Security eBooks
ASP.NET Core Security
ASP.NET Core Security teaches you the skills and countermeasures you need to keep your ASP.NET Core apps secure from the most common web application attacks. With this collection of practical techniques, you will be able to anticipate risks and introduce practices like testing as regular security checkups. You'll be fascinated as the author explores real-world security breaches, including rogue Firefox extensions and Adobe password thefts. The examples present universal security best practices with a sharp focus on the unique needs of ASP.NET Core applications. Your ASP.NET Core applications are under attack now. Are you ready? Th ere are specific countermeasures you can apply to keep your company out of the headlines. This book demonstrates exactly how to secure ASP.NET Core web applications, including safe browser interactions, recognizing common threats, and deploying the framework's unique security APIs. ASP.NET Core Security is a rea ...
ASP.NET Core Security teaches you the skills and countermeasures you need to keep your ASP.NET Core apps secure from the most common web application attacks. With this collection of practical techniques, you will be able to anticipate risks and introduce practices like testing as regular security checkups. You'll be fascinated as the author explores real-world security breaches, including rogue Firefox extensions and Adobe password thefts. The examples present universal security best practices with a sharp focus on the unique needs of ASP.NET Core applications. Your ASP.NET Core applications are under attack now. Are you ready? Th ere are specific countermeasures you can apply to keep your company out of the headlines. This book demonstrates exactly how to secure ASP.NET Core web applications, including safe browser interactions, recognizing common threats, and deploying the framework's unique security APIs. ASP.NET Core Security is a rea ...
Cybersecurity Career Guide
Cybersecurity Career Guide unlocks your pathway to becoming a great security practitioner. You'll learn how to reliably enter the security field and quickly grow into your new career, following clear, practical advice that's based on research and interviews with hundreds of hiring managers. Practical self-analysis exercises identify gaps in your resume, what makes you valuable to an employer, and what you want out of your career in cyber. You'll assess the benefits of all major professional qualifications, and get practical advice on relationship building with mentors. Do you want a rewarding job in cybersecurity? Start here! This book highlights the full range of exciting security careers and shows you exactly how to find the role that's perfect for you. You'll go through all the steps - from building the right skills to acing the interview. Author and infosec expert Alyssa Miller shares insights from fifteen years in cybersecurity that will help ...
Cybersecurity Career Guide unlocks your pathway to becoming a great security practitioner. You'll learn how to reliably enter the security field and quickly grow into your new career, following clear, practical advice that's based on research and interviews with hundreds of hiring managers. Practical self-analysis exercises identify gaps in your resume, what makes you valuable to an employer, and what you want out of your career in cyber. You'll assess the benefits of all major professional qualifications, and get practical advice on relationship building with mentors. Do you want a rewarding job in cybersecurity? Start here! This book highlights the full range of exciting security careers and shows you exactly how to find the role that's perfect for you. You'll go through all the steps - from building the right skills to acing the interview. Author and infosec expert Alyssa Miller shares insights from fifteen years in cybersecurity that will help ...
Wireless Security Architecture
Wireless Security Architecture: Designing and Maintaining Secure Wireless for Enterprise offers readers an essential guide to planning, designing, and preserving secure wireless infrastructures. It is a blueprint to a resilient and compliant architecture that responds to regulatory requirements, reduces organizational risk, and conforms to industry best practices. This book emphasizes WiFi security as well as guidance on private cellular and Internet of Things security. Readers will discover how to move beyond isolated technical certifications and vendor training and put together a coherent network that responds to contemporary security risks. It offers up-to-date coverage - including data published for the first time - of new WPA3 security Wi-Fi 6E, zero-trust frameworks, and other emerging trends. It also includes: Concrete strategies suitable for organizations of all sizes, from large government agencies to small public and private companies; Effective ...
Wireless Security Architecture: Designing and Maintaining Secure Wireless for Enterprise offers readers an essential guide to planning, designing, and preserving secure wireless infrastructures. It is a blueprint to a resilient and compliant architecture that responds to regulatory requirements, reduces organizational risk, and conforms to industry best practices. This book emphasizes WiFi security as well as guidance on private cellular and Internet of Things security. Readers will discover how to move beyond isolated technical certifications and vendor training and put together a coherent network that responds to contemporary security risks. It offers up-to-date coverage - including data published for the first time - of new WPA3 security Wi-Fi 6E, zero-trust frameworks, and other emerging trends. It also includes: Concrete strategies suitable for organizations of all sizes, from large government agencies to small public and private companies; Effective ...
Python for Cybersecurity
Python For Cybersecurity: Using Python for Cyber Offense and Defense delivers an intuitive and hands-on explanation of using Python for cybersecurity. It relies on the MITRE ATT&CK framework to structure its exploration of cyberattack techniques, attack defenses, and the key cybersecurity challenges facing network administrators and other stakeholders today. Offering downloadable sample code, the book is written to help you discover how to use Python in a wide variety of cybersecurity situations, including: Reconnaissance, resource development, initial access, and execution; Persistence, privilege escalation, defense evasion, and credential access; Discovery, lateral movement, collection, and command and control; Exfiltration and impact. Each chapter includes discussions of several techniques and sub-techniques that could be used to achieve an attacker's objectives in any of these use cases. The ideal resource for anyone with a professional or personal interest in c ...
Python For Cybersecurity: Using Python for Cyber Offense and Defense delivers an intuitive and hands-on explanation of using Python for cybersecurity. It relies on the MITRE ATT&CK framework to structure its exploration of cyberattack techniques, attack defenses, and the key cybersecurity challenges facing network administrators and other stakeholders today. Offering downloadable sample code, the book is written to help you discover how to use Python in a wide variety of cybersecurity situations, including: Reconnaissance, resource development, initial access, and execution; Persistence, privilege escalation, defense evasion, and credential access; Discovery, lateral movement, collection, and command and control; Exfiltration and impact. Each chapter includes discussions of several techniques and sub-techniques that could be used to achieve an attacker's objectives in any of these use cases. The ideal resource for anyone with a professional or personal interest in c ...
Azure Cloud Security for Absolute Beginners
Implement cloud security with Azure security tools, configurations and policies that address the needs of businesses and governments alike. This book introduces you to the most important security solutions available in Azure and provides you with step-by-step guidance to effectively set up security and deploy an application on top of Azure platform services, as well as on top of Azure infrastructure. Author Pushpa Herath begins by teaching you the fundamentals of Azure security. An easy to follow exploration of management groups, subscriptions, management locks and Azure policies further elaborate the concepts underlying Azure cloud security. Next, you will learn about Azure Active Directory (AAD) and the utilization of AAD in application and infrastructure security. Essential aspects of maintaining secure application keys and certificates are further explained in the context of Azure Key Vault. New application security implementations such as Azur ...
Implement cloud security with Azure security tools, configurations and policies that address the needs of businesses and governments alike. This book introduces you to the most important security solutions available in Azure and provides you with step-by-step guidance to effectively set up security and deploy an application on top of Azure platform services, as well as on top of Azure infrastructure. Author Pushpa Herath begins by teaching you the fundamentals of Azure security. An easy to follow exploration of management groups, subscriptions, management locks and Azure policies further elaborate the concepts underlying Azure cloud security. Next, you will learn about Azure Active Directory (AAD) and the utilization of AAD in application and infrastructure security. Essential aspects of maintaining secure application keys and certificates are further explained in the context of Azure Key Vault. New application security implementations such as Azur ...
Mastering Kali Linux for Advanced Penetration Testing, 4th Edition
Remote working has given hackers plenty of opportunities as more confidential information is shared over the internet than ever before. In this new edition of Mastering Kali Linux for Advanced Penetration Testing, you'll learn an offensive approach to enhance your penetration testing skills by testing the sophisticated tactics employed by real hackers. You'll go through laboratory integration to cloud services so that you learn another dimension of exploitation that is typically forgotten during a penetration test. You'll explore different ways of installing and running Kali Linux in a VM and containerized environment and deploying vulnerable cloud services on AWS using containers, exploiting misconfigured S3 buckets to gain access to EC2 instances. This book delves into passive and active reconnaissance, from obtaining user information to large-scale port scanning. Building on this, different vulnerability assessments are explored, including threat modeling. See how hackers use lat ...
Remote working has given hackers plenty of opportunities as more confidential information is shared over the internet than ever before. In this new edition of Mastering Kali Linux for Advanced Penetration Testing, you'll learn an offensive approach to enhance your penetration testing skills by testing the sophisticated tactics employed by real hackers. You'll go through laboratory integration to cloud services so that you learn another dimension of exploitation that is typically forgotten during a penetration test. You'll explore different ways of installing and running Kali Linux in a VM and containerized environment and deploying vulnerable cloud services on AWS using containers, exploiting misconfigured S3 buckets to gain access to EC2 instances. This book delves into passive and active reconnaissance, from obtaining user information to large-scale port scanning. Building on this, different vulnerability assessments are explored, including threat modeling. See how hackers use lat ...
Taking Kubernetes from Test to Production
With Kubernetes came many new concepts, particularly around networking and traffic management. Alongside these new concepts were entirely new classes of tools, designed for ephemeral, containerized, and distributed application deployments. In particular, Ingress controllers and service meshes did not exist prior to the Kubernetes era. Nor were Layer 4 and Layer 7 protocols and traffic typically managed from the same control plane. At a granular level, Kubernetes introduces new complexities around security and management. Simple tasks like load balancing are very different in a realm where infrastructure is 100% ephemeral and often moving constantly - both in terms of setting up new instances with fresh IP addresses and geographically moving around the globe. These new traffic management concepts and tools have the power to vastly improve developer experience and accelerate app development and delivery cycles through greater resilience, higher performance, and better security. ...
With Kubernetes came many new concepts, particularly around networking and traffic management. Alongside these new concepts were entirely new classes of tools, designed for ephemeral, containerized, and distributed application deployments. In particular, Ingress controllers and service meshes did not exist prior to the Kubernetes era. Nor were Layer 4 and Layer 7 protocols and traffic typically managed from the same control plane. At a granular level, Kubernetes introduces new complexities around security and management. Simple tasks like load balancing are very different in a realm where infrastructure is 100% ephemeral and often moving constantly - both in terms of setting up new instances with fresh IP addresses and geographically moving around the globe. These new traffic management concepts and tools have the power to vastly improve developer experience and accelerate app development and delivery cycles through greater resilience, higher performance, and better security. ...
The Hardware Hacking Handbook
Embedded devices are chip-size microcomputers small enough to be included in the structure of the object they control, and they're everywhere - in phones, cars, credit cards, laptops, medical equipment, even critical infrastructure. This means understanding their security is critical. The Hardware Hacking Handbook takes you deep inside different types of embedded systems, revealing the designs, components, security limits, and reverse-engineering challenges you need to know for executing effective hardware attacks. Written with wit and infused with hands-on lab experiments, this handbook puts you in the role of an attacker interested in breaking security to do good. Starting with a crash course on the architecture of embedded devices, threat modeling, and attack trees, you'll go on to explore hardware interfaces, ports and communication protocols, electrical signaling, tips for analyzing firmware images, and more. Along the way, you'll use a home testing lab to ...
Embedded devices are chip-size microcomputers small enough to be included in the structure of the object they control, and they're everywhere - in phones, cars, credit cards, laptops, medical equipment, even critical infrastructure. This means understanding their security is critical. The Hardware Hacking Handbook takes you deep inside different types of embedded systems, revealing the designs, components, security limits, and reverse-engineering challenges you need to know for executing effective hardware attacks. Written with wit and infused with hands-on lab experiments, this handbook puts you in the role of an attacker interested in breaking security to do good. Starting with a crash course on the architecture of embedded devices, threat modeling, and attack trees, you'll go on to explore hardware interfaces, ports and communication protocols, electrical signaling, tips for analyzing firmware images, and more. Along the way, you'll use a home testing lab to ...
Full Stack Python Security
Full Stack Python Security: Cryptography, TLS, and attack resistance teaches you everything you'll need to build secure Python web applications. As you work through the insightful code snippets and engaging examples, you'll put security standards, best practices, and more into action. Along the way, you'll get exposure to important libraries and tools in the Python ecosystem. Security is a full-stack concern, encompassing user interfaces, APIs, web servers, network infrastructure, and everything in between. Master the powerful libraries, frameworks, and tools in the Python ecosystem and you can protect your systems top to bottom. Packed with realistic examples, lucid illustrations, and working code, this book shows you exactly how to secure Python-based web applications. Full Stack Python Security: Cryptography, TLS, and attack resistance teaches you everything you need to secure Python and Django-based web apps. In it, seasoned security pro Dennis Byrne demy ...
Full Stack Python Security: Cryptography, TLS, and attack resistance teaches you everything you'll need to build secure Python web applications. As you work through the insightful code snippets and engaging examples, you'll put security standards, best practices, and more into action. Along the way, you'll get exposure to important libraries and tools in the Python ecosystem. Security is a full-stack concern, encompassing user interfaces, APIs, web servers, network infrastructure, and everything in between. Master the powerful libraries, frameworks, and tools in the Python ecosystem and you can protect your systems top to bottom. Packed with realistic examples, lucid illustrations, and working code, this book shows you exactly how to secure Python-based web applications. Full Stack Python Security: Cryptography, TLS, and attack resistance teaches you everything you need to secure Python and Django-based web apps. In it, seasoned security pro Dennis Byrne demy ...
Adversarial Tradecraft in Cybersecurity
Little has been written about what to do when live hackers are on your system and running amok. Even experienced hackers tend to choke up when they realize the network defender has caught them and is zoning in on their implants in real time. This book will provide tips and tricks all along the kill chain of an attack, showing where hackers can have the upper hand in a live conflict and how defenders can outsmart them in this adversarial game of computer cat and mouse. This book contains two subsections in each chapter, specifically focusing on the offensive and defensive teams. It begins by introducing you to adversarial operations and principles of computer conflict where you will explore the core principles of deception, humanity, economy, and more about human-on-human conflicts. Additionally, you will understand everything from planning to setting up infrastructure and tooling that both sides should have in place. Throughout this book, you will learn how to gain an advantage ove ...
Little has been written about what to do when live hackers are on your system and running amok. Even experienced hackers tend to choke up when they realize the network defender has caught them and is zoning in on their implants in real time. This book will provide tips and tricks all along the kill chain of an attack, showing where hackers can have the upper hand in a live conflict and how defenders can outsmart them in this adversarial game of computer cat and mouse. This book contains two subsections in each chapter, specifically focusing on the offensive and defensive teams. It begins by introducing you to adversarial operations and principles of computer conflict where you will explore the core principles of deception, humanity, economy, and more about human-on-human conflicts. Additionally, you will understand everything from planning to setting up infrastructure and tooling that both sides should have in place. Throughout this book, you will learn how to gain an advantage ove ...
AWS Penetration Testing
Cloud security has always been treated as the highest priority by AWS while designing a robust cloud infrastructure. AWS has now extended its support to allow users and security experts to perform penetration tests on its environment. This has not only revealed a number of loopholes and brought vulnerable points in their existing system to the fore, but has also opened up opportunities for organizations to build a secure cloud environment. This book teaches you how to perform penetration tests in a controlled AWS environment. You'll begin by performing security assessments of major AWS resources such as Amazon EC2 instances, Amazon S3, Amazon API Gateway, and AWS Lambda. Throughout the course of this book, you'll also learn about specific tests such as exploiting applications, compromising Identity and Access Management (IAM) keys, testing permissions flaws, and discovering weak policies. Moving on, you'll discover how to establish private-cloud access through b ...
Cloud security has always been treated as the highest priority by AWS while designing a robust cloud infrastructure. AWS has now extended its support to allow users and security experts to perform penetration tests on its environment. This has not only revealed a number of loopholes and brought vulnerable points in their existing system to the fore, but has also opened up opportunities for organizations to build a secure cloud environment. This book teaches you how to perform penetration tests in a controlled AWS environment. You'll begin by performing security assessments of major AWS resources such as Amazon EC2 instances, Amazon S3, Amazon API Gateway, and AWS Lambda. Throughout the course of this book, you'll also learn about specific tests such as exploiting applications, compromising Identity and Access Management (IAM) keys, testing permissions flaws, and discovering weak policies. Moving on, you'll discover how to establish private-cloud access through b ...