The present volume aims to provide an overview of the current understanding of the so-called Critical Infrastructure (CI), and particularly the Critical Information Infrastructure (CII), which not only forms one of the constituent sectors of the overall CI, but also is unique in providing an element of interconnection between sectors as well as often also intra-sectoral control mechanisms. The 14 papers of this book present a collection of pieces of scientific work in the areas of critical infrastructure protection. In combining elementary concepts and models with policy-related issues on one hand and placing an emphasis on the timely area of control systems, the book aims to highlight some of the key issues facing the research community.
Fuzzing is often described as a “black box software testing technique. It works by automatically feeding a program multiple input iterations in an attempt to trigger an internal error indicative of a bug, and potentially crash it. Such program errors and crashes are indicative of the existence of a security vulnerability, which can later be researched and fixed.
Fuzz testing is now making a transition from a hacker-grown tool to a commercial-grade product. There are many different types of applications that can be fuzzed, many different ways they can be fuzzed, and a variety of different problems that can be uncovered. There are also problems that arise during fuzzing; when is enough enough? These issues and many others are fully explored.
Continue reading “Open Source Fuzzing Tools”
Get up to speed on Git for tracking, branching, merging, and managing code revisions. Through a series of step-by-step tutorials, this practical guide takes you quickly from Git fundamentals to advanced techniques, and provides friendly yet rigorous advice for navigating the many functions of this open source version control system.
This thoroughly revised edition also includes tips for manipulating trees, extended coverage of the reflog and stash, and a complete introduction to the GitHub repository. Git lets you manage code development in a virtually endless variety of ways, once you understand how to harness the system’s flexibility. This book shows you how.Learn how to use Git for several real-world development scenariosGain insight into Git’s common-use cases, initial tasks, and basic functionsUse the system for both centralized and distributed version controlLearn how to manage merges, conflicts, patches, and diffsApply advanced techniques such as rebasing, hooks, and ways to handle submodulesInteract with Subversion (SVN) repositories—including SVN to Git conversionsNavigate, use, and contribute to open source projects though GitHub
Debugging is crucial to successful software development, but even many experienced programmers find it challenging. Sophisticated debugging tools are available, yet it may be difficult to determine which features are useful in which situations. The Art of Debugging is your guide to making the debugging process more efficient and effective.The Art of Debugging illustrates the use three of the most popular debugging tools on Linux/Unix platforms: GDB, DDD, and Eclipse. The text-command based GDB (the GNU Project Debugger) is included with most distributions. DDD is a popular GUI front end for GDB, while Eclipse provides a complete integrated development environment.In addition to offering specific advice for debugging with each tool, authors Norm Matloff and Pete Salzman cover general strategies for improving the process of finding and fixing coding errors, including how to:Inspect variables and data structuresUnderstand segmentation faults and core dumpsKnow why your program crashes or throws exceptionsUse features like catchpoints, convenience variables, and artificial arraysAvoid common debugging pitfallsReal world examples of coding errors help to clarify the authors' guiding principles, and coverage of complex topics like thread, client-server, GUI, and parallel programming debugging will make you even more proficient. You'll also learn how to prevent errors in the first place with text editors, compilers, error reporting, and static code checkers.Whether you dread the thought of debugging your programs or simply want to improve your current debugging efforts, you'll find a valuable ally in The Art of Debugging.
The only security book to be chosen as a Dr. Dobbs Jolt Award Finalist since Bruce Schneier's Secrets and Lies and Applied Cryptography!
Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies.
Continue reading “Threat Modeling: Designing for Security”