Book Description

Discover all the security risks and exploits that can threaten iOS-based mobile devicesiOS is Apple’s mobile operating system for the iPhone and iPad. With the introduction of iOS5, many security issues have come to light. This book explains and discusses them all. The award-winning author team, experts in Mac and iOS security, examines the vulnerabilities and the internals of iOS to show how attacks can be mitigated. The book explains how the operating system works, its overall security architecture, and the security risks associated with it, as well as exploits, rootkits, and other payloads developed for it.

• Covers iOS security architecture, vulnerability hunting, exploit writing, and how iOS jailbreaks work
• Explores iOS enterprise and encryption, code signing and memory protection, sandboxing, iPhone fuzzing, exploitation, ROP payloads, and baseband attacks
• Also examines kernel debugging and exploitation
• Companion website includes source code and tools to facilitate your efforts

iOS Hacker’s Handbook arms you with the tools needed to identify, understand, and foil iOS attacks.

From the Back Cover
They can crack the code. Here’s how to stop them.

The world loves iOS. Users love the convenience. Black hats love the vulnerability. This book arms you with the knowledge and tools to protect your organization’s iOS devices. If you’re a developer, it will also help you create hack-resistant applications.

These highly qualified iOS experts review iOS security architecture, examine the internals, and reveal the vulnerabilities. They show you how iOS jailbreaks work and explore encryption, code signing and memory protection, sandboxing, iPhone fuzzing, exploitation, ROP payloads, and baseband attacks. Here’s a complete toolkit for defending your iOS devices.

• Examine the internals and identify the vulnerabilities of iOS
• Explore all the elements of encryption, vulnerability hunting, and exploit writing
• Review some common payloads and see what can and can’t be done on iOS with ROP
• Learn more about kernel debugging and exploitation, with an overview of kernel structure and a look at auditing IOKit drivers
• Look at techniques for fuzzing PDF and PowerPoint® documents in MobileSafari
• Study different jailbreak types

Source code and additional tools are available at www.wiley.com/go/ioshackershandbook

Book Details

• Paperback: 408 pages
• Publisher: Wiley (May 2012)
• Language: English
• ISBN-10: 1118204123
• ISBN-13: 978-1118204122

Related Posts

• Using Mac OS X Lion Server (04-04-2012)
• Take Control of Your Paperless Office (08-12-2010)
• Pro iOS Web Design and Development (12-01-2012)
• Pro Core Data for iOS: Data Access and Persistence Engine for iPhone, iPad, and iPod touch (07-02-2011)
• iOS 4 Programming Cookbook (17-02-2011)
• Beginning iPhone 4 Development: Exploring the iOS SDK (07-02-2011)
• Advanced iOS 4 Programming (25-02-2011)
• Unity iOS Essentials (03-01-2012)
• The Web Designer's Guide to iOS Apps (09-03-2011)
• The Business of iPhone and iPad App Development, 2nd Edition (31-03-2011)

Book Description

Since 2001, the CERT® Insider Threat Center at Carnegie Mellon University’s Software Engineering Institute (SEI) has collected and analyzed information about more than seven hundred insider cyber crimes, ranging from national security espionage to theft of trade secrets. The CERT® Guide to Insider Threats describes CERT’s findings in practical terms, offering specific guidance and countermeasures that can be immediately applied by executives, managers, security officers, and operational staff within any private, government, or military organization.

The authors systematically address attacks by all types of malicious insiders, including current and former employees, contractors, business partners, outsourcers, and even cloud-computing vendors. They cover all major types of insider cyber crime: IT sabotage, intellectual property theft, and fraud. For each, they present a crime profile describing how the crime tends to evolve over time, as well as motivations, attack methods, organizational issues, and precursor warnings that could have helped the organization prevent the incident or detect it earlier. Beyond identifying crucial patterns of suspicious behavior, the authors present concrete defensive measures for protecting both systems and data.

This book also conveys the big picture of the insider threat problem over time: the complex interactions and unintended consequences of existing policies, practices, technology, insider mindsets, and organizational culture. Most important, it offers actionable recommendations for the entire organization, from executive management and board members to IT, data owners, HR, and legal departments.

With this book, you will find out how to

• Identify hidden signs of insider IT sabotage, theft of sensitive information, and fraud
• Recognize insider threats throughout the software development life cycle
• Use advanced threat controls to resist attacks by both technical and nontechnical insiders
• Increase the effectiveness of existing technical security tools by enhancing rules, configurations, and associated business processes
• Prepare for unusual insider attacks, including attacks linked to organized crime or the Internet underground

By implementing this book’s security practices, you will be incorporating protection mechanisms designed to resist the vast majority of malicious insider attacks.

Table of Contents
Chapter 1. Overview
Chapter 2. Insider IT Sabotage
Chapter 3. Insider Theft of Intellectual Property
Chapter 4. Insider Fraud
Chapter 5. Insider Threat Issues in the Software Development Life Cycle
Chapter 6. Best Practices for the Prevention and Detection of Insider Threats
Chapter 7. Technical Insider Threat Controls
Chapter 8. Case Examples
Chapter 9. Conclusion and Miscellaneous Issues

Appendix A. Insider Threat Center Products and Services
Appendix B. Deeper Dive into the Data
Appendix C. CyberSecurity Watch Survey
Appendix D. Insider Threat Database Structure
Appendix E. Insider Threat Training Simulation: MERIT InterActive
Appendix F. System Dynamics Background

Book Details

• Hardcover: 432 pages
• Publisher: Addison-Wesley Professional (January 2012)
• Language: English
• ISBN-10: 0321812573
• ISBN-13: 978-0321812575

Related Posts

• TCP/IP Illustrated, Volume 1: The Protocols, 2nd Edition (05-05-2012)
• Oracle Essentials: Oracle Database 11g, 4th Edition (21-02-2012)
• Introducing Microsoft SQL Server 2012 (04-04-2012)
• Experiences of Test Automation (12-05-2012)
• Cloud Security and Privacy (12-09-2009)
• An Introduction to IMS, 2nd Edition (16-05-2012)
• Visual C# 2010 How to Program, 4th Edition (16-05-2012)
• Ubuntu Unleashed 2012 Edition: Covering 11.10 and 12.04, 7th Edition (15-05-2012)
• Ubuntu Unleashed 2012 Edition: Covering 11.10 and 12.04 (04-02-2012)
• Software Build Systems: Principles and Experience (12-04-2011)

Book Description

Welcome to today’s most useful and practical one-volume introduction to computer security. Chuck Easttom brings together up-to-the-minute coverage of all basic concepts, terminology, and issues, along with all the skills you need to get started in the field. Drawing on his extensive experience as a security instructor and consultant, Easttom thoroughly covers core topics, such as vulnerability assessment, virus attacks, hacking, spyware, network defense, passwords, firewalls, VPNs, and intrusion detection. Writing clearly and simply, he fully addresses crucial issues that many introductory security books ignore, from industrial espionage to cyberbullying.

Computer Security Fundamentals, Second Edition is packed with tips and examples, all extensively updated for the state-of-the-art in both attacks and defense. Each chapter offers exercises, projects, and review questions designed to deepen your understanding and help you apply all you’ve learned. Whether you’re a student, a system or network administrator, a manager, or a law enforcement professional, this book will help you protect your systems and data and expand your career options.

Learn how to:

• Identify the worst threats to your network and assess your risks
• Get inside the minds of hackers, so you can prevent their attacks
• Implement a proven layered approach to network security
• Use basic networking knowledge to improve security
• Resist the full spectrum of Internet-based scams and frauds
• Defend against today’s most common Denial of Service (DoS) attacks
• Prevent attacks by viruses, spyware, and other malware
• Protect against low-tech social engineering attacks
• Choose the best encryption methods for your organization
• Select firewalls and other security technologies
• Implement security policies that will work in your environment
• Scan your network for vulnerabilities
• Evaluate potential security consultants
• Understand cyberterrorism and information warfare
• Master basic computer forensics and know what to do after you’re attacked

Book Details

• Paperback: 352 pages
• Publisher: Pearson IT Certification; 2nd Edition (December 2011)
• Language: English
• ISBN-10: 0789748908
• ISBN-13: 978-0789748904

Related Posts

• CompTIA Security+ SY0-301 Authorized Cert Guide, 2nd Edition (09-05-2012)
• SSL Remote Access VPNs (14-05-2012)
• TCP/IP Illustrated, Volume 1: The Protocols, 2nd Edition (05-05-2012)
• Endpoint Security (13-02-2012)
• Designing Cisco Network Service Architectures (ARCH) Foundation Learning Guide, 3rd Edition (07-05-2012)
• Building Resilient IP Networks (14-05-2012)
• Ubuntu Unleashed 2012 Edition: Covering 11.10 and 12.04, 7th Edition (15-05-2012)
• Taking Your Kindle Fire to the Max (30-04-2012)
• Security Power Tools (07-06-2011)
• Programming Collective Intelligence (04-04-2012)

Book Description

Learn, prepare, and practice for CompTIA Security+ SY0-301exam success with this CompTIA Authorized Cert Guide, Deluxe Edition from Pearson IT Certification, a leader in IT Certification learning and a CompTIA Authorized Platinum Partner. DVD features three complete practice exams, complete video solutions to the 25 hands-on labs, plus 25 interactive flash-based learning activities that include drag-n-drop and matching to reinforce the learning.

• Master CompTIA’s Security+ SY0-301 exam topics
• Assess your knowledge with chapter-ending quizzes
• Review key concepts with exam preparation tasks
• Practice with realistic exam questions on the DVD
• Includes complete video solutions to the 25 hands-on labs
• Plus 25 interactive learning activities on key exam topics

CompTIA Security+ SY0-301 Authorized Cert Guide, Deluxe Edition includes video solutions to the hands-on labs, practice tests, and interactive activities that let the reader learn by doing. Best-selling author and expert instructor David Prowse shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

The book presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your approach to passing the exam.

The companion Deluxe Edition DVD contains the powerful Pearson IT Certification Practice Test engine, with three complete practice exams and hundreds of exam-realistic questions. The assessment engine offers you a wealth of customization options and reporting features, laying out a complete assessment of your knowledge to help you focus your study where it is needed most. The Deluxe Edition DVD also includes complete video solutions to the 25 hands-on labs in the book and 25 interactive learning activities on key exam topics to reinforce the learning by doing. Learning activities such as test password strength, match the type of Malware with its definition, find the security issues in the network map, and disallow a user access to the network on Saturday and Sunday.

Interactive Learning Activities:

• 2.1 Filtering Emails
• 2.2 Malware Types
• 2.3 Securing the BIOS
• 3.1 Stopping Services in the Command Prompt
• 3.2 Patch Management
• 5.1 Port Numbers, Part 1
• 5.2 Port Numbers, Part 2
• 5.3 Port Numbers, Part 3
• 5.4 Network Attacks, Part 1
• 5.5 Network Attacks, Part 2
• 5.6 Network Attacks, Part 3
• 5.7 Network Attacks, Part 4
• 6.1 Network Security
• 7.1 Password Strength
• 8.1 802.1X Components
• 8.2 Authentication Types
• 9.1 Access Control Models
• 9.2 Configuring Logon Hours
• 10.1 Risk Assessment, Part 1
• 10.2 Risk Assessment, Part 2
• 10.3 Vulnerability Management Process
• 11.1 Packet Analysis
• 12.1 Symmetric and Asymmetric Algorithms
• 14.1 RAID Levls
• 15.1 Social Engineering Types

Hands-On Labs:

• 2-1 Using Free Malware Scanning Programs
• 2-2 How to Secure the BIOS
• 3-1 Discerning & Updating Service Pack Level
• 3-2 Creating a Virtual Machine
• 3-3 Securing a Virtual Machine
• 4-1 Securing the Browser
• 4-2 Disabling Applications
• 5-1 Port Scanning Basics
• 6-1 Packet Filtering and NAT Firewalls
• 6-2 Configuring Inbound Filter on a Firewall
• 6-3 Enabling MAC Filtering
• 7-1 Securing a Wireless Device: 8 Steps
• 7-2 Wardriving and the Cure
• 8-1 Enabling 802.1X on a Network Adapter
• 8-2 Setting Up a VPN
• 9-1 Password Policies and User Accounts
• 9-2 Configuring User and Group Permissions
• 10-1 Mapping and Scanning the Network
• 10-2 Password Cracking and Defense
• 11-1 Using Protocol Analyzers
• 12-1 Disabling LM Hash in Windows Server 2003
• 13-1 A Basic Example of PKI
• 13-2 Making an SSH Connection
• 14-1 Configuring RAID 1 and 5
• 16-1 How to Approach Exam Questions

Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this CompTIA authorized study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

The CompTIA authorized study guide helps you master all the topics on the Security+ exam, including

• Core computer system security
• OS hardening and virtualization
• Application security
• Network design elements and threats
• Perimeter security
• Network media and devices security
• Physical security and authentication models
• Access control
• Vulnerability and risk assessment
• Monitoring and auditing
• Cryptography, including PKI
• Redundancy and disaster recovery
• Policies and procedures

Book Details

• Hardcover: 800 pages
• Publisher: Pearson IT Certification; 2nd Edition (December 2011)
• Language: English
• ISBN-10: 0789748274
• ISBN-13: 978-0789748270

Related Posts

• TCP/IP Illustrated, Volume 1: The Protocols, 2nd Edition (05-05-2012)
• Computer Security Fundamentals, 2nd Edition (09-05-2012)
• Ubuntu Unleashed 2012 Edition: Covering 11.10 and 12.04 (04-02-2012)
• SSL Remote Access VPNs (14-05-2012)
• MCTS 70-642 Exam Cram: Windows Server 2008 Network Infrastructure, Configuring (21-05-2011)
• Introducing Microsoft SQL Server 2012 (04-04-2012)
• CCENT/CCNA ICND1 640-822: Official Cert Guide, 3rd Edition (13-02-2012)
• Ubuntu Unleashed 2012 Edition: Covering 11.10 and 12.04, 7th Edition (15-05-2012)
• Foundations of CentOS Linux (26-11-2009)
• Endpoint Security (13-02-2012)

Book Description

CompTIA® Security+ Exam Cram, Third Edition, is the perfect study guide to help you pass CompTIA’s newly updated version of the Security+ exam. It provides coverage and practice questions for every exam topic. The book contains a set of 200 questions in two full practice exams. The CD-ROM contains the powerful Pearson IT Certification Practice Test engine that provides real-time practice and feedback with all the questions so you can simulate the exam.

Covers the critical information you need to know to score higher on your Security+ exam!

• Master and implement general security best practices
• Systematically identify threats and risks to your systems
• Harden systems by eliminating nonessential services
• Secure your communications, networks, and infrastructure
• Systematically identify and protect against online vulnerabilities
• Implement effective access control and authentication
• Create security baselines and audit your security infrastructure
• Understand cryptographic principles, and effectively deploy cryptographic solutions
• Organize security from both a technical and organizational standpoint
• Manage every facet of security, including education and documentation
• Understand the laws related to IT security, and the basics of forensic investigations

Kirk Hausman (CISSP, CISA, CRISC, Security+) has worked as an ISO, consultant, trainer, and IT director. He is Assistant Commandant for IT at TAMU and teaches InfoSec topics as an Adjunct Professor at UMUC and UAT.

Martin Weiss (CISSP, CISA, Security+, MCSE) leads a team of information security experts at Symantec supporting solutions to provide confidence in a connected world.

Diane Barrett (CISSP, MCSE, A+, Security+) is the director of training for Paraben Corporation and an adjunct professor for American Military University.

Book Details

• Paperback: 552 pages
• Publisher: Pearson IT Certification; 3rd Edition (December 2011)
• Language: English
• ISBN-10: 0789748290
• ISBN-13: 978-0789748294

Related Posts

• CompTIA Security+ SY0-301 Authorized Practice Questions Exam Cram, 3rd Edition (09-05-2012)
• MCTS Self-Paced Training Kit (Exam 70-448): Microsoft SQL Server 2008 Business Intelligence Development and Maintenance (06-04-2012)
• Cisco Unified Customer Voice Portal (10-05-2012)
• The CERT Guide to Insider Threats (12-05-2012)
• SSL Remote Access VPNs (14-05-2012)
• Security Administrator Street Smarts, 3rd Edition (29-10-2011)
• MCTS Self-Paced Training Kit (Exam 70-503): Microsoft .NET Framework 3.5 Windows Communication Foundation (06-04-2012)
• CompTIA Security+ SYO-201 Cert Guide (27-01-2011)
• CompTIA Security+ SY0-301 Authorized Cert Guide, 2nd Edition (09-05-2012)
• CompTIA Network+ N10-005 Authorized Exam Cram, 4th Edition (07-05-2012)

Book Description

CompTIA® Security+ SY0-301 Practice Questions Exam Cram, Third Edition, offers all the exam practice you’ll need to systematically prepare, identify and fix areas of weakness, and pass your exam the first time. This book and CD complement any Security+ study plan with more than 800 practice test questions—all supported with complete explanations of every correct and incorrect answer—covering all Security+ exam objectives, including network security; compliance and operation security; threats and vulnerabilities; application, host and data security; access control and identity management; and cryptography.

Covers the critical information you’ll need to know to score higher on your Security+ exam!

• Features more than 800 questions that are organized according to the Security+ exam objectives, so you can easily assess your knowledge of each topic.
• Use our innovative Quick-Check Answer System™ to quickly find answers as you work your way through the questions.
• Each question includes detailed explanations!
• Our popular Cram Sheet, which includes tips, acronyms, and memory joggers, helps you review key facts before you enter the testing center.

Diane M. Barrett (MCSE, CISSP, Security+) is the director of training for Paraben Corporation and an adjunct professor for American Military University. She has done contract forensic and security assessment work for several years and has authored other security and forensic books. She is a regular committee member for ADFSL’s Conference on Digital Forensics, Security and Law, as well as an academy director for Edvancement Solutions. She holds many industry certifications, including CISSP, ISSMP, DFCP, PCME, and Security+. Diane’s education includes a MS in Information Technology with a specialization in Information Security. She expects to complete a PhD in business administration with a specialization in Information Security shortly.

Book Details

• Paperback: 400 pages
• Publisher: Pearson IT Certification; 3rd Edition (December 2011)
• Language: English
• ISBN-10: 0789748282
• ISBN-13: 978-0789748287

Related Posts

• CompTIA Security+ SY0-301 Authorized Exam Cram, 3rd Edition (09-05-2012)
• The CERT Guide to Insider Threats (12-05-2012)
• SharePoint Server 2010 Administration 24-Hour Trainer (13-04-2012)
• Oracle Essentials: Oracle Database 11g, 4th Edition (21-02-2012)
• MCTS Self-Paced Training Kit (Exam 70-448): Microsoft SQL Server 2008 Business Intelligence Development and Maintenance (06-04-2012)
• Introducing Microsoft SQL Server 2012 (04-04-2012)
• CompTIA Security+ SY0-301 Authorized Cert Guide, 2nd Edition (09-05-2012)
• Cisco Unified Customer Voice Portal (10-05-2012)
• BackTrack 4: Assuring Security by Penetration Testing (11-05-2011)
• An Introduction to IMS, 2nd Edition (16-05-2012)

Book Description

While UAG is built to integrate with many environments and publish dozens of application types, many organizations require a certain level of customization to meet their needs.

With this book in hand, you will be equipped to deal with these types of customization scenarios, and you will be confident in using such workarounds without hassle and trial and error.

Written by some of the leading experts on UAG, “Mastering Microsoft Forefront UAG 2010 Customization” covers the most complex and challenging options for customizing UAG in a way that is friendly and easy to follow. It walks you through various customization tasks, including explanations and code samples, as well as creative ideas for troubleshooting your work.

Until now, only a few of the extensions to UAG’s services have been publicly available, and most were only known to a select few. Now, this can include you!

Throughout this book, you will tackle how to change the system’s look-and-feel, deal with advanced authentication schemes and write special functions that need to be executed as part of the client interaction.

With “Mastering Microsoft Forefront UAG 2010 Customization”, you too can learn how to customize various aspects of UAG’s functionality to enhance your organization or customers’ experience.

What you will learn from this book

• Get to grips with customizing the look-and-feel of the log in and portal pages
• Configure UAG for custom authentication, including certificate authentication
• Create custom endpoint detection and policies based on your own scripts
• Take advantage of adjusting content on-the-fly to address application compatibility issues
• Understand how to inject functionality into the log in process
• Go further by performing various text, language, theme and image customizations
• Soak up the knowledge of UAG experts to utilize extension and customization secrets

Approach
“Mastering Microsoft Forefront UAG 2010 Customization” is a hands-on guide with step-by-step instructions for enhancing the functionality of UAG through customization.

Each topic details one key aspect of functionality and the operative mechanism behind it, and suggests functionality that can be achieved with customization, along with helpful code samples.

Who this book is for
Whether you are a seasoned UAG consultant, deployment and support engineer or a UAG customer, this book is for you. Consultants will be able to enhance the services you can provide for UAG customization, while the book helps customers to achieve tasks that have been restricted to the realm of expert consultants until now.

You should have a strofng understanding of the regular functionality of UAG, as well as a solid background in web development (ASP, HTML, CSS and JavaScript) for this book to take you to the next level.

Book Details

• Paperback: 186 pages
• Publisher: Packt Publishing (February 2012)
• Language: English
• ISBN-10: 184968538X
• ISBN-13: 978-1849685382

Related Posts

• Mastering LOB Development for Silverlight 5 (12-04-2012)
• The Rails View: Creating a Beautiful and Maintainable User Experience (20-04-2012)
• Test-Driven JavaScript Development (02-10-2010)
• SilverStripe 2.4 Module Extension, Themes, and Widgets: Beginner's Guide (15-06-2011)
• Sams Teach Yourself HTML, CSS, and JavaScript All in One (04-05-2012)
• Professional jQuery (14-04-2012)
• Pro Smartphone Cross-Platform Development (23-10-2010)
• Pro jQuery (02-03-2012)
• Pro HTML5 Accessibility (28-04-2012)
• Learn JavaScript and Ajax with w3Schools (25-02-2011)

Book Description

Take control—and put the built-in security and privacy features in Microsoft Office to work! Whether downloading documents, publishing a presentation, or collaborating online—this guide offers concise, how-to guidance and best practices to help protect your documents and your ideas.

• Get practical, proactive guidance for using the security and privacy management features in Office 2010 and Office 365
• Walk through everyday scenarios, and discover everyday techniques that help you take charge
• Understand common risks and learn best practices you can apply right away

Table of Contents
Chapter 1. Why Should I Care?
Chapter 2. Alice Downloads a Document
Chapter 3. Bob Prepares a Policy
Chapter 4. Carol Collaborates on Some Content

Appendix A. Learn More
Appendix B. About the Author

About the Author
Mitch Tulloch is a widely recognized expert on Windows administration and has been awarded Microsoft Most Valuable Professional (MVP) status for his contributions supporting those who deploy and use Microsoft platforms, products, and solutions.

Book Details

• Paperback: 72 pages
• Publisher: Microsoft Press (March 2012)
• Language: English
• ISBN-10: 0735668833
• ISBN-13: 978-0735668836

Related Posts

• Windows Server 2008 R2 Unleashed (05-02-2010)
• Windows Server 2008 How-To (01-03-2010)
• Professional Microsoft SQL Server 2012 Administration (14-04-2012)
• Professional Microsoft SQL Server 2008 Administration (19-01-2012)
• Microsoft SQL Server 2012 Pocket Consultant (08-03-2012)
• Microsoft SQL Server 2008 Management and Administration (11-04-2011)
• Microsoft SQL Server 2008 Administrator's Pocket Consultant, 2nd Edition (13-04-2010)
• Microsoft SharePoint 2010 Unleashed (19-11-2010)
• Microsoft Forefront Threat Management Gateway (TMG) Administrator's Companion (11-02-2010)
• Introducing Microsoft SQL Server 2012 (04-04-2012)

Book Description

Malware analysis is big business, and attacks can cost a company dearly. When malware breaches your defenses, you need to act quickly to cure current infections and prevent future ones from occurring.

For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts. With this book as your guide, you’ll be able to safely analyze, debug, and disassemble any malicious software that comes your way.

You’ll learn how to:

• Set up a safe virtual environment to analyze malware
• Quickly extract network signatures and host-based indicators
• Use key analysis tools like IDA Pro, OllyDbg, and WinDbg
• Overcome malware tricks like obfuscation, anti-disassembly, anti-debugging, and anti-virtual machine techniques
• Use your newfound knowledge of Windows internals for malware analysis
• Develop a methodology for unpacking malware and get practical experience with five of the most popular packers
• Analyze special cases of malware with shellcode, C++, and 64-bit code

Hands-on labs throughout the book challenge you to practice and synthesize your skills as you dissect real malware samples, and pages of detailed dissections offer an over-the-shoulder look at how the pros do it. You’ll learn how to crack open malware to see how it really works, determine what damage it has done, thoroughly clean your network, and ensure that the malware never comes back.

Table of Contents
Chapter 1. Malware Analysis Primer

Part I: Basic Analysis
Chapter 2. Basic Static Techniques
Chapter 3. Malware Analysis in Virtual Machines
Chapter 4. Basic Dynamic Analysis

Part II: Advanced Static Analysis
Chapter 5. A Crash Course in x86 Disassembly
Chapter 6. IDA Pro
Chapter 7. Recognizing C Code Constructs in Assembly
Chapter 8. Analyzing Malicious Windows Programs

Part III: Advanced Dynamic Analysis
Chapter 9. Debugging
Chapter 10. OllyDbg
Chapter 11. Kernel Debugging with WinDbg

Part IV: Malware Functionality
Chapter 12. Malware Behavior
Chapter 13. Covert Malware Launching
Chapter 14. Data Encoding
Chapter 15. Malware-Focused Network Signatures

Part V: Anti-Reverse-Engineering
Chapter 16. Anti-Disassembly
Chapter 17. Anti-Debugging
Chapter 18. Anti-Virtual Machine Techniques
Chapter 19. Packers and Unpacking

Part VI: Special Topics
Chapter 20. Shellcode Analysis
Chapter 21. C++ Analysis
Chapter 22. 64-Bit Malware

Appendix. Important Windows Functions
Appendix. Tools for Malware Analysis
Appendix. Solutions to Labs

Book Details

Related Posts

• Inside Windows Debugging (18-05-2012)
• Parallel Programming with Intel Parallel Studio XE (23-05-2012)
• WPF Programmer's Reference: Windows Presentation Foundation with C# 2010 and .NET 4 (18-03-2010)
• Programming C# 5.0 (31-03-2012)
• Pro Windows PowerShell (15-07-2009)
• Pro Android Apps Performance Optimization (25-02-2012)
• Practical Computer Vision with SimpleCV (22-05-2012)
• Microsoft SharePoint 2010 Developer's Compendium (11-04-2012)
• Mastering Algorithms with C (15-11-2011)
• Endpoint Security (13-02-2012)

Book Description

A Comprehensive, Proven Approach to Securing All Your Network Endpoints!

Despite massive investments in security technology and training, hackers are increasingly succeeding in attacking networks at their weakest links: their endpoints. Now, leading security expert Mark Kadrich introduces a breakthrough strategy to protecting all your endpoint devices, from desktops and notebooks to PDAs and cellphones.

Drawing on powerful process control techniques, Kadrich shows how to systematically prevent and eliminate network contamination and infestation, safeguard endpoints against today’s newest threats, and prepare yourself for tomorrow’s attacks. As part of his end-to-end strategy, he shows how to utilize technical innovations ranging from network admission control to “trusted computing.”

Unlike traditional “one-size-fits-all” solutions, Kadrich’s approach reflects the unique features of every endpoint, from its applications to its environment. Kadrich presents specific, customized strategies for Windows PCs, notebooks, Unix/Linux workstations, Macs, PDAs, smartphones, cellphones, embedded devices, and more.

You’ll learn how to:

• Recognize dangerous limitations in conventional endpoint security strategies
• Identify the best products, tools, and processes to secure your specific devices and infrastructure
• Configure new endpoints securely and reconfigure existing endpoints to optimize security
• Rapidly identify and remediate compromised endpoint devices
• Systematically defend against new endpoint-focused malware and viruses
• Improve security at the point of integration between endpoints and your network

Whether you’re a security engineer, consultant, administrator, architect, manager, or CSO, this book delivers what you’ve been searching for: a comprehensive endpoint security strategy that works.

Table of Contents
Chapter 1. Defining Endpoints
Chapter 2. Why Security Fails
Chapter 3. Something Is Missing
Chapter 4. Missing Link Discovered
Chapter 5. Endpoints and Network Integration
Chapter 6. Trustworthy Beginnings
Chapter 7. Threat Vectors
Chapter 8. Microsoft Windows
Chapter 9. Apple OS X
Chapter 10. Linux
Chapter 11. PDAs and Smartphones
Chapter 12. Embedded Devices
Chapter 13. Case Studies of Endpoint Security Failures

Book Details

• Paperback: 384 pages
• Publisher: Addison-Wesley Professional (April 2007)
• Language: English
• ISBN-10: 0321436954
• ISBN-13: 978-0321436955

Related Posts

• IBM DB2 9.7 Advanced Application Developer Cookbook (16-04-2012)
• Computer Security Fundamentals, 2nd Edition (09-05-2012)
• CompTIA Security+ SY0-301 Authorized Cert Guide, 2nd Edition (09-05-2012)
• Ubuntu Unleashed 2012 Edition: Covering 11.10 and 12.04, 7th Edition (15-05-2012)
• Ubuntu Unleashed 2012 Edition: Covering 11.10 and 12.04 (04-02-2012)
• The Book of Qt 4 (01-02-2012)
• Switching to the Mac: The Missing Manual, Snow Leopard Edition (18-12-2009)
• SSL Remote Access VPNs (14-05-2012)
• Sams Teach Yourself Networking in 24 Hours, 4th Edition (28-06-2009)
• Pro PHP Security, 2nd Edition (04-01-2011)

Book Description

Learn, prepare, and practice for exam success

CCNP Security IPS 642-627 Official Cert Guide is a best-of-breed Cisco exam study guide that focuses specifically on the objectives for the CCNP Security IPS exam. Senior security engineers David Burns, Odunayo Adesina, and Keith Barker share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

CCNP Security IPS 642-627 Official Cert Guide presents you with an organized test-preparation routine through the use of proven series elements and techniques. “Do I Know This Already?” quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.

The companion CD-ROM contains the powerful Pearson IT Certification Practice Test engine that enables you to focus on individual topic areas or take a complete, timed exam. The assessment engine also tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most.

CCNP Security IPS 642-627 Official Cert Guide is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.

The official study guide helps you master all the topics on the CCNP Security IPS exam, including

• Cisco IPS software, hardware, and supporting applications
• Network IPS and IDS deployment architecture
• Installing and maintaining Cisco IPS physical and virtual sensors
• Traffic analysis
• IPS signatures and responses
• Anomaly-based operations
• Improving alarm response and quality
• Managing and analyzing events
• High availability and performance
• IPS modules for ASAs, routers, and switches

Book Details

• Hardcover: 672 pages
• Publisher: Cisco Press (October 2011)
• Language: English
• ISBN-10: 1587142554
• ISBN-13: 978-1587142550

Related Posts

• CCENT/CCNA ICND1 640-822: Official Cert Guide, 3rd Edition (13-02-2012)
• CCNA ICND2 640-816: Official Cert Guide, 3rd Edition (13-02-2012)
• Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century (26-08-2011)
• Designing Cisco Network Service Architectures (ARCH) Foundation Learning Guide, 3rd Edition (07-05-2012)
• Sams Teach Yourself TCP/IP in 24 Hours, 5th Edition (14-02-2012)
• Penetration Testing and Network Defense (23-08-2011)
• MCTS Self-Paced Training Kit (Exam 70-503): Microsoft .NET Framework 3.5 Windows Communication Foundation (06-04-2012)
• MCTS Self-Paced Training Kit (Exam 70-448): Microsoft SQL Server 2008 Business Intelligence Development and Maintenance (06-04-2012)
• Introducing Microsoft SQL Server 2012 (04-04-2012)
• CCNP Security VPN 642-647 Official Cert Guide (19-08-2011)

Book Description

A tactical guide to installing, implementing, optimizing, and supporting SSH in order to secure your network

Prevent unwanted hacker attacks! This detailed guide will show you how to strengthen your company system’s defenses, keep critical data secure, and add to the functionality of your network by deploying SSH. Security expert Himanshu Dwivedi shows you ways to implement SSH on virtually all operating systems, desktops, and servers, so your system is safe, secure, and stable. Learn how SSH fulfills all the core items in security, including authentication, authorization, encryption, integrity, and auditing. Also, discover methods to optimize the protocol for security and functionality on Unix®, Windows®, and network architecture environments. Additionally, find out about the similarities and differences of the major SSH servers and clients.

With the help of numerous architectural examples and case studies, you’ll gain the necessary skills to:

• Explore many remote access solutions, including the theory, setup, and configuration of port forwarding
• Take advantage of features such as secure e-mail, proxy, and dynamic port forwarding
• Use SSH on network devices that are traditionally managed by Telnet
• Utilize SSH as a VPN solution in both a server and client aspect
• Replace insecure protocols such as Rsh, Rlogin, and FTP
• Use SSH to secure Web browsing and as a secure wireless (802.11) solution

Table of Contents
Part 1: SSH Basics
Chapter 1. Overview of SSH
Chapter 2. SSH Servers
Chapter 3. Secure Shell Clients
Chapter 4. Authentication
Chapter 5. SSH Management

Part 2: Remote Access Solutions
Chapter 6. SSH Port Forwarding
Chapter 7. Secure Remote Access

Part 3: Protocol Replacement
Chapter 8. SSH Versatility
Chapter 9. Proxy Technologies in a secure Web Environment
Chapter 10. SSH Case Studies

Book Details

• Paperback: 402 pages
• Publisher: Wiley (October 2003)
• Language: English
• ISBN-10: 0471458805
• ISBN-13: 978-0471458807

Related Posts

• Pro PHP Security, 2nd Edition (04-01-2011)
• Ubuntu Unleashed 2012 Edition: Covering 11.10 and 12.04 (04-02-2012)
• Endpoint Security (13-02-2012)
• CompTIA Security+ SY0-301 Authorized Cert Guide, 2nd Edition (09-05-2012)
• Ubuntu Unleashed 2012 Edition: Covering 11.10 and 12.04, 7th Edition (15-05-2012)
• The Linux Command Line: A Complete Introduction (23-01-2012)
• The Design of Rijndael: AES - The Advanced Encryption Standard (09-01-2010)
• SSL Remote Access VPNs (14-05-2012)
• Shell Scripting: Expert Recipes for Linux, Bash and more (19-09-2011)
• Mastering Unix Shell Scripting, 2nd Edition (14-05-2011)

Book Description

“In the Java world, security is not viewed as an add-on a feature. It is a pervasive way of thinking. Those who forget to think in a secure mindset end up in trouble. But just because the facilities are there doesn’t mean that security is assured automatically. A set of standard practices has evolved over the years. The Secure® Coding® Standard for Java™ is a compendium of these practices. These are not theoretical research papers or product marketing blurbs. This is all serious, mission-critical, battle-tested, enterprise-scale stuff.”
—James A. Gosling, Father of the Java Programming Language

An essential element of secure coding in the Java programming language is a well-documented and enforceable coding standard. Coding standards encourage programmers to follow a uniform set of rules determined by the requirements of the project and organization, rather than by the programmer’s familiarity or preference. Once established, these standards can be used as a metric to evaluate source code (using manual or automated processes).

The CERT® Oracle® Secure Coding Standard for Java™ provides rules designed to eliminate insecure coding practices that can lead to exploitable vulnerabilities. Application of the standard’s guidelines will lead to higher-quality systems–robust systems that are more resistant to attack. Such guidelines are required for the wide range of products coded in Java–for devices such as PCs, game players, mobile phones, home appliances, and automotive electronics.

After a high-level introduction to Java application security, seventeen consistently organized chapters detail specific rules for key areas of Java development. For each area, the authors present noncompliant examples and corresponding compliant solutions, show how to assess risk, and offer references for further information. Each rule is prioritized based on the severity of consequences, likelihood of introducing exploitable vulnerabilities, and cost of remediation.

The standard provides secure coding rules for the Java SE 6 Platform including the Java programming language and libraries, and also addresses new features of the Java SE 7 Platform. It describes language behaviors left to the discretion of JVM and compiler implementers, guides developers in the proper use of Java’s APIs and security architecture, and considers  security concerns pertaining to standard extension APIs (from the javax package hierarchy).The standard covers security issues applicable to these libraries: lang, util, Collections, Concurrency Utilities, Logging, Management, Reflection, Regular Expressions, Zip, I/O, JMX, JNI, Math, Serialization, and JAXP.

Book Details

• Paperback: 744 pages
• Publisher: Addison-Wesley Professional (September 2011)
• Language: English
• ISBN-10: 0321803957
• ISBN-13: 978-0321803955

Related Posts

• Guide to Web Development with Java: Understanding Website Creation (27-02-2012)
• DSLs in Action (15-01-2011)
• Clojure Programming (24-04-2012)
• Ubuntu Unleashed 2012 Edition: Covering 11.10 and 12.04, 7th Edition (15-05-2012)
• Ubuntu Unleashed 2012 Edition: Covering 11.10 and 12.04 (04-02-2012)
• Sams Teach Yourself Java in 24 Hours, 6th Edition (17-02-2012)
• Programming in Scala, 2nd Edition (19-05-2011)
• Programming Concurrency on the JVM (13-09-2011)
• Programming Clojure, 2nd Edition (20-04-2012)
• Programming Android, 2nd Edition (30-03-2012)

Book Description

If you’re an app developer with a solid foundation in Objective-C, this book is an absolute must—chances are very high that your company’s iOS applications are vulnerable to attack. That’s because malicious attackers now use an arsenal of tools to reverse-engineer, trace, and manipulate applications in ways that most programmers aren’t aware of.

This guide illustrates several types of iOS attacks, as well as the tools and techniques that hackers use. You’ll learn best practices to help protect your applications, and discover how important it is to understand and strategize like your adversary.

• Examine subtle vulnerabilities in real-world applications—and avoid the same problems in your apps
• Learn how attackers infect apps with malware through code injection
• Discover how attackers defeat iOS keychain and data-protection encryption
• Use a debugger and custom code injection to manipulate the runtime Objective-C environment
• Prevent attackers from hijacking SSL sessions and stealing traffic
• Securely delete files and design your apps to prevent forensic data leakage
• Avoid debugging abuse, validate the integrity of run-time classes, and make your code harder to trace

Table of Contents
Chapter 1. Everything You Know Is Wrong

Part I: Hacking
Chapter 2. The Basics of Compromising iOS
Chapter 3. Stealing the Filesystem
Chapter 4. Forensic Trace and Data Leakage
Chapter 5. Defeating Encryption
Chapter 6. Unobliterating Files
Chapter 7. Manipulating the Runtime
Chapter 8. Abusing the Runtime Library
Chapter 9. Hijacking Traffic

Part II: Securing
Chapter 10. Implementing Encryption
Chapter 11. Counter Forensics
Chapter 12. Securing the Runtime
Chapter 13. Jailbreak Detection
Chapter 14. Next Steps

Book Details

• Paperback: 356 pages
• Publisher: O’Reilly Media (January 2012)
• Language: English
• ISBN-10: 1449318746
• ISBN-13: 978-1449318741

Related Posts

• SSL Remote Access VPNs (14-05-2012)
• Windows Vista Annoyances: Tips, Secrets, and Hacks (11-08-2009)
• Webbots, Spiders, and Screen Scrapers, 2nd Edition (29-03-2012)
• web2py Application Development Cookbook (16-04-2012)
• Web Security, Privacy and Commerce, 2nd Edition (10-05-2011)
• Using SQLite (20-08-2010)
• Ubuntu Unleashed 2012 Edition: Covering 11.10 and 12.04, 7th Edition (15-05-2012)
• Ubuntu Unleashed 2012 Edition: Covering 11.10 and 12.04 (04-02-2012)
• The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws (23-05-2009)
• The iOS 5 Developer's Cookbook, 3rd Edition (12-05-2012)

Book Description

When the Stuxnet computer worm damaged the Iranian nuclear program in 2010, the public got a small glimpse into modern cyber warfare—without truly realizing the scope of this global conflict. Inside Cyber Warfare provides fascinating and disturbing details on how nations, groups, and individuals throughout the world increasingly rely on Internet attacks to gain military, political, and economic advantages over their adversaries.

This updated second edition takes a detailed look at the complex domain of cyberspace, and the players and strategies involved. You’ll discover how sophisticated hackers working on behalf of states or organized crime patiently play a high-stakes game that could target anyone, regardless of affiliation or nationality.

• Discover how Russian investment in social networks benefits the Kremlin
• Learn the role of social networks in fomenting revolution in the Middle East and Northern Africa
• Explore the rise of anarchist groups such as Anonymous and LulzSec
• Look inside cyber warfare capabilities of nations including China and Israel
• Understand how the U.S. can legally engage in covert cyber operations
• Learn how the Intellectual Property war has become the primary focus of state-sponsored cyber operations

Jeffrey Carr, the founder and CEO of Taia Global, Inc., is a cyber intelligence expert and consultant who specializes in the investigation of cyber attacks against governments and infrastructures by state and non-state hackers.

Table of Contents
Chapter 1. Assessing the Problem
Chapter 2. The Rise of the Nonstate Hacker
Chapter 3. The Legal Status of Cyber Warfare
Chapter 4. Responding to International Cyber Attacks as Acts of War
Chapter 5. The Intelligence Component to Cyber Warfare
Chapter 6. Nonstate Hackers and the Social Web
Chapter 7. Follow the Money
Chapter 8. Organized Crime in Cyberspace
Chapter 9. Investigating Attribution
Chapter 10. Weaponizing Malware
Chapter 11. The Role of Cyber in Military Doctrine
Chapter 12. A Cyber Early Warning Model
Chapter 13. Advice for Policymakers from the Field
Chapter 14. Conducting Operations in the Cyber-Space-Time Continuum
Chapter 15. The Russian Federation: Information Warfare Framework
Chapter 16. Cyber Warfare Capabilities by Nation-State
Chapter 17. US Department of Defense Cyber Command and Organizational Structure
Chapter 18. Active Defense for Cyber: A Legal Framework for Covert Countermeasures

Book Details

• Paperback: 316 pages
• Publisher: O’Reilly Media; 2nd Edition (December 2011)
• Language: English
• ISBN-10: 1449310044
• ISBN-13: 978-1449310042

Related Posts

• The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws (23-05-2009)
• Hacking Exposed: Wireless (23-05-2009)
• Hacking Exposed: Web 2.0 (31-01-2011)
• Hacking Exposed: Malware & Rootkits (31-01-2011)
• Hacking Exposed: Linux, 3rd Edition (31-01-2011)
• Hacking Exposed, 6th Edition (23-05-2009)
• Hackers: Heroes of the Computer Revolution (04-06-2010)
• Computer Security Fundamentals, 2nd Edition (09-05-2012)
• CEH: Official Certified Ethical Hacker Review Guide (Exam 312-50) (22-07-2011)
• Zend Enterprise PHP Patterns (17-09-2009)

Book Description

With the Android platform fast becoming a target of malicious hackers, application security is crucial. This concise book provides the knowledge you need to design and implement robust, rugged, and secure apps for any Android device. You’ll learn how to identify and manage the risks inherent in your design, and work to minimize a hacker’s opportunity to compromise your app and steal user data.

How is the Android platform structured to handle security? What services and tools are available to help you protect data? Up until now, no single resource has provided this vital information. With this guide, you’ll learn how to address real threats to your app, whether or not you have previous experience with security issues.

• Examine Android’s architecture and security model, and how it isolates the filesystem and database
• Learn how to use Android permissions and restricted system APIs
• Explore Android component types, and learn how to secure communications in a multi-tier app
• Use cryptographic tools to protect data stored on an Android device
• Secure the data transmitted from the device to other parties, including the servers that interact with your app

Table of Contents
Chapter 1. Introduction
Chapter 2. Android Architecture
Chapter 3. Application Permissions
Chapter 4. Component Security and Permissions
Chapter 5. Protecting Stored Data
Chapter 6. Securing Server Interactions
Chapter 7. Summary

Book Details

• Paperback: 112 pages
• Publisher: O’Reilly Media (December 2011)
• Language: English
• ISBN-10: 1449315070
• ISBN-13: 978-1449315078

Related Posts

• Developing Android Applications with Adobe AIR (05-05-2011)
• Building Mobile Applications with Java (30-03-2012)
• App Inventor (09-05-2011)
• Android in Action, 3rd Edition (19-12-2011)
• Android Apps for Absolute Beginners (23-06-2011)
• Android 3.0 Application Development Cookbook (10-08-2011)
• Unlocking Android (28-07-2009)
• The Busy Coder’s Guide to Android Development (09-01-2010)
• The Busy Coder's Guide to Android Development, Version 3.6 (04-04-2011)
• The Android Developer’s Cookbook: Building Applications with the Android SDK (25-11-2010)

Book Description

“Thorough and comprehensive coverage from one of the foremost experts in browser security.”
—Tavis Ormandy, Google Inc.

Modern web applications are built on a tangle of technologies that have been developed over time and then haphazardly pieced together. Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. To keep users safe, it is essential for developers to confidently navigate this landscape.

In The Tangled Web, Michal Zalewski, one of the world’s top browser security experts, offers a compelling narrative that explains exactly how browsers work and why they’re fundamentally insecure. Rather than dispense simplistic advice on vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security. You’ll learn how to:

• Perform common but surprisingly complex tasks such as URL parsing and HTML sanitization
• Use modern security features like Strict Transport Security, Content Security Policy, and Cross-Origin Resource Sharing
• Leverage many variants of the same-origin policy to safely compartmentalize complex web applications and protect user credentials in case of XSS bugs
• Build mashups and embed gadgets without getting stung by the tricky frame navigation policy
• Embed or host user-supplied content without running into the trap of content sniffing

For quick reference, “Security Engineering Cheat Sheets” at the end of each chapter offer ready solutions to problems you’re most likely to encounter. With coverage extending as far as planned HTML5 features, The Tangled Web will help you create secure web applications that stand the test of time.

Table of Contents
Chapter 1 Security in the World of Web Applications

Part I: Anatomy of the Web
Chapter 2 It Starts with a URL
Chapter 3 Hypertext Transfer Protocol
Chapter 4 Hypertext Markup Language
Chapter 5 Cascading Style Sheets
Chapter 6 Browser-Side Scripts
Chapter 7 Non-HTML Document Types
Chapter 8 Content Rendering with Browser Plug-ins

Part II: Browser Security Features
Chapter 9 Content Isolation Logic
Chapter 10 Origin Inheritance
Chapter 11 Life Outside Same-Origin Rules
Chapter 12 Other Security Boundaries
Chapter 13 Content Recognition Mechanisms
Chapter 14 Dealing with Rogue Scripts
Chapter 15 Extrinsic Site Privileges

Part III: A Glimpse of Things to Come
Chapter 16 New and Upcoming Security Features
Chapter 17 Other Browser Mechanisms of Note

Chapter 18 Common Web Vulnerabilities

Appendix Epilogue
Notes
UPDATES

Book Details

• Paperback: 320 pages
• Publisher: No Starch Press (November 2011)
• Language: English
• ISBN-10: 1593273886
• ISBN-13: 978-1593273880

Related Posts

• Sencha Touch Mobile JavaScript Framework (10-04-2012)
• Rails Recipes: Rails 3 Edition, 2nd Edition (20-04-2012)
• Pro Silverlight 5 in C# (29-02-2012)
• jQuery 1.4 Animation Techniques: Beginners Guide (08-04-2011)
• HTML5 Games: Creating Fun with HTML5, CSS3, and WebGL (28-02-2012)
• Developing Web Applications with Haskell and Yesod (19-05-2012)
• Beginning PhoneGap: Mobile Web Framework for JavaScript and HTML5 (03-03-2012)
• 20 Recipes for Programming PhoneGap (03-04-2012)
• XPages Portable Command Guide (16-05-2012)
• XML and Java: Developing Web Applications, 2nd Edition (10-06-2009)

Book Description

Security is one of the most difficult areas in today’s IT industry. The reason being; the speed at which security methods are developing is considerably slower than the methods of hacking. One of the ways to tackle this is to implement Agile IT Security. Agile IT security methodology is based on proven software development practices. It takes the best works from Agile Software Development (Scrum, OpenUp, Lean) and applies it to security implementations.

This book combines the Agile software development practices with IT security. It teaches you how to deal with the ever-increasing threat to IT security and helps you build robust security with lesser costs than most other methods of security. It is designed to teach the fundamental methodologies of an agile approach to IT security. Its intent is to compare traditional IT security implementation approaches to new agile methodologies. Written by a senior IT specialist at IBM, you can rest assured of the usability of these methods directly in your organization.

This book will teach IT Security professionals the concepts and principles that IT development has been using for years to help minimize risk and work more efficiently. The book will take you through various scenarios and aspects of security issues and teach you how to implement security and overcome hurdles during your implementation.

It begins by identifying risks in IT security and showing how Agile principles can be used to tackle them. It then moves to developing security policies and identifying your organization’s assets. The last section teaches you how you can overcome real-world issues in implementing Agile security in your organization including dealing with your colleagues.

What you will learn from this book :

• Understand the various modern-day security risks and concerns and how Agile IT security is useful in dealing with these risks
• Learn Agile principles like pairwise, refactoring, collective ownership, collaboration, track project divergence and velocity rates
• Develop security policies and articulate security value and take steps to ensure your employees’ security awareness
• Identify your organization’s high value assets and apply risk-driven security
• Employ Lean implementation principles like eliminating waste, amplified learning, late decisions and fast deliveries
• Learn what teams in your organization can help you with security, and tie up with them
• Learn how to overcome Agile barriers and fears and train your security professionals
• Learn Agile team success factors and Agile risk success factors

Approach
The book is a tutorial that goes from basic to professional level for Agile IT security. It begins by assuming little knowledge of agile security. Readers should hold a good knowledge of security methods and agile development.

Who this book is written for
The book is targeted at IT security managers, directors, and architects. It is useful for anyone responsible for the deployment of IT security countermeasures. Security people with a strong knowledge of agile software development will find this book to be a good review of agile concepts.

Book Details

• Paperback: 120 pages
• Publisher: Packt Publishing (November 2011)
• Language: English
• ISBN-10: 1849685703
• ISBN-13: 978-1849685702

Related Posts

• User Stories Applied: For Agile Software Development (19-07-2011)
• Ubuntu Unleashed 2012 Edition: Covering 11.10 and 12.04, 7th Edition (15-05-2012)
• Ubuntu Unleashed 2012 Edition: Covering 11.10 and 12.04 (04-02-2012)
• The CERT Guide to Insider Threats (12-05-2012)
• The Agile Samurai: How Agile Masters Deliver Great Software (28-09-2010)
• TCP/IP Illustrated, Volume 1: The Protocols, 2nd Edition (05-05-2012)
• Security on Rails (19-12-2009)
• Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB (24-07-2009)
• Pro Spring 3 (01-05-2012)
• Pro PHP Security, 2nd Edition (04-01-2011)

Book Description

“Give a man an exploit and you make him a hacker for a day; teach a man to exploit bugs and you make him a hacker for a lifetime.”
–Felix ‘FX’ Lindner

Seemingly simple bugs can have drastic consequences, allowing attackers to compromise systems, escalate local privileges, and otherwise wreak havoc on a system.

A Bug Hunter’s Diary follows security expert Tobias Klein as he tracks down and exploits bugs in some of the world’s most popular software, like Apple’s iOS, the VLC media player, web browsers, and even the Mac OS X kernel. In this one-of-a-kind account, you’ll see how the developers responsible for these flaws patched the bugs—or failed to respond at all. As you follow Klein on his journey, you’ll gain deep technical knowledge and insight into how hackers approach difficult problems and experience the true joys (and frustrations) of bug hunting.

Along the way you’ll learn how to:

• Use field-tested techniques to find bugs, like identifying and tracing user input data and reverse engineering
• Exploit vulnerabilities like NULL pointer dereferences, buffer overflows, and type conversion flaws
• Develop proof of concept code that verifies the security flaw
• Report bugs to vendors or third party brokers

A Bug Hunter’s Diary is packed with real-world examples of vulnerable code and the custom programs used to find and test bugs. Whether you’re hunting bugs for fun, for profit, or to make the world a safer place, you’ll learn valuable new skills by looking over the shoulder of a professional bug hunter in action.

Table of Contents
Chapter 1. Bug Hunting
Chapter 2. Back to the ’90s
Chapter 3. Escape from the WWW Zone
Chapter 4. NULL Pointer FTW
Chapter 5. Browse and You’re Owned
Chapter 6. One Kernel to Rule Them All
Chapter 7. A Bug Older Than 4.4BSD
Chapter 8. The Ringtone Massacre

Appendix. Hints for Hunting
Appendix. Debugging
Appendix. Mitigation
Appendix. Updates

Book Details

• Paperback: 208 pages
• Publisher: No Starch Press (November 2011)
• Language: English
• ISBN-10: 1593273851
• ISBN-13: 978-1593273859

Book Description

CCNP Security FIREWALL 642-617 Official Cert Guide is a best of breed Cisco exam study guide that focuses specifically on the objectives for the CCNP Security FIREWALL exam. Senior security consultants and instructors David Hucaby, Dave Garneau, and Anthony Sequeira share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

CCNP Security FIREWALL 642-617 Official Cert Guide presents you with an organized test-preparation routine through the use of proven series elements and techniques. “Do I Know This Already?” quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.

The companion CD-ROM contains the powerful Pearson IT Certification Practice Test engine that enables you to focus on individual topic areas or take a complete, timed exam. The assessment engine also tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most.

Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

CCNP Security FIREWALL 642-617 Official Cert Guide is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.

The official study guide helps you master all the topics on the CCNP Security FIREWALL exam, including

• ASA interfaces
• IP connectivity
• ASA management
• Recording ASA activity
• Address translation
• Access control
• Proxy services
• Traffic inspection and handling
• Transparent firewall mode
• Virtual firewalls
• High availability
• ASA service modules

Book Details

• Hardcover: 768 pages
• Publisher: Cisco Press (September 2011)
• Language: English
• ISBN-10: 1587142791
• ISBN-13: 978-1587142796

Related Posts

• TCP/IP Illustrated, Volume 1: The Protocols, 2nd Edition (05-05-2012)
• MCTS 70-642 Exam Cram: Windows Server 2008 Network Infrastructure, Configuring (21-05-2011)
• Computer Security Fundamentals, 2nd Edition (09-05-2012)
• CompTIA Security+ SY0-301 Authorized Cert Guide, 2nd Edition (09-05-2012)
• Cisco Firewalls (28-05-2011)
• CCNP Security VPN 642-647 Official Cert Guide (19-08-2011)
• CCNP Security Secure 642-637 Official Cert Guide (21-07-2011)
• CCNP Security IPS 642-627: Official Cert Guide (13-02-2012)
• CCENT/CCNA ICND1 640-822: Official Cert Guide, 3rd Edition (13-02-2012)
• Zend Enterprise PHP Patterns (17-09-2009)