The present volume aims to provide an overview of the current understanding of the so-called Critical Infrastructure (CI), and particularly the Critical Information Infrastructure (CII), which not only forms one of the constituent sectors of the overall CI, but also is unique in providing an element of interconnection between sectors as well as often also intra-sectoral control mechanisms. The 14 papers of this book present a collection of pieces of scientific work in the areas of critical infrastructure protection. In combining elementary concepts and models with policy-related issues on one hand and placing an emphasis on the timely area of control systems, the book aims to highlight some of the key issues facing the research community.
The only security book to be chosen as a Dr. Dobbs Jolt Award Finalist since Bruce Schneier's Secrets and Lies and Applied Cryptography!
Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies.
Continue reading “Threat Modeling: Designing for Security”
This book argues that Network Centric Warfare (NCW) influences how developed militaries operate in the same fashion that an operating system influences the development of computer software.
It examines three inter-related issues: the overwhelming military power of the United States; the growing influence of NCW on military thinking; and the centrality of coalition operations in modern military endeavours. Irrespective of terrorist threats and local insurgencies, the present international structure is remarkably stable – none of the major powers seeks to alter the system from its present liberal character, as demonstrated by the lack of a military response to US military primacy. This primacy privileges the American military doctrine and thus the importance of NCW, which promises a future of rapid, precise, and highly efficient operations, but also a future predicated on the ‘digitization’ of the battle space. Participation in future American-led military endeavours will require coalition partners to be networked: ‘interoperability’ will therefore be a key consideration of a partner’s strategic worth.
Network Centric Warfare and Coalition Operations will be of great interest to students of strategic studies, international security, US foreign policy and international relations in general.
Fuzzing is often described as a “black box software testing technique. It works by automatically feeding a program multiple input iterations in an attempt to trigger an internal error indicative of a bug, and potentially crash it. Such program errors and crashes are indicative of the existence of a security vulnerability, which can later be researched and fixed.
Fuzz testing is now making a transition from a hacker-grown tool to a commercial-grade product. There are many different types of applications that can be fuzzed, many different ways they can be fuzzed, and a variety of different problems that can be uncovered. There are also problems that arise during fuzzing; when is enough enough? These issues and many others are fully explored.
Continue reading “Open Source Fuzzing Tools”
Debugging is crucial to successful software development, but even many experienced programmers find it challenging. Sophisticated debugging tools are available, yet it may be difficult to determine which features are useful in which situations. The Art of Debugging is your guide to making the debugging process more efficient and effective.The Art of Debugging illustrates the use three of the most popular debugging tools on Linux/Unix platforms: GDB, DDD, and Eclipse. The text-command based GDB (the GNU Project Debugger) is included with most distributions. DDD is a popular GUI front end for GDB, while Eclipse provides a complete integrated development environment.In addition to offering specific advice for debugging with each tool, authors Norm Matloff and Pete Salzman cover general strategies for improving the process of finding and fixing coding errors, including how to:Inspect variables and data structuresUnderstand segmentation faults and core dumpsKnow why your program crashes or throws exceptionsUse features like catchpoints, convenience variables, and artificial arraysAvoid common debugging pitfallsReal world examples of coding errors help to clarify the authors' guiding principles, and coverage of complex topics like thread, client-server, GUI, and parallel programming debugging will make you even more proficient. You'll also learn how to prevent errors in the first place with text editors, compilers, error reporting, and static code checkers.Whether you dread the thought of debugging your programs or simply want to improve your current debugging efforts, you'll find a valuable ally in The Art of Debugging.