Security eBooks
Cybersecurity for Executives
Practical guide that can be used by executives to make well-informed decisions on cybersecurity issues to better protect their business. Emphasizes, in a direct and uncomplicated way, how executives can identify, understand, assess, and mitigate risks associated with cybersecurity issues; Covers 'What to Do When You Get Hacked?' including Business Continuity and Disaster Recovery planning, Public Relations, Legal and Regulatory issues, and Notifications and Disclosures; Provides steps for integrating cybersecurity into Strategy; Policy and Guidelines; Change Management and Personnel Management; Identifies cybersecurity best practices that executives can and should use both in the office and at home to protect their vital information. ...
Practical guide that can be used by executives to make well-informed decisions on cybersecurity issues to better protect their business. Emphasizes, in a direct and uncomplicated way, how executives can identify, understand, assess, and mitigate risks associated with cybersecurity issues; Covers 'What to Do When You Get Hacked?' including Business Continuity and Disaster Recovery planning, Public Relations, Legal and Regulatory issues, and Notifications and Disclosures; Provides steps for integrating cybersecurity into Strategy; Policy and Guidelines; Change Management and Personnel Management; Identifies cybersecurity best practices that executives can and should use both in the office and at home to protect their vital information. ...
Advanced API Security
Advanced API Security is a complete reference to the next wave of challenges in enterprise security - securing public and private APIs. API adoption in both consumer and enterprises has gone beyond predictions. It has become the 'coolest' way of exposing business functionalities to the outside world. Both your public and private APIs, need to be protected, monitored and managed. Security is not an afterthought, but API security has evolved a lot in last five years. The growth of standards, out there, has been exponential. ...
Advanced API Security is a complete reference to the next wave of challenges in enterprise security - securing public and private APIs. API adoption in both consumer and enterprises has gone beyond predictions. It has become the 'coolest' way of exposing business functionalities to the outside world. Both your public and private APIs, need to be protected, monitored and managed. Security is not an afterthought, but API security has evolved a lot in last five years. The growth of standards, out there, has been exponential. ...
Building the Infrastructure for Cloud Security
For cloud users and providers alike, security is an everyday concern, yet there are very few books covering cloud security as a main subject. This book will help address this information gap from an Information Technology solution and usage-centric view of cloud infrastructure security. The book highlights the fundamental technology components necessary to build and enable trusted clouds. Here also is an explanation of the security and compliance challenges organizations face as they migrate mission-critical applications to the cloud, and how trusted clouds, that have their integrity rooted in hardware, can address these challenges. ...
For cloud users and providers alike, security is an everyday concern, yet there are very few books covering cloud security as a main subject. This book will help address this information gap from an Information Technology solution and usage-centric view of cloud infrastructure security. The book highlights the fundamental technology components necessary to build and enable trusted clouds. Here also is an explanation of the security and compliance challenges organizations face as they migrate mission-critical applications to the cloud, and how trusted clouds, that have their integrity rooted in hardware, can address these challenges. ...
The InfoSec Handbook
The InfoSec Handbook offers the reader an organized layout of information that is easily read and understood. Allowing beginners to enter the field and understand the key concepts and ideas, while still keeping the experienced readers updated on topics and concepts. It is intended mainly for beginners to the field of information security written in a way that makes it easy for them to understand the detailed content of the book. The book offers a practical and simple view of the security practices while still offering somewhat technical and detailed information relating to security. It helps the reader build a strong foundation of information, allowing them to move forward from the book with a larger knowledge base. ...
The InfoSec Handbook offers the reader an organized layout of information that is easily read and understood. Allowing beginners to enter the field and understand the key concepts and ideas, while still keeping the experienced readers updated on topics and concepts. It is intended mainly for beginners to the field of information security written in a way that makes it easy for them to understand the detailed content of the book. The book offers a practical and simple view of the security practices while still offering somewhat technical and detailed information relating to security. It helps the reader build a strong foundation of information, allowing them to move forward from the book with a larger knowledge base. ...
Platform Embedded Security Technology Revealed
Platform Embedded Security Technology Revealed is an in-depth introduction to Intel's platform embedded solution: the security and management engine. The engine is shipped inside most Intel platforms for servers, personal computers, tablets, and smartphones. The engine realizes advanced security and management functionalities and protects applications' secrets and users' privacy in a secure, light-weight, and inexpensive way. Besides native built-in features, it allows third-party software vendors to develop applications that take advantage of the security infrastructures offered by the engine. Intel's security and management engine is technologically unique and significant, but is largely unknown to many members of the tech communities who could potentially benefit from it. Platform Embedded Security Technology Revealed reveals technical details of the engine. ...
Platform Embedded Security Technology Revealed is an in-depth introduction to Intel's platform embedded solution: the security and management engine. The engine is shipped inside most Intel platforms for servers, personal computers, tablets, and smartphones. The engine realizes advanced security and management functionalities and protects applications' secrets and users' privacy in a secure, light-weight, and inexpensive way. Besides native built-in features, it allows third-party software vendors to develop applications that take advantage of the security infrastructures offered by the engine. Intel's security and management engine is technologically unique and significant, but is largely unknown to many members of the tech communities who could potentially benefit from it. Platform Embedded Security Technology Revealed reveals technical details of the engine. ...
Learning Nessus for Penetration Testing
IT security is a vast and exciting domain, with vulnerability assessment and penetration testing being the most important and commonly performed security activities across organizations today. The Nessus tool gives the end user the ability to perform these kinds of security tests quickly and effectively. Nessus is a widely used tool for vulnerability assessment, and Learning Nessus for Penetration Testing gives you a comprehensive insight into the use of this tool. This book is a step-by-step guide that will teach you about the various options available in the Nessus vulnerability scanner tool so you can conduct a vulnerability assessment that helps to identify exposures in IT infrastructure quickly and efficiently. This book will also give you an insight into penetration testing and how to conduct compliance checks using Nessus. ...
IT security is a vast and exciting domain, with vulnerability assessment and penetration testing being the most important and commonly performed security activities across organizations today. The Nessus tool gives the end user the ability to perform these kinds of security tests quickly and effectively. Nessus is a widely used tool for vulnerability assessment, and Learning Nessus for Penetration Testing gives you a comprehensive insight into the use of this tool. This book is a step-by-step guide that will teach you about the various options available in the Nessus vulnerability scanner tool so you can conduct a vulnerability assessment that helps to identify exposures in IT infrastructure quickly and efficiently. This book will also give you an insight into penetration testing and how to conduct compliance checks using Nessus. ...
JavaScript Security
This book starts off with an introduction to JavaScript security and gives you an overview of the basic functions JavaScript can perform on the Web, both on the client side and the server side. It demonstrates a couple of ways in which RESTful APIs can be laden with security flaws. You will also create a simple RESTful server using Express.js and Node.js. You will then focus on one of the most common JavaScript security attacks, cross-site scripting, and how to prevent cross-site scripting and cross-site forgery. Last but not least, the book covers JavaScript phishing, how it works, and ways to counter it. By the end of this book, you will be able to identify various risks of JavaScript and how to prevent them. ...
This book starts off with an introduction to JavaScript security and gives you an overview of the basic functions JavaScript can perform on the Web, both on the client side and the server side. It demonstrates a couple of ways in which RESTful APIs can be laden with security flaws. You will also create a simple RESTful server using Express.js and Node.js. You will then focus on one of the most common JavaScript security attacks, cross-site scripting, and how to prevent cross-site scripting and cross-site forgery. Last but not least, the book covers JavaScript phishing, how it works, and ways to counter it. By the end of this book, you will be able to identify various risks of JavaScript and how to prevent them. ...
Practical Hadoop Security
clusters. A detailed guide to the security options and configuration within Hadoop itself, author Bhushan Lakhe takes you through a comprehensive study of how to implement defined security within a Hadoop cluster in a hands-on way. You will start with a detailed overview of all the security options available for Hadoop, including popular extensions like Kerberos and OpenSSH, and then delve into a hands-on implementation of user security (with illustrated code samples) with both in-the-box features and with security extensions implemented by leading vendors. ...
clusters. A detailed guide to the security options and configuration within Hadoop itself, author Bhushan Lakhe takes you through a comprehensive study of how to implement defined security within a Hadoop cluster in a hands-on way. You will start with a detailed overview of all the security options available for Hadoop, including popular extensions like Kerberos and OpenSSH, and then delve into a hands-on implementation of user security (with illustrated code samples) with both in-the-box features and with security extensions implemented by leading vendors. ...
Android Security Internals
There are more than one billion Android devices in use today, each one a potential target. Unfortunately, many fundamental Android security features have been little more than a black box to all but the most elite security professionals - until now. In Android Security Internals, top Android security expert Nikolay Elenkov takes us under the hood of the Android security system. Elenkov describes Android security architecture from the bottom up, delving into the implementation of major security-related components and subsystems, like Binder IPC, permissions, cryptographic providers, and device administration. ...
There are more than one billion Android devices in use today, each one a potential target. Unfortunately, many fundamental Android security features have been little more than a black box to all but the most elite security professionals - until now. In Android Security Internals, top Android security expert Nikolay Elenkov takes us under the hood of the Android security system. Elenkov describes Android security architecture from the bottom up, delving into the implementation of major security-related components and subsystems, like Binder IPC, permissions, cryptographic providers, and device administration. ...
The Manager's Guide to Web Application Security
The Manager's Guide to Web Application Security is a concise, information-packed guide to application security risks every organization faces, written in plain language, with guidance on how to deal with those issues quickly and effectively. Often, security vulnerabilities are difficult to understand and quantify because they are the result of intricate programming deficiencies and highly technical issues. Author and noted industry expert Ron Lepofsky breaks down the technical barrier and identifies many real-world examples of security vulnerabilities commonly found by IT security auditors, translates them into business risks with identifiable consequences, and provides practical guidance about mitigating them. ...
The Manager's Guide to Web Application Security is a concise, information-packed guide to application security risks every organization faces, written in plain language, with guidance on how to deal with those issues quickly and effectively. Often, security vulnerabilities are difficult to understand and quantify because they are the result of intricate programming deficiencies and highly technical issues. Author and noted industry expert Ron Lepofsky breaks down the technical barrier and identifies many real-world examples of security vulnerabilities commonly found by IT security auditors, translates them into business risks with identifiable consequences, and provides practical guidance about mitigating them. ...
Hyper-V Security
Keeping systems safe and secure is a new challenge for Hyper-V Administrators. As critical data and systems are transitioned from traditional hardware installations into hypervisor guests, it becomes essential to know how to defend your virtual operating systems from intruders and hackers. Hyper-V Security is a rapid guide on how to defend your virtual environment from attack. This book takes you step by step through your architecture, showing you practical security solutions to apply in every area. After the basics, you'll learn methods to secure your hosts, delegate security through the web portal, and reduce malware threats. ...
Keeping systems safe and secure is a new challenge for Hyper-V Administrators. As critical data and systems are transitioned from traditional hardware installations into hypervisor guests, it becomes essential to know how to defend your virtual operating systems from intruders and hackers. Hyper-V Security is a rapid guide on how to defend your virtual environment from attack. This book takes you step by step through your architecture, showing you practical security solutions to apply in every area. After the basics, you'll learn methods to secure your hosts, delegate security through the web portal, and reduce malware threats. ...