Book Description

The open source nature of the platform has not only established a new direction for the industry, but enables a developer or forensic analyst to understand the device at the most fundamental level. Android Forensics covers an open source mobile device platform based on the Linux 2.6 kernel and managed by the Open Handset Alliance. The Android platform is a major source of digital forensic investigation and analysis. This book provides a thorough review of the Android platform including supported hardware devices, the structure of the Android development project and implementation of core services (wireless communication, data storage and other low-level functions). Finally, it will focus on teaching readers how to apply actual forensic techniques to recover data.

• Ability to forensically acquire Android devices using the techniques outlined in the book
• Detailed information about Android applications needed for forensics investigations
• Important information about SQLite, a file based structured data storage relevant for both Android and many other platforms.

“If you want to truly understand and perform forensics on Android this is the book. There is no other reference that goes to this level of detail on the Android operating systems idiosyncrasies and quirks.    Android Forensics is a must have for the mobile device examiner’s bookshelf.”
–Jim Steele, Director of Digital Forensics , a Tier 1 Wireless Carrier Download Now »

Book Description

“In the Java world, security is not viewed as an add-on a feature. It is a pervasive way of thinking. Those who forget to think in a secure mindset end up in trouble. But just because the facilities are there doesn’t mean that security is assured automatically. A set of standard practices has evolved over the years. The Secure® Coding® Standard for Java™ is a compendium of these practices. These are not theoretical research papers or product marketing blurbs. This is all serious, mission-critical, battle-tested, enterprise-scale stuff.”
—James A. Gosling, Father of the Java Programming Language

An essential element of secure coding in the Java programming language is a well-documented and enforceable coding standard. Coding standards encourage programmers to follow a uniform set of rules determined by the requirements of the project and organization, rather than by the programmer’s familiarity or preference. Once established, these standards can be used as a metric to evaluate source code (using manual or automated processes).

The CERT® Oracle® Secure Coding Standard for Java™ provides rules designed to eliminate insecure coding practices that can lead to exploitable vulnerabilities. Application of the standard’s guidelines will lead to higher-quality systems–robust systems that are more resistant to attack. Such guidelines are required for the wide range of products coded in Java–for devices such as PCs, game players, mobile phones, home appliances, and automotive electronics.

After a high-level introduction to Java application security, seventeen consistently organized chapters detail specific rules for key areas of Java development. Download Now »

Book Description

If you’re an app developer with a solid foundation in Objective-C, this book is an absolute must—chances are very high that your company’s iOS applications are vulnerable to attack. That’s because malicious attackers now use an arsenal of tools to reverse-engineer, trace, and manipulate applications in ways that most programmers aren’t aware of.

This guide illustrates several types of iOS attacks, as well as the tools and techniques that hackers use. You’ll learn best practices to help protect your applications, and discover how important it is to understand and strategize like your adversary.

• Examine subtle vulnerabilities in real-world applications—and avoid the same problems in your apps
• Learn how attackers infect apps with malware through code injection
• Discover how attackers defeat iOS keychain and data-protection encryption
• Use a debugger and custom code injection to manipulate the runtime Objective-C environment
• Prevent attackers from hijacking SSL sessions and stealing traffic
• Securely delete files and design your apps to prevent forensic data leakage
• Avoid debugging abuse, validate the integrity of run-time classes, and make your code harder to trace

Table of Contents
Chapter 1. Everything You Know Is Wrong

Part I: Hacking Download Now »

Book Description

When the Stuxnet computer worm damaged the Iranian nuclear program in 2010, the public got a small glimpse into modern cyber warfare—without truly realizing the scope of this global conflict. Inside Cyber Warfare provides fascinating and disturbing details on how nations, groups, and individuals throughout the world increasingly rely on Internet attacks to gain military, political, and economic advantages over their adversaries.

This updated second edition takes a detailed look at the complex domain of cyberspace, and the players and strategies involved. You’ll discover how sophisticated hackers working on behalf of states or organized crime patiently play a high-stakes game that could target anyone, regardless of affiliation or nationality.

• Discover how Russian investment in social networks benefits the Kremlin
• Learn the role of social networks in fomenting revolution in the Middle East and Northern Africa
• Explore the rise of anarchist groups such as Anonymous and LulzSec
• Look inside cyber warfare capabilities of nations including China and Israel
• Understand how the U.S. can legally engage in covert cyber operations
• Learn how the Intellectual Property war has become the primary focus of state-sponsored cyber operations

Jeffrey Carr, the founder and CEO of Taia Global, Inc., is a cyber intelligence expert and consultant who specializes in the investigation of cyber attacks against governments Download Now »

Book Description

With the Android platform fast becoming a target of malicious hackers, application security is crucial. This concise book provides the knowledge you need to design and implement robust, rugged, and secure apps for any Android device. You’ll learn how to identify and manage the risks inherent in your design, and work to minimize a hacker’s opportunity to compromise your app and steal user data.

How is the Android platform structured to handle security? What services and tools are available to help you protect data? Up until now, no single resource has provided this vital information. With this guide, you’ll learn how to address real threats to your app, whether or not you have previous experience with security issues.

• Examine Android’s architecture and security model, and how it isolates the filesystem and database
• Learn how to use Android permissions and restricted system APIs
• Explore Android component types, and learn how to secure communications in a multi-tier app
• Use cryptographic tools to protect data stored on an Android device
• Secure the data transmitted from the device to other parties, including the servers that interact with your app

Table of Contents
Chapter 1. Introduction
Chapter 2. Android Architecture
Chapter 3. Application Permissions Download Now »

Book Description

“Thorough and comprehensive coverage from one of the foremost experts in browser security.”
—Tavis Ormandy, Google Inc.

Modern web applications are built on a tangle of technologies that have been developed over time and then haphazardly pieced together. Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. To keep users safe, it is essential for developers to confidently navigate this landscape.

In The Tangled Web, Michal Zalewski, one of the world’s top browser security experts, offers a compelling narrative that explains exactly how browsers work and why they’re fundamentally insecure. Rather than dispense simplistic advice on vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security. You’ll learn how to:

• Perform common but surprisingly complex tasks such as URL parsing and HTML sanitization
• Use modern security features like Strict Transport Security, Content Security Policy, and Cross-Origin Resource Sharing
• Leverage many variants of the same-origin policy to safely compartmentalize complex web applications and protect user credentials in case of XSS bugs
• Build mashups and embed gadgets without getting stung by the tricky frame navigation policy
• Embed or host user-supplied content without running into the trap of content sniffing

For quick reference, “Security Engineering Cheat Sheets” Download Now »