To facilitate scalability and resilience, many organizations now run applications in cloud native environments using containers and orchestration. But how do you know if the deployment is secure? This practical book examines key underlying technologies to help developers, operators, and security professionals assess security risks and determine appropriate solutions.
Author Liz Rice, VP of open source engineering at Aqua Security looks at how the building blocks commonly used in container-based systems are constructed in Linux. You'll understand what's happening when you deploy containers and learn how to assess potential security risks that could affect your deployments. If you run container applications with kubectl or docker and use Linux command-line tools such as ps and grep, you're ready to get started.
Explore attack vectors that affect container deployments; Dive into the Linux constructs that underpin containers; Examine measures for hardenin ...
Mastering Linux Security and Hardening, 2nd Edition
From creating networks and servers to automating the entire working environment, Linux has been extremely popular with system administrators for the last couple of decades. However, security has always been a major concern. With limited resources available in the Linux security domain, this book will be an invaluable guide in helping you get your Linux systems properly secured.
Complete with in-depth explanations of essential concepts, practical examples, and self-assessment questions, this book begins by helping you set up a practice lab environment and takes you through the core functionalities of securing Linux. You'll practice various Linux hardening techniques and advance to setting up a locked-down Linux server. As you progress, you will also learn how to create user accounts with appropriate privilege levels, protect sensitive data by setting permissions and encryption, and configure a firewall. The book will help you set up mandatory access control, system audi ...
Designing a HIPAA-Compliant Security Operations Center
Develop a comprehensive plan for building a HIPAA-compliant security operations center, designed to detect and respond to an increasing number of healthcare data breaches and events. Using risk analysis, assessment, and management data combined with knowledge of cybersecurity program maturity, this book gives you the tools you need to operationalize threat intelligence, vulnerability management, security monitoring, and incident response processes to effectively meet the challenges presented by healthcare's current threats.
Healthcare entities are bombarded with data. Threat intelligence feeds, news updates, and messages come rapidly and in many forms such as email, podcasts, and more. New vulnerabilities are found every day in applications, operating systems, and databases while older vulnerabilities remain exploitable. Add in the number of dashboards, alerts, and data points each information security tool provides and security teams find themsel ...
Web Application Security
While many resources for network and IT security are available, detailed knowledge regarding modern web application security has been lacking - until now. This practical guide provides both offensive and defensive security concepts that software engineers can easily learn and apply.
Andrew Hoffman, a senior security engineer at Salesforce, introduces three pillars of web application security: recon, offense, and defense. You'll learn methods for effectively researching and analyzing modern web applications - including those you don't have direct access to. You'll also learn how to break into web applications using the latest hacking techniques. Finally, you'll learn how to develop mitigations for use in your own web applications to protect against hackers.
Explore common vulnerabilities plaguing today's web applications; Learn essential hacking techniques attackers use to exploit applications; Map and document web applications for which you don't have ...
Advanced API Security, 2nd edition
Prepare for the next wave of challenges in enterprise security. Learn to better protect, monitor, and manage your public and private APIs.
Enterprise APIs have become the common way of exposing business functions to the outside world. Exposing functionality is convenient, but of course comes with a risk of exploitation. This book teaches you about TLS Token Binding, User Managed Access (UMA) 2.0, Cross Origin Resource Sharing (CORS), Incremental Authorization, Proof Key for Code Exchange (PKCE), and Token Exchange. Benefit from lessons learned from analyzing multiple attacks that have taken place by exploiting security vulnerabilities in various OAuth 2.0 implementations. Explore root causes, and improve your security practices to mitigate against similar future exploits.
Security must be an integral part of any development project. This book shares best practices in designing APIs for rock-solid security. API security has evolved since the first editi ...
Foundations of Information Security
A high-level survey of the information security field by best-selling author Jason Andress. The book covers the basics of a wide variety of topics, from authentication and authorization to maintaining confidentiality and performing penetration testing.
Using real-world security breaches as examples, Foundations of Information Security explores common applications of these concepts, such as operations security network design, hardening and patching operating systems, securing mobile devices, as well as tools for assessing the security of hosts and applications.
You'll also learn the basics of topics like: Multifactor authentication and how biometrics and hardware tokens can be used to harden the authentication process; The principles behind modern cryptography, including symmetric and asymmetric algorithms, hashes, and certificates; The laws and regulations that protect systems and data; Anti-malware tools, firewalls, and intrusion detection syst ...
Exam Ref MS-101 Microsoft 365 Mobility and Security
Prepare for Microsoft Exam MS-101 - and help demonstrate your real-world mastery of skills and knowledge needed to manage Microsoft 365 mobility, security and related administration tasks. Designed for experienced IT professionals, Exam Ref focuses on the critical thinking and decision-making acumen needed for success at the Microsoft Certified Expert level.
Focus on the expertise measured by these objectives: Implement modern device services; Implement Microsoft 365 security and threat management; Manage Microsoft 365 governance and compliance.
Exam MS-101 focuses on knowledge needed to implement Mobile Device Management (MDM); manage device compliance; plan for devices and apps; plan Windows 10 deployment; implement Cloud App Security (CAS), threat management, and Windows Defender Advanced Threat Protection (ATP); manage security reports and alerts; configure Data Loss Prevention (DLP); implement Azure Information Protection (AIP); and manage data g ...
Microsoft Azure Security Center, 2nd Edition
Reflecting updates through mid-2019, this book presents comprehensive Azure Security Center techniques for safeguarding cloud and hybrid environments. Leading Microsoft security and cloud experts Yuri Diogenes and Dr. Thomas Shinder help you apply Azure Security Center's robust protection, detection, and response capabilities in key operational scenarios. You'll walk through securing any Azure workload, and optimizing key facets of modern security from policies and identity to incident response and risk management. Brand-new coverage includes single-click remediation, IoT, improved container security Azure Sentinel, and more. Whatever your security role, you'll learn how to save hours, days, or even weeks by solving problems in the most efficient and reliable ways possible.
Two of Microsoft's leading cloud security experts show how to: Implement a comprehensive new security paradigm designed specifically for cloud and hybrid en ...
Most security professionals don't have the words security or hacker in their job title. Instead, as a developer or admin you often have to fit in security alongside your official responsibilities - building and maintaining computer systems. Implement the basics of good security now, and you'll have a solid foundation if you bring in a dedicated security staff later. Identify the weaknesses in your system, and defend against the attacks most likely to compromise your organization, without needing to become a trained security professional.
Computer security is a complex issue. But you don't have to be an expert in all the esoteric details to prevent many common attacks. Attackers are opportunistic and won't use a complex attack when a simple one will do. You can get a lot of benefit without too much complexity, by putting systems and processes in place that ensure you aren't making the obvious mistakes. Secure your systems better, with ...
Dynamic SQL, 2nd Edition
Take a deep dive into the many uses of dynamic SQL in Microsoft SQL Server. This edition has been updated to use the newest features in SQL Server 2016 and SQL Server 2017 as well as incorporating the changing landscape of analytics and database administration. Code examples have been updated with new system objects and functions to improve efficiency and maintainability.
Executing dynamic SQL is key to large-scale searching based on user-entered criteria. Dynamic SQL can generate lists of values and even code with minimal impact on performance. Dynamic SQL enables dynamic pivoting of data for business intelligence solutions as well as customizing of database objects. Yet dynamic SQL is feared by many due to concerns over SQL injection or code maintainability.
Dynamic SQL: Applications, Performance, and Security in Microsoft SQL Server helps you bring the productivity and user-satisfaction of flexible and responsive applications to your organization safely and securely. Y ...
Financial Cybersecurity Risk Management
Understand critical cybersecurity and risk perspectives, insights, and tools for the leaders of complex financial systems and markets. This book offers guidance for decision makers and helps establish a framework for communication between cyber leaders and front-line professionals. Information is provided to help in the analysis of cyber challenges and choosing between risk treatment options.
Financial cybersecurity is a complex, systemic risk challenge that includes technological and operational elements. The interconnectedness of financial systems and markets creates dynamic, high-risk environments where organizational security is greatly impacted by the level of security effectiveness of partners, counterparties, and other external organizations. The result is a high-risk environment with a growing need for cooperation between enterprises that are otherwise direct competitors. There is a new normal of continuous attack pressures that produce unpreceden ...