Book Description

With the Android platform fast becoming a target of malicious hackers, application security is crucial. This concise book provides the knowledge you need to design and implement robust, rugged, and secure apps for any Android device. You’ll learn how to identify and manage the risks inherent in your design, and work to minimize a hacker’s opportunity to compromise your app and steal user data.

How is the Android platform structured to handle security? What services and tools are available to help you protect data? Up until now, no single resource has provided this vital information. With this guide, you’ll learn how to address real threats to your app, whether or not you have previous experience with security issues.

• Examine Android’s architecture and security model, and how it isolates the filesystem and database
• Learn how to use Android permissions and restricted system APIs
• Explore Android component types, and learn how to secure communications in a multi-tier app
• Use cryptographic tools to protect data stored on an Android device
• Secure the data transmitted from the device to other parties, including the servers that interact with your app

Table of Contents
Chapter 1. Introduction
Chapter 2. Android Architecture
Chapter 3. Application Permissions Download Now »

Book Description

“Thorough and comprehensive coverage from one of the foremost experts in browser security.”
—Tavis Ormandy, Google Inc.

Modern web applications are built on a tangle of technologies that have been developed over time and then haphazardly pieced together. Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. To keep users safe, it is essential for developers to confidently navigate this landscape.

In The Tangled Web, Michal Zalewski, one of the world’s top browser security experts, offers a compelling narrative that explains exactly how browsers work and why they’re fundamentally insecure. Rather than dispense simplistic advice on vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security. You’ll learn how to:

• Perform common but surprisingly complex tasks such as URL parsing and HTML sanitization
• Use modern security features like Strict Transport Security, Content Security Policy, and Cross-Origin Resource Sharing
• Leverage many variants of the same-origin policy to safely compartmentalize complex web applications and protect user credentials in case of XSS bugs
• Build mashups and embed gadgets without getting stung by the tricky frame navigation policy
• Embed or host user-supplied content without running into the trap of content sniffing

For quick reference, “Security Engineering Cheat Sheets” Download Now »

Book Description

Security is one of the most difficult areas in today’s IT industry. The reason being; the speed at which security methods are developing is considerably slower than the methods of hacking. One of the ways to tackle this is to implement Agile IT Security. Agile IT security methodology is based on proven software development practices. It takes the best works from Agile Software Development (Scrum, OpenUp, Lean) and applies it to security implementations.

This book combines the Agile software development practices with IT security. It teaches you how to deal with the ever-increasing threat to IT security and helps you build robust security with lesser costs than most other methods of security. It is designed to teach the fundamental methodologies of an agile approach to IT security. Its intent is to compare traditional IT security implementation approaches to new agile methodologies. Written by a senior IT specialist at IBM, you can rest assured of the usability of these methods directly in your organization.

This book will teach IT Security professionals the concepts and principles that IT development has been using for years to help minimize risk and work more efficiently. The book will take you through various scenarios and aspects of security issues and teach you how to implement security and overcome hurdles during your implementation.

It begins by identifying risks in IT security and showing how Agile principles can be used to tackle them. It then moves to developing security policies and identifying your organization’s assets. The last section teaches you how you can overcome real-world issues in implementing Agile security Download Now »

Book Description

Tools used for penetration testing are often purchased or downloaded from the Internet. Each tool is based on a programming language such as Perl, Python, or Ruby. If a penetration tester wants to extend, augment, or change the functionality of a tool to perform a test differently than the default configuration, the tester must know the basics of coding for the related programming language. Coding for Penetration Testers provides the reader with an understanding of the scripting languages that are commonly used when developing tools for penetration testing. It also guides the reader through specific examples of custom tool development and the situations where such tools might be used. While developing a better understanding of each language, the reader is guided through real-world scenarios and tool development that can be incorporated into a tester’s toolkit.

Review
“Penetration testing is a profession that requires the mastery of dozens of tools; every job poses challenges that require these tools to be mixed, matched, and automated. The master penetration tester not only excels at using his or her toolbox, but also expands it with custom scripts and unique programs to solve the challenge of the day. This book provides a solid introduction to custom scripting and tool development, using multiple languages, with a penetration tester’s goals in mind. This background can transform penetration testing from a manual, often repetitive task, to an efficient process that is not just faster, but also more accurate and consistent across large engagements.”
–HD Moore, Metasploit Founder and CSO of Rapid7 Download Now »

Book Description

Whether your company is planning on database migration, desktop application migration, or has IT infrastructure consolidation projects, this book gives you all the resources you’ll need. It gives you recommendations on tools, strategy and best practices and serves as a guide as you plan, determine effort and budget, design, execute and roll your modern Oracle system out to production. Focusing on Oracle grid relational database technology and Oracle Fusion Middleware as the target cloud-based architecture, your company can gain organizational efficiency, agility, increase innovation and reduce IT Total Cost of Ownership (TCO) by moving to service-oriented, Web-based cloud architectures.

Table of Contents
Chapter 1: Migrating to the Cloud: Client/Server Migrations to the Oracle Cloud
Chapter 2: Identifying the Level of Effort and Cost
Chapter 3: Methodology and Design
Chapter 4: Relational Migration Tools
Chapter 5: Database Schema and Data Migration
Chapter 6: Database Stored Object Migration
Chapter 7: Application Migration/Porting Due to Database Migration
Chapter 8: Migrating Applications to the Cloud
Chapter 9: Service Enablement of Client/Server Applications
Chapter 10: Oracle Database Cloud Infrastructure Planning and Implementation Download Now »

Book Description

Great commercial penetration testing tools can be very expensive and sometimes hard to use or of questionable accuracy. This book helps solve both of these problems. The open source, no-cost penetration testing tools presented do a great job and can be modified by the user for each situation. Many tools, even ones that cost thousands of dollars, do not come with any type of instruction on how and in which situations the penetration tester can best use them. Penetration Tester’s Open Source Toolkit, Third Edition, expands upon existing instructions so that a professional can get the most accurate and in-depth test results possible. Real-life scenarios are a major focus so that the reader knows which tool to use and how to use it for a variety of situations.

• Details current open source penetration testing tools
• Presents core technologies for each type of testing and the best tools for the job
• New to this edition: Enterprise application testing, client-side attacks and updates on Metasploit and Backtrack

Review
“Jeremy Faircloth continues to write about computer and network security in ways that help the InfoSec community. In Penetration Tester’s Open Source Toolkit, Third Edition he combines his sharp insight into a wide variety of technologies, diverse penetration testing approaches and several penetration testing tools (then showcases these tools in action in the case study in each chapter) so the student of penetration testing can go out and get it done. Download Now »