Security eBooks
Enterprise Cybersecurity Study Guide
Use the methodology in this study guide to design, manage, and operate a balanced enterprise cybersecurity program that is pragmatic and realistic in the face of resource constraints and other real-world limitations. This guide is an instructional companion to the book Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats. The study guide will help you understand the book's ideas and put them to work. The guide can be used for self-study or in the classroom. Enterprise cybersecurity is about implementing a cyberdefense program that will succeed in defending against real-world attacks. While we often know what should be done, the resources to do it often are not sufficient. The reality is that the Cybersecurity Conundrum - what the defenders request, what the frameworks specify, and what the budget allows versus what the attackers exploit - gets in the way of what needs to be done. Cyberattacks in the headlines affectin ...
Use the methodology in this study guide to design, manage, and operate a balanced enterprise cybersecurity program that is pragmatic and realistic in the face of resource constraints and other real-world limitations. This guide is an instructional companion to the book Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats. The study guide will help you understand the book's ideas and put them to work. The guide can be used for self-study or in the classroom. Enterprise cybersecurity is about implementing a cyberdefense program that will succeed in defending against real-world attacks. While we often know what should be done, the resources to do it often are not sufficient. The reality is that the Cybersecurity Conundrum - what the defenders request, what the frameworks specify, and what the budget allows versus what the attackers exploit - gets in the way of what needs to be done. Cyberattacks in the headlines affectin ...
Guide to Computer Network Security, 4th Edition
This definitive text/reference on computer network and information security presents a comprehensive guide to the repertoire of security tools, algorithms and best practices mandated by the rapidly evolving ubiquitous technology we are increasingly dependent on. Fully revised and updated, this timely new edition encompasses the latest developments in system resource virtualization, cloud computing models, and mobile computing technology, including a new chapter on the Internet of Things. Topics and features: Highlights the magnitude of the vulnerabilities, weaknesses and loopholes inherent in current computer network technologies; Discusses how to develop effective security solutions, protocols, and best practices for the continuously evolving computing environment; Examines the role of legislation, regulation, and enforcement in securing computing and mobile systems; Describes the burning security issues increasingly brought about by the rapid advances i ...
This definitive text/reference on computer network and information security presents a comprehensive guide to the repertoire of security tools, algorithms and best practices mandated by the rapidly evolving ubiquitous technology we are increasingly dependent on. Fully revised and updated, this timely new edition encompasses the latest developments in system resource virtualization, cloud computing models, and mobile computing technology, including a new chapter on the Internet of Things. Topics and features: Highlights the magnitude of the vulnerabilities, weaknesses and loopholes inherent in current computer network technologies; Discusses how to develop effective security solutions, protocols, and best practices for the continuously evolving computing environment; Examines the role of legislation, regulation, and enforcement in securing computing and mobile systems; Describes the burning security issues increasingly brought about by the rapid advances i ...
Understanding API Security
Gone are the days when it was acceptable for a piece of software to live in its own little silo, disconnected from the outside world. Today, services are expected to be available for programming, mixing, and building into new applications. The web-based Application Programming Interface, or API, is how services make themselves available in this dynamic world. By exposing an API, a service can find new life and utility far beyond what its core functionality was designed to be. But these APIs need to be secured and protected in order to be truly useful. An API that's simply left open to everyone, with no security controls, cannot be used to protect personalized or sensitive information, which severely limits its usefulness. The OAuth delegation and authorization protocol is one of the most popular standards for API security today. Understanding API Security is a selection of chapters from several Manning books that give you some context for how API security ...
Gone are the days when it was acceptable for a piece of software to live in its own little silo, disconnected from the outside world. Today, services are expected to be available for programming, mixing, and building into new applications. The web-based Application Programming Interface, or API, is how services make themselves available in this dynamic world. By exposing an API, a service can find new life and utility far beyond what its core functionality was designed to be. But these APIs need to be secured and protected in order to be truly useful. An API that's simply left open to everyone, with no security controls, cannot be used to protect personalized or sensitive information, which severely limits its usefulness. The OAuth delegation and authorization protocol is one of the most popular standards for API security today. Understanding API Security is a selection of chapters from several Manning books that give you some context for how API security ...
Agile Application Security
Agile continues to be the most adopted software development methodology among organizations worldwide, but it generally hasn't integrated well with traditional security management techniques. And most security professionals aren't up to speed in their understanding and experience of agile development. To help bridge the divide between these two worlds, this practical guide introduces several security tools and techniques adapted specifically to integrate with agile development. Written by security experts and agile veterans, this book begins by introducing security principles to agile practitioners, and agile principles to security practitioners. The authors also reveal problems they encountered in their own experiences with agile security and how they worked to solve them. Add security practices to each stage of your existing development lifecycle; Integrate security with planning, requirements, design, and at the co ...
Agile continues to be the most adopted software development methodology among organizations worldwide, but it generally hasn't integrated well with traditional security management techniques. And most security professionals aren't up to speed in their understanding and experience of agile development. To help bridge the divide between these two worlds, this practical guide introduces several security tools and techniques adapted specifically to integrate with agile development. Written by security experts and agile veterans, this book begins by introducing security principles to agile practitioners, and agile principles to security practitioners. The authors also reveal problems they encountered in their own experiences with agile security and how they worked to solve them. Add security practices to each stage of your existing development lifecycle; Integrate security with planning, requirements, design, and at the co ...
Network Security Through Data Analysis, 2nd Edition
Traditional intrusion detection and logfile analysis are no longer enough to protect today's complex networks. In the updated second edition of this practical guide, security researcher Michael Collins shows InfoSec personnel the latest techniques and tools for collecting and analyzing network traffic datasets. You'll understand how your network is used, and what actions are necessary to harden and defend the systems within it. In three sections, this book examines the process of collecting and organizing data, various tools for analysis, and several different analytic scenarios and techniques. New chapters focus on active monitoring and traffic manipulation, insider threat detection, data mining, regression and machine learning, and other topics. Use sensors to collect network, service, host, and active domain data; Work with the SiLK toolset, Python, and other tools and techniques for manipulating data you collect; Detect unusual phenomena through exploratory data analys ...
Traditional intrusion detection and logfile analysis are no longer enough to protect today's complex networks. In the updated second edition of this practical guide, security researcher Michael Collins shows InfoSec personnel the latest techniques and tools for collecting and analyzing network traffic datasets. You'll understand how your network is used, and what actions are necessary to harden and defend the systems within it. In three sections, this book examines the process of collecting and organizing data, various tools for analysis, and several different analytic scenarios and techniques. New chapters focus on active monitoring and traffic manipulation, insider threat detection, data mining, regression and machine learning, and other topics. Use sensors to collect network, service, host, and active domain data; Work with the SiLK toolset, Python, and other tools and techniques for manipulating data you collect; Detect unusual phenomena through exploratory data analys ...
Gray Hat C#
Learn to use C#'s powerful set of core libraries to automate tedious yet important tasks like fuzzing, performing vulnerability scans, and analyzing malware. With some help from Mono, you'll write your own practical security tools that will run on Windows, OS X, Linux, and even mobile devices. After a crash course in C# and some of its advanced features, you'll learn how to: Generate shellcode in Metasploit to create cross-platform and cross-architecture payloads; Automate Nessus, OpenVAS, and sqlmap to scan for vulnerabilities and exploit SQL injections; Write a .NET decompiler for OS X and Linux; Parse and read offline registry hives to dump system information; Automate the security tools Arachni and Metasploit using their MSGPACK RPCs. Streamline and simplify your workday by making the most of C#'s extensive repertoire of powerful tools and libraries with Gray Hat C#. ...
Learn to use C#'s powerful set of core libraries to automate tedious yet important tasks like fuzzing, performing vulnerability scans, and analyzing malware. With some help from Mono, you'll write your own practical security tools that will run on Windows, OS X, Linux, and even mobile devices. After a crash course in C# and some of its advanced features, you'll learn how to: Generate shellcode in Metasploit to create cross-platform and cross-architecture payloads; Automate Nessus, OpenVAS, and sqlmap to scan for vulnerabilities and exploit SQL injections; Write a .NET decompiler for OS X and Linux; Parse and read offline registry hives to dump system information; Automate the security tools Arachni and Metasploit using their MSGPACK RPCs. Streamline and simplify your workday by making the most of C#'s extensive repertoire of powerful tools and libraries with Gray Hat C#. ...
CompTIA CySA+ Cybersecurity Analyst Certification All-in-One Exam Guide (CS0-001)
This highly effective self-study system provides complete coverage of every objective for the challenging CompTIA CySA+ Cybersecurity Analyst exam. You'll find learning objectives at the beginning of each chapter, exam tips, in-depth explanations, and practice exam questions. All questions closely mirror those on the live test in content, format, and tone. Designed to help you pass exam CS0-001 with ease, this definitive guide also serves as an essential on-the-job reference. ...
This highly effective self-study system provides complete coverage of every objective for the challenging CompTIA CySA+ Cybersecurity Analyst exam. You'll find learning objectives at the beginning of each chapter, exam tips, in-depth explanations, and practice exam questions. All questions closely mirror those on the live test in content, format, and tone. Designed to help you pass exam CS0-001 with ease, this definitive guide also serves as an essential on-the-job reference. ...
Hacking Exposed Malware & Rootkits, 2nd Edition
Thwart debilitating cyber-attacks and dramatically improve your organization's security posture using the proven defense strategies in this thoroughly updated guide. Hacking Exposed Malware and Rootkits: Security Secrets & Solutions, Second Edition fully explains the hacker's latest methods alongside ready-to-deploy countermeasures. Discover how to block pop-up and phishing exploits, terminate embedded code, and identify and eliminate rootkits. You will get up-to-date coverage of intrusion detection, firewall, honeynet, antivirus, and anti-rootkit technology. Learn how malware infects, survives, and propagates across an enterprise; See how hackers develop malicious code and target vulnerable systems; Detect, neutralize, and remove user-mode and kernel-mode rootkits; Use hypervisors and honeypots to uncover and kill virtual rootkits; Defend against keylogging, redirect, click fraud, and identity theft; Block spear phishing, client-side, and embedded-code exploits; Effec ...
Thwart debilitating cyber-attacks and dramatically improve your organization's security posture using the proven defense strategies in this thoroughly updated guide. Hacking Exposed Malware and Rootkits: Security Secrets & Solutions, Second Edition fully explains the hacker's latest methods alongside ready-to-deploy countermeasures. Discover how to block pop-up and phishing exploits, terminate embedded code, and identify and eliminate rootkits. You will get up-to-date coverage of intrusion detection, firewall, honeynet, antivirus, and anti-rootkit technology. Learn how malware infects, survives, and propagates across an enterprise; See how hackers develop malicious code and target vulnerable systems; Detect, neutralize, and remove user-mode and kernel-mode rootkits; Use hypervisors and honeypots to uncover and kill virtual rootkits; Defend against keylogging, redirect, click fraud, and identity theft; Block spear phishing, client-side, and embedded-code exploits; Effec ...
Hacking Exposed Industrial Control Systems
This hands-on guide exposes the devious methods cyber threat actors use to compromise the hardware and software central to petroleum pipelines, electrical grids, and nuclear refineries. Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets and Solutions shows, step-by-step, how to implement and maintain an ICS-focused risk mitigation framework that is targeted, efficient, and cost-effective. The book arms you with the skills necessary to defend against attacks that are debilitating? and potentially deadly. See how to assess risk, perform ICS-specific threat modeling, carry out penetration tests using "ICS safe" methods, and block malware. Throughout, the authors use case studies of notorious attacks to illustrate vulnerabilities alongside actionable, ready-to-deploy countermeasures. Assess your exposure and develop an effective risk management plan; Adopt the latest ICS-focused threat intelligence techniques; Use threat modeling to create realistic risk s ...
This hands-on guide exposes the devious methods cyber threat actors use to compromise the hardware and software central to petroleum pipelines, electrical grids, and nuclear refineries. Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets and Solutions shows, step-by-step, how to implement and maintain an ICS-focused risk mitigation framework that is targeted, efficient, and cost-effective. The book arms you with the skills necessary to defend against attacks that are debilitating? and potentially deadly. See how to assess risk, perform ICS-specific threat modeling, carry out penetration tests using "ICS safe" methods, and block malware. Throughout, the authors use case studies of notorious attacks to illustrate vulnerabilities alongside actionable, ready-to-deploy countermeasures. Assess your exposure and develop an effective risk management plan; Adopt the latest ICS-focused threat intelligence techniques; Use threat modeling to create realistic risk s ...
Mastering Kali Linux Wireless Pentesting
Kali Linux is a Debian-based Linux distribution designed for digital forensics and penetration testing. It gives access to a large collection of security-related tools for professional security testing - some of the major ones being Nmap, Aircrack-ng, Wireshark, and Metasploit. This book will take you on a journey where you will learn to master advanced tools and techniques to conduct wireless penetration testing with Kali Linux. You will begin by gaining an understanding of setting up and optimizing your penetration testing environment for wireless assessments. Then, the book will take you through a typical assessment from reconnaissance, information gathering, and scanning the network through exploitation and data extraction from your target. You will get to know various ways to compromise the wireless network using browser exploits, vulnerabilities in firmware, web-based attacks, client-side exploits, and many other hacking methods. You will also discover how to crack w ...
Kali Linux is a Debian-based Linux distribution designed for digital forensics and penetration testing. It gives access to a large collection of security-related tools for professional security testing - some of the major ones being Nmap, Aircrack-ng, Wireshark, and Metasploit. This book will take you on a journey where you will learn to master advanced tools and techniques to conduct wireless penetration testing with Kali Linux. You will begin by gaining an understanding of setting up and optimizing your penetration testing environment for wireless assessments. Then, the book will take you through a typical assessment from reconnaissance, information gathering, and scanning the network through exploitation and data extraction from your target. You will get to know various ways to compromise the wireless network using browser exploits, vulnerabilities in firmware, web-based attacks, client-side exploits, and many other hacking methods. You will also discover how to crack w ...
Identity and Data Security for Web Development
Balancing usability and security when building a website or app can be incredibly difficult. This practical book teaches you a results-driven approach for accomplishing both without compromising either. Not only will you learn what to be aware of when building your systems, but also how to build a solid identity infrastructure across devices that's both usable and secure. You'll be able to harden your data infrastructure and privileged user information, while using common techniques to prevent data breaches. You'll also take a look at future technology that will impact data and identity security. ...
Balancing usability and security when building a website or app can be incredibly difficult. This practical book teaches you a results-driven approach for accomplishing both without compromising either. Not only will you learn what to be aware of when building your systems, but also how to build a solid identity infrastructure across devices that's both usable and secure. You'll be able to harden your data infrastructure and privileged user information, while using common techniques to prevent data breaches. You'll also take a look at future technology that will impact data and identity security. ...