Python Passive Network Mapping: P2NMAP

Rating: 
Amazon Price: N/A (as of July 27, 2017 04:44 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

Python Passive Network Mapping: P2NMAP is the first book to reveal a revolutionary and open source method for exposing nefarious network activity.

The "Heartbleed" vulnerability has revealed significant weaknesses within enterprise environments related to the lack of a definitive mapping of network assets. In Python Passive Network Mapping, Chet Hosmer shows you how to effectively and definitively passively map networks. Active or probing methods to network mapping have traditionally been used, but they have many drawbacks – they can disrupt operations, crash systems, and – most importantly – miss critical nefarious activity. You require an accurate picture of the environments you protect and operate in order to rapidly investigate, mitigate, and then recover from these new attack vectors. This book gives you a deep understanding of new innovations to passive network mapping, while delivering open source Python-based tools that can be put into practice immediately.
Continue reading “Python Passive Network Mapping: P2NMAP”

Threat Modeling: Designing for Security

Rating: 
Amazon Price: N/A (as of July 27, 2017 01:29 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

The only security book to be chosen as a Dr. Dobbs Jolt Award Finalist since Bruce Schneier's Secrets and Lies and Applied Cryptography!

Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies.
Continue reading “Threat Modeling: Designing for Security”

Cyber Security Engineering: A Foundation for Operational Security (SEI Series in Software Engineering)

Rating: 
Amazon Price: $39.99 $31.99 You save: $8.00 (20%). (as of July 27, 2017 01:29 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

This book brings together comprehensive best practices for building software systems that exhibit superior operational security, and for considering security early and throughout the full lifecycles of both system development and acquisition. Pioneering software assurance experts Nancy R. Mead and Dr. Carol Woody present the latest practical knowledge and case studies, demonstrating strategies and techniques that have been repeatedly proven to reduce operational problems and the need for software patching. Using these methods, any software practitioner or manager can make system and software engineering decisions that are far more likely to achieve appropriate operational results.

Drawing on their pioneering work at the Software Engineering Institute (SEI) and Carnegie Mellon University, the authors introduce seven core principles of software assurance, and demonstrate how to apply them through all four key areas of cybersecurity engineering:
Continue reading “Cyber Security Engineering: A Foundation for Operational Security (SEI Series in Software Engineering)”

Hacking: The Next Generation: The Next Generation (Animal Guide)

Rating: 
Amazon Price: N/A (as of July 27, 2017 08:58 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

With the advent of rich Internet applications, the explosion of social media, and the increased use of powerful cloud computing infrastructures, a new generation of attackers has added cunning new techniques to its arsenal. For anyone involved in defending an application or a network of systems, Hacking: The Next Generation is one of the few books to identify a variety of emerging attack vectors.

You'll not only find valuable information on new hacks that attempt to exploit technical flaws, you'll also learn how attackers take advantage of individuals via social networking sites, and abuse vulnerabilities in wireless technologies and cloud infrastructures. Written by seasoned Internet security professionals, this book helps you understand the motives and psychology of hackers behind these attacks, enabling you to better prepare and defend against them.
Continue reading “Hacking: The Next Generation: The Next Generation (Animal Guide)”

Hacking the Code: Auditor’s Guide to Writing Secure Code for the Web

Rating: 
Amazon Price: N/A (as of July 26, 2017 18:43 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

Hacker Code will have over 400 pages of dedicated exploit, vulnerability, and tool code with corresponding instruction. Unlike other security and programming books that dedicate hundreds of pages to architecture and theory based flaws and exploits, HC1 will dive right into deep code analysis. Previously undisclosed security research in combination with superior programming techniques from Foundstone and other respected organizations will be included in both the Local and Remote Code sections of the book.

The book will be accompanied with a FREE COMPANION CD containing both commented and uncommented versions of the source code examples presented throughout the book. In addition to the book source code, the CD will also contain a copy of the author-developed Hacker Code Library v1.0. The Hacker Code Library will include multiple attack classes and functions that can be utilized to quickly create security programs and scripts. These classes and functions will simplify exploit and vulnerability tool development to an extent never before possible with publicly available software.
Continue reading “Hacking the Code: Auditor's Guide to Writing Secure Code for the Web”