The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications. The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results.The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias "PortSwigger," Dafydd developed the popular Burp Suite of web application hack tools.

    But how will these be affected once we delegate much of the responsibility for them to technology? The temptation of the digital age is to fix everything—from crime to corruption to pollution to obesity—by digitally quantifying, tracking, or gamifiying behavior. But when we change the motivations for our moral, ethical, and civic behavior, we may also change the very nature of that behavior itself. Technology, Evgeny Morozov proposes, can be a force for improvement—but only if we abandon the idea that it is necessarily revolutionary and instead genuinely interrogate what we are doing with it and what it is doing to us.From urging us to abandon monolithic ideas of “the Internet” to showing how to design more humane and democratic technological solutions, To Save Everything, Click Here is a dazzling tour of our technological future, and a searching investigation into the digital version of an enduring struggle: between man and his machines.

    When malware breaches your defenses, you need to act quickly to cure current infections and prevent future ones from occurring.For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way.You'll learn how to:Set up a safe virtual environment to analyze malware Quickly extract network signatures and host-based indicators Use key analysis tools like IDA Pro, OllyDbg, and WinDbg Overcome malware tricks like obfuscation, anti-disassembly, anti-debugging, and anti-virtual machine techniques Use your newfound knowledge of Windows internals for malware analysis Develop a methodology for unpacking malware and get practical experience with five of the most popular packers Analyze special cases of malware with shellcode, C++, and 64-bit code Hands-on labs throughout the book challenge you to practice and synthesize your skills as you dissect real malware samples, and pages of detailed dissections offer an over-the-shoulder look at how the pros do it. You'll learn how to crack open malware to see how it really works, determine what damage it has done, thoroughly clean your network, and ensure that the malware never comes back.Malware analysis is a cat-and-mouse game with rules that are constantly changing, so make sure you have the fundamentals. Whether you're tasked with securing one network or a thousand networks, or you're making a living as a malware analyst, you'll find what you need to succeed in Practical Malware Analysis.

    Admittedly, computers now play chess at the grandmaster level, but do they understand the game as we do? Can a computer eventually do everything a human mind can do? In this absorbing and frequently contentious book, Roger Penrose--eminent physicist and winner, with Stephen Hawking, of the prestigious Wolf prize--puts forward his view that there are some facets of human thinking that can never be emulated by a machine. Penrose examines what physics and mathematics can tell us about how the mind works, what they can't, and what we need to know to understand the physical processes of consciousness. He is among a growing number of physicists who think Einstein wasn't being stubborn when he said his little finger told him that quantum mechanics is incomplete, and he concludes that laws even deeper than quantum mechanics are essential for the operation of a mind. To support this contention, Penrose takes the reader on a dazzling tour that covers such topics as complex numbers, Turing machines, complexity theory, quantum mechanics, formal systems, Godel undecidability, phase spaces, Hilbert spaces, black holes, white holes, Hawking radiation, entropy, quasicrystals, the structure of the brain, and scores of other subjects. The Emperor's New Mind will appeal to anyone with a serious interest in modern physics and its relation to philosophical issues, as well as to physicists, mathematicians, philosophers and those on either side of the AI debate.

    The National Security Agency grew out of the legendary codebreaking programs of World War II that turned the tide of Allied victory by cracking the famed Enigma machine and other seemingly impenetrable German and Japanese codes. But things became murky in the postwar years, when our intelligence community found itself targeting not battlefield enemies, but suspected spies, foreign leaders, and even American citizens. Now Stephen Budiansky--a longtime expert in cryptology--tells the fascinating story of how the NSA came to be, and of its central, often fraught and controversial role in the major events of the Cold War, from the Korean War to the Cuban Missile Crisis to Vietnam and beyond. He also guides us through the fascinating challenges faced by cryptanalysts, and how they broke some of the most complicated codes of the twentieth century. A riveting, essential history of the underbelly of the Cold War.

    In How the Internet Happened, he chronicles the whole fascinating story for the first time, beginning in a dusty Illinois basement in 1993, when a group of college kids set off a once-in-an-epoch revolution with what would become the first “dotcom.”Depicting the lives of now-famous innovators like Netscape’s Marc Andreessen and Facebook’s Mark Zuckerberg, McCullough also reveals surprising quirks and unknown tales as he tracks both the technology and the culture around the internet’s rise. Cinematic in detail and unprecedented in scope, the result both enlightens and informs as it draws back the curtain on the new rhythm of disruption and innovation the internet fostered, and helps to redefine an era that changed every part of our lives.

    Did you design your system to survivef a sudden rush of visitors from Digg or Slashdot? Or an influx of real world customers from 100 different countries? Are you ready for a world filled with flakey networks, tangled databases, and impatient users?If you're a developer and don't want to be on call for 3AM for the rest of your life, this book will help.In Release It!, Michael T. Nygard shows you how to design and architect your application for the harsh realities it will face. You'll learn how to design your application for maximum uptime, performance, and return on investment.Mike explains that many problems with systems today start with the design.

    Neil Armstrong responded by switching off the automatic mode and taking direct control. He stopped monitoring the computer and began flying the spacecraft, relying on skill to land it and earning praise for a triumph of human over machine. In Digital Apollo, engineer-historian David Mindell takes this famous moment as a starting point for an exploration of the relationship between humans and computers in the Apollo program. In each of the six Apollo landings, the astronaut in command seized control from the computer and landed with his hand on the stick. Mindell recounts the story of astronauts' desire to control their spacecraft in parallel with the history of the Apollo Guidance Computer. From the early days of aviation through the birth of spaceflight, test pilots and astronauts sought to be more than "spam in a can" despite the automatic controls, digital computers, and software developed by engineers.Digital Apollo examines the design and execution of each of the six Apollo moon landings, drawing on transcripts and data telemetry from the flights, astronaut interviews, and NASA's extensive archives. Mindell's exploration of how human pilots and automated systems worked together to achieve the ultimate in flight -- a lunar landing -- traces and reframes the debate over the future of humans and automation in space. The results have implications for any venture in which human roles seem threatened by automated systems, whether it is the work at our desktops or the future of exploration.

    It is difficult to imagine a world without instant access and 24/7 connectivity. We have reengineered our business, governance, and social relations around a planetary network unlike any that has come before. And, as with any social transformation, there have been unintended consequences.     In Black Code, Ron Deibert examines the profound effect that cyberspace is having on the relationship between citizens and states, on the private and public spheres, and on domestic and international affairs. Cyberspace has brought us a world of do-it-yourself signals intelligence, he argues, and WikiLeaks is only a symptom of a much larger phenomenon to which governments, businesses, and individuals will have to get accustomed. Our lives have been turned inside out by a digital world of our own spinning.     Fast-paced, revealing, and sometimes terrifying, Black Code takes readers into the shadowy realm of cybersecurity, offering insight into the very future of cyberspace and revealing what new rules and norms we will need to adopt in order to survive in this new environment.

    Norbert Wiener's classic is one in that small company. Founder of the science of cybernetics—the study of the relationship between computers and the human nervous system—Wiener was widely misunderstood as one who advocated the automation of human life. As this book reveals, his vision was much more complex and interesting. He hoped that machines would release people from relentless and repetitive drudgery in order to achieve more creative pursuits. At the same time he realized the danger of dehumanizing and displacement. His book examines the implications of cybernetics for education, law, language, science, technology, as he anticipates the enormous impact—in effect, a third industrial revolution—that the computer has had on our lives.

    So, why does conventional wisdom insist that software engineers focus primarily on the design and development of large-scale computing systems?In this collection of essays and articles, key members of Google's Site Reliability Team explain how and why their commitment to the entire lifecycle has enabled the company to successfully build, deploy, monitor, and maintain some of the largest software systems in the world. You'll learn the principles and practices that enable Google engineers to make systems more scalable, reliable, and efficient--lessons directly applicable to your organization.This book is divided into four sections: Introduction--Learn what site reliability engineering is and why it differs from conventional IT industry practicesPrinciples--Examine the patterns, behaviors, and areas of concern that influence the work of a site reliability engineer (SRE)Practices--Understand the theory and practice of an SRE's day-to-day work: building and operating large distributed computing systemsManagement--Explore Google's best practices for training, communication, and meetings that your organization can use

    But facing the sea change that AI will bring can be paralyzing. How should companies set strategies, governments design policies, and people plan their lives for a world so different from what we know? In the face of such uncertainty, many analysts either cower in fear or predict an impossibly sunny future.But in Prediction Machines, three eminent economists recast the rise of AI as a drop in the cost of prediction. With this single, masterful stroke, they lift the curtain on the AI-is-magic hype and show how basic tools from economics provide clarity about the AI revolution and a basis for action by CEOs, managers, policy makers, investors, and entrepreneurs.When AI is framed as cheap prediction, its extraordinary potential becomes clear: Prediction is at the heart of making decisions under uncertainty. Our businesses and personal lives are riddled with such decisions. Prediction tools increase productivity--operating machines, handling documents, communicating with customers. Uncertainty constrains strategy. Better prediction creates opportunities for new business structures and strategies to compete. Penetrating, fun, and always insightful and practical, Prediction Machines follows its inescapable logic to explain how to navigate the changes on the horizon. The impact of AI will be profound, but the economic framework for understanding it is surprisingly simple.

    In this revision, the author takes a structured approach to explaining how networks function.

    Dobbs Jolt Award Finalist since Bruce Schneier's Secrets and Lies and Applied Cryptography!Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies.Systems security managers, you'll find tools and a framework for structured thinking about what can go wrong. Software developers, you'll appreciate the jargon-free and accessible introduction to this essential skill. Security professionals, you'll learn to discern changing threats and discover the easiest ways to adopt a structured approach to threat modeling.Provides a unique how-to for security and software developers who need to design secure products and systems and test their designs Explains how to threat model and explores various threat modeling approaches, such as asset-centric, attacker-centric and software-centric Provides effective approaches and techniques that have been proven at Microsoft and elsewhere Offers actionable how-to advice not tied to any specific software, operating system, or programming language Authored by a Microsoft professional who is one of the most prominent threat modeling experts in the world As more software is delivered on the Internet or operates on Internet-connected devices, the design of secure software is absolutely critical. Make sure you're ready with Threat Modeling: Designing for Security.

    There are updates throughout the book as well. These take into account important advances in cognitive psychology and the science of design while confirming and extending the book's basic thesis: that a physical symbol system has the necessary and sufficient means for intelligent action. The chapter "Economic Reality" has also been revised to reflect a change in emphasis in Simon's thinking about the respective roles of organizations and markets in economic systems."People sometimes ask me what they should read to find out about artificial intelligence. Herbert Simon's book The Sciences of the Artificial is always on the list I give them. Every page issues a challenge to conventional thinking, and the layman who digests it well will certainly understand what the field of artificial intelligence hopes to accomplish. I recommend it in the same spirit that I recommend Freud to people who ask about psychoanalysis, or Piaget to those who ask about child psychology: If you want to learn about a subject, start by reading its founding fathers." -- George A. Miller