approach to security improvement - Understand the differences between "good" and "bad" metrics - Measure coverage and control, vulnerability management, password quality, patch latency, benchmark scoring, and business-adjusted risk - Quantify the effectiveness of security acquisition, implementation, and other program activities - Organize, aggregate, and analyze your data to bring out key insights - Use visualization to understand and communicate security issues more clearly - Capture valuable data from firewalls and antivirus logs, third-party auditor reports, and other resources - Implement balanced scorecards that present compact, holistic views of organizational security effectiveness Whether you're an engineer or consultant responsible for security and reporting to management-or an executive who needs better information for decision-making-Security Metrics is the resource you have been searching for. Andrew Jaquith, program manager for Yankee Group's Security Solutions and Services Decision Service, advises enterprise clients on prioritizing and managing security resources. He also helps security vendors develop product, service, and go-to-market strategies for reaching enterprise customers. He co-founded @stake, Inc., a security consulting pioneer acquired by Symantec Corporation in 2004. His application security and metrics research has been featured in CIO, CSO, InformationWeek, IEEE Security and Privacy, and The Economist. Foreword Preface Acknowledgments About the Author Chapter 1 Introduction: Escaping the Hamster Wheel of Pain Chapter 2 Defining Security Metrics Chapter 3 Diagnosing Problems and Measuring Technical Security Chapter 4 Measuring Program Effectiveness Chapter 5 Analysis Techniques Chapter 6 Visualization Chapter 7 Automating Metrics Calculations Chapter 8 Designing Security Scorecards Index

    He includes information on Java Platform Standard Edition 6 (Java SE 6) and offers complete coverage of the Java language, its syntax, keywords, and fundamental programming principles.

    100% complete coverage of all objectives for exam RH302 Exam Readiness Checklist at the front of the book--you're ready for the exam when all objectives on the list are checked off Inside the Exam sections in every chapter highlight key exam topics covered Real-world exercises modeled after hands-on exam scenarios Two complete lab-based exams simulate the format, tone, topics, and difficulty of the real exam Bonus content (available for download) includes installation screen review, basic instructions for using VMware and Xen as testbeds, and paper and pencil versions of the lab exams Covers all RH302 exam topics, including: Hardware installation and configuration The boot process Linux filesystem administration Package management and Kickstart User and group administration System administration tools Kernel services and configuration Apache and Squid Network file sharing services (NFS, FTP, and Samba) Domain Name System (DNS) E-mail (servers and clients) Extended Internet Services Daemon (xinetd), the Secure package, and DHCP The X Window System Firewalls, SELinux, and troubleshooting

    This practical introduction illuminates new features and capabilities, with scenarios demonstrating how the platform can meet the needs of your business.Based on beta software, this book provides the early, high-level information you need to begin preparing now for deployment and management. Topics include:Virtualization and cloud solutions Availability Provisioning and storage management Security and scalability Infrastructure options Server administration

    Criminals succeed by exercising enormous creativity, and those defending against them must do the same.Beautiful Security explores this challenging subject with insightful essays and analysis on topics that include:The underground economy for personal information: how it works, the relationships among criminals, and some of the new ways they pounce on their prey How social networking, cloud computing, and other popular trends help or hurt our online security How metrics, requirements gathering, design, and law can take security to a higher level The real, little-publicized history of PGP This book includes contributions from:Peiter "Mudge" Zatko Jim Stickley Elizabeth Nichols Chenxi Wang Ed Bellis Ben Edelman Phil Zimmermann and Jon Callas Kathy Wang Mark Curphey John McManus James Routh Randy V. Sabett Anton Chuvakin Grant Geyer and Brian Dunphy Peter Wayner Michael Wood and Fernando Francisco All royalties will be donated to the Internet Engineering Task Force (IETF).

    It details the core protocols that make TCP/IP internetworks function, and the most important classical TCP/IP applications. Its personal, easy-going writing style lets anyone understand the dozens of protocols and technologies that run the Internet, with full coverage of PPP, ARP, IP, IPv6, IP NAT, IPSec, Mobile IP, ICMP, RIP, BGP, TCP, UDP, DNS, DHCP, SNMP, FTP, SMTP, NNTP, HTTP, Telnet and much more. The author offers not only a detailed view of the TCP/IP protocol suite, but also describes networking fundamentals and the important OSI Reference Model.

    As a professional C++ developer and former Harvard teaching fellow, I know what you need to know to be a great C++ programmer, and I know how to teach it, one step at a time. I know where people struggle, and why, and how to make it clear. I cover every step of the programming process, including:Getting the tools you need to program and how to use them*Basic language feature like variables, loops and functions*How to go from an idea to code*A clear, understandable explanation of pointers*Strings, file IO, arrays, references*Classes and advanced class design*C++-specific programming patterns*Object oriented programming*Data structures and the standard template library (STL)Key concepts are reinforced with quizzes and over 75 practice problems.

    It has made countless new businesses possible and presents a massive opportunity for large enterprises to innovate like startups and retire decades of technical debt. But making the most of the cloud requires much more from enterprises than just a technology change. Stephen Orban led Dow Jones’s journey toward digital agility as their CIO and now leads AWS’s Enterprise Strategy function, where he helps leaders from the largest companies in the world transform their businesses. As he demonstrates in this book, enterprises must re-train their people, evolve their processes, and transform their cultures as they move to the cloud. By bringing together his experiences and those of a number of business leaders, Orban shines a light on what works, what doesn’t, and how enterprises can transform themselves using the cloud.

    With this concise book, you will learn how to use the latest version of this W3C standard to retrieve and manipulate the increasing amount of public and private data available via SPARQL endpoints. Several open source and commercial tools already support SPARQL, and this introduction gets you started right away.Begin with how to write and run simple SPARQL 1.1 queries, then dive into the language's powerful features and capabilities for manipulating the data you retrieve. Learn what you need to know to add to, update, and delete data in RDF datasets, and give web applications access to this data.Understand SPARQL’s connection with RDF, the semantic web, and related specificationsQuery and combine data from local and remote sourcesCopy, convert, and create new RDF dataLearn how datatype metadata, standardized functions, and extension functions contribute to your queriesIncorporate SPARQL queries into web-based applications

    Today, Rails developers and architects need better ways to interface with legacy systems, move into the cloud, and scale to handle higher volumes and greater complexity. In Service-Oriented Design with Ruby and Rails Paul Dix introduces a powerful, services-based design approach geared toward overcoming all these challenges. Using Dix's techniques, readers can leverage the full benefits of both Ruby and Rails, while overcoming the difficulties of working with larger codebases and teams. Dix demonstrates how to integrate multiple components within an enterprise application stack; create services that can easily grow and connect; and design systems that are easier to maintain and upgrade. Key concepts are explained with detailed Ruby code built using open source libraries such as ActiveRecord, Sinatra, Nokogiri, and Typhoeus. The book concludes with coverage of security, scaling, messaging, and interfacing with third-party services. Service-Oriented Design with Ruby and Rails will help you Build highly scalable, Ruby-based service architectures that operate smoothly in the cloud or with legacy systems Scale Rails systems to handle more requests, larger development teams, and more complex code bases Master new best practices for designing and creating services in Ruby Use Ruby to glue together services written in any language Use Ruby libraries to build and consume RESTful Web services Use Ruby JSON parsers to quickly represent resources from HTTP services Write lightweight, well-designed API wrappers around internal or external services Discover powerful non-Rails frameworks that simplify Ruby service implementation Implement standards-based enterprise messaging with Advanced Message Queuing Protocol (AMQP) Optimize performance with load balancing and caching Provide for security and authentication

     The 3D Printing Handbook provides practical advice on selecting the right technology and how-to design for 3D printing, based upon first-hand experience from the industry’s leading experts. In this book: The mechanisms behind all major 3D printing technologies The benefits and limitations of each technology Decision making tools for technology selection Actionable design advice and guidelines Industry case studies from world-leading brands

    The meaning of the business process diagram is the same, regardless of the tool used to create it. But creating models that are correct, complete, and clear demands more than a dictionary of BPMN shapes and symbols. It also requires a methodology for translating process logic consistently into the diagram. And it requires a measure of modeling style as well, conventions that ensure that the process logic is unambiguous from the diagram by itself. In short, "good BPMN" requires a disciplined approach called "method and style."In this book, Bruce Silver explains which BPMN elements process modelers need to understand, in two levels, including exactly where and how to use each element. Level 1 (the Descriptive modeling subclass of BPMN 2.0) is a palette of shapes and symbols largely carried over from traditional flowcharting. Level 2 (the Analytic subclass) expands the palette to be able to describe event-triggered behavior, critical to modeling exception handling.The book explains the real meaning of BPMN's most basic concepts - like activity, process, and end state - essential to using the language correctly, and provides a step-by-step methodology for going from a blank page to a complete end-to-end BPMN model, developed from the top down in a hierarchical structure. From the top-level diagram you can see on a single page exactly how the process starts, its possible end states, what the instance represents, and communications with the Customer, service providers, and other processes. From there you can drill down to see the details of any part of the process. Thie popular first edition of this book was published in 2009 based on the draft BPMN 2.0 specification. This second edition is based on the final BPMN 2.0 specification. Although the diagram elements have changed little since the first edition, both the methodology and style sections have been completely rewritten.The second half of the book, the BPMN Implementer's Guide, is completely new. It puts the focus on the XML serialization of the diagram, for both non-executable and executable process models. It details the BPMN 2.0 metamodel and XML Schema, and describes the BPMN-I Profile, a set of serialization rules that facilitate interchange of BPMN models in the Analytic subclass between tools. It also explains how BPMN 2.0 describes execution-related details, such as process data and data mapping, services, messages, and human task assignment, illustrated with an example executable process created in Bonita Open Solution. It concludes with guidelines for implementers on how to align executable design with business-oriented top-down process modeling.The book is lavishly illustrated with over 100 BPMN diagrams, and the BPMN Implementer's Guide section contains many XML examples as well.Bruce Silver is the leading provider of BPMN training and certification. He has been providing BPMN training since early 2007 and is regarded as an authority in the field.