Advanced API Security, 2nd edition
Prepare for the next wave of challenges in enterprise security. Learn to better protect, monitor, and manage your public and private APIs.
Enterprise APIs have become the common way of exposing business functions to the outside world. Exposing functionality is convenient, but of course comes with a risk of exploitation. This book teaches you about TLS Token Binding, User Managed Access (UMA) 2.0, Cross Origin Resource Sharing (CORS), Incremental Authorization, Proof Key for Code Exchange (PKCE), and Token Exchange. Benefit from lessons learned from analyzing multiple attacks that have taken place by exploiting security vulnerabilities in various OAuth 2.0 implementations. Explore root causes, and improve your security practices to mitigate against similar future exploits.
Security must be an integral part of any development project. This book shares best practices in designing APIs for rock-solid security. API security has evolved since the first editi ...
Foundations of Information Security
A high-level survey of the information security field by best-selling author Jason Andress. The book covers the basics of a wide variety of topics, from authentication and authorization to maintaining confidentiality and performing penetration testing.
Using real-world security breaches as examples, Foundations of Information Security explores common applications of these concepts, such as operations security network design, hardening and patching operating systems, securing mobile devices, as well as tools for assessing the security of hosts and applications.
You'll also learn the basics of topics like: Multifactor authentication and how biometrics and hardware tokens can be used to harden the authentication process; The principles behind modern cryptography, including symmetric and asymmetric algorithms, hashes, and certificates; The laws and regulations that protect systems and data; Anti-malware tools, firewalls, and intrusion detection syst ...
Exam Ref MS-101 Microsoft 365 Mobility and Security
Prepare for Microsoft Exam MS-101 - and help demonstrate your real-world mastery of skills and knowledge needed to manage Microsoft 365 mobility, security and related administration tasks. Designed for experienced IT professionals, Exam Ref focuses on the critical thinking and decision-making acumen needed for success at the Microsoft Certified Expert level.
Focus on the expertise measured by these objectives: Implement modern device services; Implement Microsoft 365 security and threat management; Manage Microsoft 365 governance and compliance.
Exam MS-101 focuses on knowledge needed to implement Mobile Device Management (MDM); manage device compliance; plan for devices and apps; plan Windows 10 deployment; implement Cloud App Security (CAS), threat management, and Windows Defender Advanced Threat Protection (ATP); manage security reports and alerts; configure Data Loss Prevention (DLP); implement Azure Information Protection (AIP); and manage data g ...
Microsoft Azure Security Center, 2nd Edition
Reflecting updates through mid-2019, this book presents comprehensive Azure Security Center techniques for safeguarding cloud and hybrid environments. Leading Microsoft security and cloud experts Yuri Diogenes and Dr. Thomas Shinder help you apply Azure Security Center's robust protection, detection, and response capabilities in key operational scenarios. You'll walk through securing any Azure workload, and optimizing key facets of modern security from policies and identity to incident response and risk management. Brand-new coverage includes single-click remediation, IoT, improved container security Azure Sentinel, and more. Whatever your security role, you'll learn how to save hours, days, or even weeks by solving problems in the most efficient and reliable ways possible.
Two of Microsoft's leading cloud security experts show how to: Implement a comprehensive new security paradigm designed specifically for cloud and hybrid en ...
Most security professionals don't have the words security or hacker in their job title. Instead, as a developer or admin you often have to fit in security alongside your official responsibilities - building and maintaining computer systems. Implement the basics of good security now, and you'll have a solid foundation if you bring in a dedicated security staff later. Identify the weaknesses in your system, and defend against the attacks most likely to compromise your organization, without needing to become a trained security professional.
Computer security is a complex issue. But you don't have to be an expert in all the esoteric details to prevent many common attacks. Attackers are opportunistic and won't use a complex attack when a simple one will do. You can get a lot of benefit without too much complexity, by putting systems and processes in place that ensure you aren't making the obvious mistakes. Secure your systems better, with ...
Dynamic SQL, 2nd Edition
Take a deep dive into the many uses of dynamic SQL in Microsoft SQL Server. This edition has been updated to use the newest features in SQL Server 2016 and SQL Server 2017 as well as incorporating the changing landscape of analytics and database administration. Code examples have been updated with new system objects and functions to improve efficiency and maintainability.
Executing dynamic SQL is key to large-scale searching based on user-entered criteria. Dynamic SQL can generate lists of values and even code with minimal impact on performance. Dynamic SQL enables dynamic pivoting of data for business intelligence solutions as well as customizing of database objects. Yet dynamic SQL is feared by many due to concerns over SQL injection or code maintainability.
Dynamic SQL: Applications, Performance, and Security in Microsoft SQL Server helps you bring the productivity and user-satisfaction of flexible and responsive applications to your organization safely and securely. Y ...
Financial Cybersecurity Risk Management
Understand critical cybersecurity and risk perspectives, insights, and tools for the leaders of complex financial systems and markets. This book offers guidance for decision makers and helps establish a framework for communication between cyber leaders and front-line professionals. Information is provided to help in the analysis of cyber challenges and choosing between risk treatment options.
Financial cybersecurity is a complex, systemic risk challenge that includes technological and operational elements. The interconnectedness of financial systems and markets creates dynamic, high-risk environments where organizational security is greatly impacted by the level of security effectiveness of partners, counterparties, and other external organizations. The result is a high-risk environment with a growing need for cooperation between enterprises that are otherwise direct competitors. There is a new normal of continuous attack pressures that produce unpreceden ...
Microsoft System Center Data Protection Manager Cookbook
System Center Data Protection Manager (SCDPM) is a robust enterprise backup and recovery system that contributes to your BCDR strategy by facilitating the backup and recovery of enterprise data. With an increase in data recovery and protection problems faced in organizations, it has become important to keep data safe and recoverable. This book contains recipes that will help you upgrade to SCDPM and it covers the advanced features and functionality of SCDPM.
This book starts by helping you install SCDPM and then moves on to post-installation and management tasks. You will come across a lot of useful recipes that will help you recover your VMware and Hyper-V VMs. It will also walk you through tips for monitoring SCDPM in different scenarios. Next, the book will also offer insights into protecting windows workloads followed by best practices on SCDPM. You will also learn to back up your Azure Stack Infrastructure using Azure Backup. You will also learn about recovering data from backu ...
Practical Internet of Things Security, 2nd Edition
With the advent of the Internet of Things (IoT),businesses have to defend against new types of threat. The business ecosystem now includes the cloud computing infrastructure, mobile and fixed endpoints that open up new attack surfaces, a desire to share information with many stakeholders, and a need to take action quickly based on large quantities of collected data. It therefore becomes critical to ensure that cybersecurity threats are contained to a minimum when implementing new IoT services and solutions. The interconnectivity of people, devices, and companies raises the stakes to a new level; as computing becomes ever more mobile, everything becomes connected to the cloud,and its infrastructure is hard put to it to securely manage the billions of devices that will connect us all to the IoT.
This book shows you how to implement cybersecurity solutions, IoT design best practices, and risk mitigation methodologies to address device and infrastructure threats to IoT sol ...
Linux Basics for Hackers
If you're getting started along the exciting path of hacking, cybersecurity and pentesting, Linux Basics for Hackers is an excellent first step. Using Kali Linux, an advanced penetration testing distribution of Linux, you'll learn the basics of using the Linux operating system and acquire the tools and techniques you'll need to take control of a Linux environment.
First, you'll learn how to install Kali on a virtual machine and get an introduction to basic Linux concepts. Next, you'll tackle broader Linux topics like manipulating text, controlling file and directory permissions, and managing user environment variables. You'll then focus in on foundational hacking concepts like security and anonymity and learn scripting skills with bash and Python. Practical tutorials and exercises throughout will reinforce and test your skills as you learn how to: Cover your tracks by changing your network information and manipulating the rsyslog logging utility; Write a tool to scan f ...
Beginning Ethical Hacking with Kali Linux
Get started in white-hat ethical hacking using Kali Linux. This book starts off by giving you an overview of security trends, where you will learn the OSI security architecture. This will form the foundation for the rest of Beginning Ethical Hacking with Kali Linux. With the theory out of the way, you'll move on to an introduction to VirtualBox, networking, and common Linux commands, followed by the step-by-step procedure to build your own web server and acquire the skill to be anonymous. When you have finished the examples in the first part of your book, you will have all you need to carry out safe and ethical hacking experiments.
After an introduction to Kali Linux, you will carry out your first penetration tests with Python and code raw binary packets for use in those tests. You will learn how to find secret directories on a target system, use a TCP client in Python, and scan ports using NMAP. Along the way you will discover effective ways to collect important info ...