Beautiful Security: Leading Security Experts Explain How They Think (Theory In Practice, #28)


Andy Oram - 2009
    Criminals succeed by exercising enormous creativity, and those defending against them must do the same.Beautiful Security explores this challenging subject with insightful essays and analysis on topics that include:The underground economy for personal information: how it works, the relationships among criminals, and some of the new ways they pounce on their prey How social networking, cloud computing, and other popular trends help or hurt our online security How metrics, requirements gathering, design, and law can take security to a higher level The real, little-publicized history of PGP This book includes contributions from:Peiter "Mudge" Zatko Jim Stickley Elizabeth Nichols Chenxi Wang Ed Bellis Ben Edelman Phil Zimmermann and Jon Callas Kathy Wang Mark Curphey John McManus James Routh Randy V. Sabett Anton Chuvakin Grant Geyer and Brian Dunphy Peter Wayner Michael Wood and Fernando Francisco All royalties will be donated to the Internet Engineering Task Force (IETF).

Cryptanalysis: A Study of Ciphers and Their Solution


Helen Fouche Gaines - 1939
    Nihilist, grille, U. S. Army, key-phrase, multiple-alphabet, Gronsfeld, Porta, Beaufort, periodic ciphers, and more. Simple and advanced methods. 166 specimens to solve — with solutions.

Practical Monitoring


Mike Julian - 2017
    "Monitoring Monitoring" explains what makes your monitoring less than stellar, and provides a practical approach to designing and implementing a monitoring strategy, from the application down to the hardware in the datacenter and everything in between.In the world of technical operations, monitoring is core to everything you do. In today s changing landscape of microservices, cloud infrastructure, and more, monitoring is experiencing a new surge of growth, bringing along new methodologies, new ways of thinking, and new tools.Complete with a primer on statistics and a monitoring vocabulary, this book helps you identify the main areas you need to monitor and shows you how to approach them. It s ideal for operations engineers, system administrators, system and software engineers, site reliability engineers, network engineers, and other operations professionals."

Hadoop Explained


Aravind Shenoy - 2014
    Hadoop allowed small and medium sized companies to store huge amounts of data on cheap commodity servers in racks. The introduction of Big Data has allowed businesses to make decisions based on quantifiable analysis. Hadoop is now implemented in major organizations such as Amazon, IBM, Cloudera, and Dell to name a few. This book introduces you to Hadoop and to concepts such as ‘MapReduce’, ‘Rack Awareness’, ‘Yarn’ and ‘HDFS Federation’, which will help you get acquainted with the technology.

Writing Secure Code


Michael Howard - 2001
    You need to assume it will run in the most hostile environments imaginable -- and design, code, and test accordingly. Writing Secure Code, Second Edition shows you how. This edition draws on the lessons learned and taught throughout Microsoft during the firm s massive 2002 Windows Security Push. It s a huge upgrade to the respected First Edition, with new coverage across the board. Michael Howard and David LeBlanc first help you define what security means to your customers -- and implement a three-pronged strategy for securing design, defaults, and deployment. There s especially useful coverage of threat modeling -- decomposing your application, identifying threats, ranking them, and mitigating them. Then, it s on to in-depth coverage of today s key security issues from the developer s standpoint. Everyone knows buffer overruns are bad: Here s a full chapter on avoiding them. You ll learn how to establish appropriate access controls and default to running with least privilege. There s detailed coverage of overcoming attacks on cryptography (for example, avoiding poor random numbers and bit-flipping attacks). You ll learn countermeasures for virtually every form of user input attack, from malicious database updates to cross-site scripting. We ve just scratched the surface: There are authoritative techniques for securing sockets and RPC, protecting against DOS attacks, building safer .NET applications, reviewing and testing code, adding privacy features, and even writing high-quality security documentation. Following these techniques won t just improve security -- it ll dramatically improve robustness and reliability, too. Bill CamardaBill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.

The Book of PoC||GTFO


Manul Laphroaig - 2017
    Until now, the journal has only been available online or printed and distributed for free at hacker conferences worldwide.Consistent with the journal's quirky, biblical style, this book comes with all the trimmings: a leatherette cover, ribbon bookmark, bible paper, and gilt-edged pages. The book features more than 80 technical essays from numerous famous hackers, authors of classics like "Reliable Code Execution on a Tamagotchi," "ELFs are Dorky, Elves are Cool," "Burning a Phone," "Forget Not the Humble Timing Attack," and "A Sermon on Hacker Privilege." Twenty-four full-color pages by Ange Albertini illustrate many of the clever tricks described in the text.

Cyberspies: The Secret History of Surveillance, Hacking, and Digital Espionage


Gordon Corera - 2015
    The book is rich with historical detail and characters, as well as astonishing revelations about espionage carried out in recent times by the UK, US, and China. Using unique access to the National Security Agency, GCHQ, Chinese officials, and senior executives from some of the most powerful global technology companies, Gordon Corera has gathered compelling stories from heads of state, hackers and spies of all stripes.Cyberspies is a ground-breaking exploration of the new space in which the worlds of espionage, diplomacy, international business, science, and technology collide.

An Introduction to Enterprise Architecture


Scott A. Bernard - 2005
    I wrote this book for three major reasons: (1) to help move business and technology planning from a systems and process-level view to a more strategy-driven enterprise-level view, (2) to promote and explain the emerging profession of EA, and (3) to provide the first textbook on the subject of EA, which is suitable for graduate and undergraduate levels of study. To date, other books on EA have been practitioner books not specifically oriented toward a student who may be learning the subject with little to no previous exposure. Therefore, this book contains references to related academic research and industry best practices, as well as my own observations about potential future practices and the direction of this emerging profession.

We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency


Parmy Olson - 2012
    WE ARE ANONYMOUS is the first full account of how a loosely assembled group of hackers scattered across the globe formed a new kind of insurgency, seized headlines, and tortured the feds-and the ultimate betrayal that would eventually bring them down. Parmy Olson goes behind the headlines and into the world of Anonymous and LulzSec with unprecedented access, drawing upon hundreds of conversations with the hackers themselves, including exclusive interviews with all six core members of LulzSec. In late 2010, thousands of hacktivists joined a mass digital assault on the websites of VISA, MasterCard, and PayPal to protest their treatment of WikiLeaks. Other targets were wide ranging-the websites of corporations from Sony Entertainment and Fox to the Vatican and the Church of Scientology were hacked, defaced, and embarrassed-and the message was that no one was safe. Thousands of user accounts from pornography websites were released, exposing government employees and military personnel.Although some attacks were perpetrated by masses of users who were rallied on the message boards of 4Chan, many others were masterminded by a small, tight-knit group of hackers who formed a splinter group of Anonymous called LulzSec. The legend of Anonymous and LulzSec grew in the wake of each ambitious hack. But how were they penetrating intricate corporate security systems? Were they anarchists or activists? Teams or lone wolves? A cabal of skilled hackers or a disorganized bunch of kids?WE ARE ANONYMOUS delves deep into the internet's underbelly to tell the incredible full story of the global cyber insurgency movement, and its implications for the future of computer security.

Privacy in the Age of Big Data: Recognizing Threats, Defending Your Rights, and Protecting Your Family


Theresa M. Payton - 2014
    The devices we use to get just-in-time coupons, directions when we're lost, and maintain connections with loved ones no matter how far away they are, also invade our privacy in ways we might not even be aware of. Our devices send and collect data about us whenever we use them, but that data is not safeguarded the way we assume it would be. Privacy is complex and personal. Many of us do not know the full extent to which data is collected, stored, aggregated, and used. As recent revelations indicate, we are subject to a level of data collection and surveillance never before imaginable. While some of these methods may, in fact, protect us and provide us with information and services we deem to be helpful and desired, others can turn out to be insidious and over-arching. Privacy in the Age of Big Data highlights the many positive outcomes of digital surveillance and data collection while also outlining those forms of data collection to which we may not consent, and of which we are likely unaware. Payton and Claypoole skillfully introduce readers to the many ways we are 'watched, ' and how to adjust our behaviors and activities to recapture our privacy. The authors suggest the tools, behavior changes, and political actions we can take to regain data and identity security. Anyone who uses digital devices will want to read this book for its clear and no-nonsense approach to the world of big data and what it means for all of us.

The Florentine Deception


Carey Nachenberg - 2015
    To his surprise, Alex learns that the computer’s deceased owner, a shady antiquities smuggler, had been trying to unload a priceless object known as the Florentine on the black market. But with the dealer’s death, the Florentine is unaccounted for and potentially ripe for the taking.  Hooked by the prospect of solving a mystery, Alex embarks upon a quest through subterranean grottos, freezing morgues, and hidden cellars in search of the Florentine. But what starts out as a seemingly innocuous pursuit quickly turns into a nightmare, as Alex discovers that the Florentine may not be a lost treasure after all, but something far more insidious. A weapon that, in the wrong hands, could bring the developed world to its knees—one that Alex’s adversaries will do anything to acquire. Will Alex unlock the secrets of the Florentine in time to prevent a catastrophic attack? Read The Florentine Deception to find out!

Akka in Action


Raymond Roestenburg - 2012
    Akka uses Actors-independently executing processes that communicate via message passing—as the foundation for fault-tolerant applications where individual actors can fail without crashing everything. Perfect for high-volume applications that need to scale rapidly, Akka is an efficient foundation for event-driven systems that want to scale elastically up and out on demand, both on multi-core processors and across server nodes.Akka in Action is a comprehensive tutorial on building message-oriented systems using Akka. The book takes a hands-on approach, where each new concept is followed by an example that shows you how it works, how to implement the code, and how to (unit) test it. You'll learn to test and deploy an actor system and scale it up and out, showing off Akka's fault tolerance. As you move along, you'll explore a message-oriented event-driven application in Akka. You'll also tackle key issues like how to model immutable messages and domain models, and apply patterns like Event Sourcing, and CQRS. The book concludes with practical advice on how to tune and customize a system built with Akka.

Get Your Hands Dirty on Clean Architecture: A hands-on guide to creating clean web applications with code examples in Java


Tom Hombergs - 2019
    

The Shadow Factory: The Ultra-Secret NSA from 9/11 to the Eavesdropping on America


James Bamford - 2008
    Now Bamford describes the transformation of the NSA since 9/11, as the agency increasingly turns its high-tech ears on the American public.The Shadow Factory reconstructs how the NSA missed a chance to thwart the 9/11 hijackers and details how this mistake has led to a heightening of domestic surveillance. In disturbing detail, Bamford describes exactly how every American’s data is being mined and what is being done with it. Any reader who thinks America’s liberties are being protected by Congress will be shocked and appalled at what is revealed here.From the Trade Paperback edition.

Nmap Cookbook: The Fat-free Guide to Network Scanning


Nicholas Marsh - 2010
    Every Nmap feature is covered with visual examples to help you quickly understand and identify proper usage for practical results.Topics covered include:* Installation on Windows, Mac OS X, Unix/Linux platforms* Basic and advanced scanning techniques* Network inventory and security auditing* Firewall evasion techniques* Zenmap - A graphical front-end for Nmap* NSE - The Nmap Scripting Engine* Ndiff - A Nmap scan comparison utilitySimplified coverage of Nmap 5.00 features.