Zero Trust Networks: Building Secure Systems in Untrusted Networks


Evan Gilman - 2017
    Hosts behind the firewall have no defenses of their own, so when a host in the trusted zone is breached, access to your data center is not far behind. This practical book introduces you to the zero trust model, a method that treats all hosts as if they're internet-facing, and considers the entire network to be compromised and hostile.Authors Evan Gilman and Doug Barth show you how zero trust lets you focus on building strong authentication, authorization, and encryption throughout, while providing compartmentalized access and better operational agility. You'll learn the architecture of a zero trust network, including how to build one using currently available technology.Understand how the zero trust model embeds security within the system's operation, rather than layering it on topExamine the fundamental concepts at play in a zero trust network, including network agents and trust enginesUse existing technology to establish trust among the actors in a networkLearn how to migrate from a perimeter-based network to a zero trust network in productionExplore case studies of zero trust on the client side (Google) and on the server (PagerDuty)

The Practice of Network Security Monitoring: Understanding Incident Detection and Response


Richard Bejtlich - 2013
    The most effective computer security strategies integrate network security monitoring (NSM): the collection and analysis of data to help you detect and respond to intrusions.In The Practice of Network Security Monitoring, Mandiant CSO Richard Bejtlich shows you how to use NSM to add a robust layer of protection around your networks — no prior experience required. To help you avoid costly and inflexible solutions, he teaches you how to deploy, build, and run an NSM operation using open source software and vendor-neutral tools.You'll learn how to:Determine where to deploy NSM platforms, and size them for the monitored networks Deploy stand-alone or distributed NSM installations Use command line and graphical packet analysis tools, and NSM consoles Interpret network evidence from server-side and client-side intrusions Integrate threat intelligence into NSM software to identify sophisticated adversaries There's no foolproof way to keep attackers out of your network. But when they get in, you'll be prepared. The Practice of Network Security Monitoring will show you how to build a security net to detect, contain, and control them. Attacks are inevitable, but losing sensitive data shouldn't be.

Hacker's Delight


Henry S. Warren Jr. - 2002
    Aiming to tell the dark secrets of computer arithmetic, this title is suitable for library developers, compiler writers, and lovers of elegant hacks.

Stealing the Network: How to Own an Identity


Raven Alder - 2005
    Now, the criminal hackers readers have grown to both love and hate try to cover their tracks and vanish into thin air... Stealing the Network: How to Own an Identity is the 3rd book in the Stealing series, and continues in the tradition created by its predecessors by delivering real-world network attack methodologies and hacking techniques within a context of unique and original fictional accounts created by some of the world's leading security professionals and computer technologists. The seminal works in TechnoFiction, this STN collection yet again breaks new ground by casting light upon the mechanics and methods used by those lurking on the darker side of the Internet, engaging in the fastest growing crime in the world: Identity theft.Cast upon a backdrop of Evasion, surviving characters from How to Own a Continent find themselves on the run, fleeing from both authority and adversary, now using their technical prowess in a way they never expected--to survive.

The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities


Mark Dowd - 2006
    Drawing on their extraordinary experience, they introduce a start-to-finish methodology for "ripping apart" applications to reveal even the most subtle and well-hidden security flaws.

Building Microservices: Designing Fine-Grained Systems


Sam Newman - 2014
    But developing these systems brings its own set of headaches. With lots of examples and practical advice, this book takes a holistic view of the topics that system architects and administrators must consider when building, managing, and evolving microservice architectures.Microservice technologies are moving quickly. Author Sam Newman provides you with a firm grounding in the concepts while diving into current solutions for modeling, integrating, testing, deploying, and monitoring your own autonomous services. You'll follow a fictional company throughout the book to learn how building a microservice architecture affects a single domain.Discover how microservices allow you to align your system design with your organization's goalsLearn options for integrating a service with the rest of your systemTake an incremental approach when splitting monolithic codebasesDeploy individual microservices through continuous integrationExamine the complexities of testing and monitoring distributed servicesManage security with user-to-service and service-to-service modelsUnderstand the challenges of scaling microservice architectures

Kubernetes: Up & Running


Kelsey Hightower - 2016
    How's that possible? Google revealed the secret through a project called Kubernetes, an open source cluster orchestrator (based on its internal Borg system) that radically simplifies the task of building, deploying, and maintaining scalable distributed systems in the cloud. This practical guide shows you how Kubernetes and container technology can help you achieve new levels of velocity, agility, reliability, and efficiency.Authors Kelsey Hightower, Brendan Burns, and Joe Beda--who've worked on Kubernetes at Google--explain how this system fits into the lifecycle of a distributed application. You will learn how to use tools and APIs to automate scalable distributed systems, whether it is for online services, machine-learning applications, or a cluster of Raspberry Pi computers.Explore the distributed system challenges that Kubernetes addressesDive into containerized application development, using containers such as DockerCreate and run containers on Kubernetes, using Docker's Image format and container runtimeExplore specialized objects essential for running applications in productionReliably roll out new software versions without downtime or errorsGet examples of how to develop and deploy real-world applications in Kubernetes

The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security in Technology Organizations


Gene Kim - 2015
    For decades, technology leaders have struggled to balance agility, reliability, and security. The consequences of failure have never been greater whether it's the healthcare.gov debacle, cardholder data breaches, or missing the boat with Big Data in the cloud.And yet, high performers using DevOps principles, such as Google, Amazon, Facebook, Etsy, and Netflix, are routinely and reliably deploying code into production hundreds, or even thousands, of times per day.Following in the footsteps of The Phoenix Project, The DevOps Handbook shows leaders how to replicate these incredible outcomes, by showing how to integrate Product Management, Development, QA, IT Operations, and Information Security to elevate your company and win in the marketplace."Table of contentsPrefaceSpreading the Aha! MomentIntroductionPART I: THE THREE WAYS1. Agile, continuous delivery and the three ways2. The First Way: The Principles of Flow3. The Second Way: The Principle of Feedback4. The Third Way: The Principles of Continual LearningPART II: WHERE TO START5. Selecting which value stream to start with6. Understanding the work in our value stream…7. How to design our organization and architecture8. How to get great outcomes by integrating operations into the daily work for developmentPART III: THE FIRST WAY: THE TECHNICAL PRACTICES OF FLOW9. Create the foundations of our deployment pipeline10. Enable fast and reliable automated testing11. Enable and practice continuous integration12. Automate and enable low-risk releases13. Architect for low-risk releasesPART IV: THE SECOND WAY: THE TECHNICAL PRACTICES OF FEEDBACK14*. Create telemetry to enable seeing abd solving problems15. Analyze telemetry to better anticipate problems16. Enable feedbackso development and operation can safely deploy code17. Integrate hypothesis-driven development and A/B testing into our daily work18. Create review and coordination processes to increase quality of our current workPART V: THE THRID WAY: THE TECHNICAL PRACTICES OF CONTINUAL LEARNING19. Enable and inject learning into daily work20. Convert local discoveries into global improvements21. Reserve time to create organizational learning22. Information security as everyone’s job, every day23. Protecting the deployment pipelinePART VI: CONCLUSIONA call to actionConclusion to the DevOps HandbookAPPENDICES1. The convergence of Devops2. The theory of constraints and core chronic conflicts3. Tabular form of downward spiral4. The dangers of handoffs and queues5. Myths of industrial safety6. The Toyota Andon Cord7. COTS Software8. Post-mortem meetings9. The Simian Army10. Transparent uptimeAdditional ResourcesEndnotes

AWS Well-Architected Framework (AWS Whitepaper)


Amazon Web Services - 2015
    By using the Framework you will learn architectural best practices for designing and operating reliable, secure, efficient, and cost-effective systems in the cloud.

Get Your Hands Dirty on Clean Architecture: A hands-on guide to creating clean web applications with code examples in Java


Tom Hombergs - 2019
    

Kubernetes Patterns: Reusable Elements for Designing Cloud-Native Applications


Bilgin Ibryam - 2019
    These modern architectures use new primitives that require a different set of practices than most developers, tech leads, and architects are accustomed to. With this focused guide, Bilgin Ibryam and Roland Huß from Red Hat provide common reusable elements, patterns, principles, and practices for designing and implementing cloud-native applications on Kubernetes.Each pattern includes a description of the problem and a proposed solution with Kubernetes specifics. Many patterns are also backed by concrete code examples. This book is ideal for developers already familiar with basic Kubernetes concepts who want to learn common cloud-native patterns.You'll learn about the following pattern categories:Foundational patterns cover the core principles and practices for building container-based cloud-native applications.Behavioral patterns explore finer-grained concepts for managing various types of container and platform interactions.Structural patterns help you organize containers within a pod, the atom of the Kubernetes platform.Configuration patterns provide insight into how application configurations can be handled in Kubernetes.Advanced patterns cover more advanced topics such as extending the platform with operators.

Professional ASP.NET MVC 4


Jon Galloway - 2012
    Experienced .NET and ASP.NET developers will find all the important information they need to build dynamic, data-driven websites with ASP.NET and the newest release of Microsoft's Model-View-Controller technology. Featuring step-by-step guidance and lots of code samples, this guide gets you started and moves all the way to advanced topics, using plenty of examples.Designed to give experienced .NET and ASP.NET programmers everything needed to work with the newest version of MVC technology Expert author team includes Microsoft ASP.NET MVC insiders as well as leaders of the programming community Covers controllers, views, models, forms and HTML helpers, data annotation and validation, membership, authorization, security, and routing Includes essential topics such as Ajax and jQuery, NuGet, dependency injection, unit testing, extending MVC, and Razor Includes additional real-world coverage requested by readers of the previous edition as well as a new case study example chapter

The Deadline: A Novel about Project Management


Tom DeMarco - 1997
    Rizzoli- Ex-General Markov- Abdul Jamid- The Sinister Minister Belok- The Numbers Man- QuickerStill- Morovia's First Programmer- Think Fast!- Planning for the Summer Games- The Guru of Conflict Resolution- Maestro Diyeniar- Interlude- Part and Whole- Standing on Ceremony- Endgame Begins- The Year's Hottest IPO- Passing Through Riga on the Way Home

Designing Distributed Systems: Patterns and Paradigms for Scalable, Reliable Services


Brendan Burns - 2018
    Building these systems is complicated and, because few formally established patterns are available for designing them, most of these systems end up looking very unique. This practical guide shows you how to use existing software design patterns for designing and building reliable distributed applications.Although patterns such as those developed more than 20 years ago by the Gang of Four were largely restricted to running on single machines, author Brendan Burns--a Partner Architect in Microsoft Azure--demonstrates how you can reuse several of them in modern distributed applications.Systems engineers and application developers will learn how these patterns provide a common language and framework for dramatically increasing the quality of your system.

Composing Software


Eric Elliott - 2018
    Most developers have a limited understanding of compositional techniques. It's time for that to change.In "Composing Software", Eric Elliott shares the fundamentals of composition, including both function composition and object composition, and explores them in the context of JavaScript. The book covers the foundations of both functional programming and object oriented programming to help the reader better understand how to build and structure complex applications using simple building blocks.You'll learn: • Functional programming • Object composition • How to work with composite data structures • Closures • Higher order functions • Functors (e.g., array.map) • Monads (e.g., promises) • Transducers • LensesAll of this in the context of JavaScript, the most used programming language in the world. But the learning doesn't stop at JavaScript. You'll be able to apply these lessons to any language. This book is about the timeless principles of software composition and its lessons will outlast the hot languages and frameworks of today. Unlike most programming books, this one may still be relevant 20 years from now.This book began life as a popular blog post series that attracted hundreds of thousands of readers and influenced the way software is built at many high growth tech startups and fortune 500 companies.