Gør som tusindvis af andre bogelskere
Tilmeld dig nyhedsbrevet og få gode tilbud og inspiration til din næste læsning.
Ved tilmelding accepterer du vores persondatapolitik.Du kan altid afmelde dig igen.
Assembly is a low-level programming language that's one step above a computer's native machine language. Although assembly language is commonly used for writing device drivers, emulators, and video games, many programmers find its somewhat unfriendly syntax intimidating to learn and use. Since 1996, Randall Hyde's The Art of Assembly Language has provided a comprehensive, plain-English, and patient introduction to 32-bit x86 assembly for non-assembly programmers. Hyde's primary teaching tool, High Level Assembler (or HLA), incorporates many of the features found in high-level languages (like C, C++, and Java) to help you quickly grasp basic assembly concepts. HLA lets you write true low-level code while enjoying the benefits of high-level language programming. As you read The Art of Assembly Language, you'll learn the low-level theory fundamental to computer science and turn that understanding into real, functional code. You'll learn how to: -Edit, compile, and run HLA programs -Declare and use constants, scalar variables, pointers, arrays, structures, unions, and namespaces -Translate arithmetic expressions (integer and floating point) -Convert high-level control structures This much anticipated second edition of The Art of Assembly Language has been updated to reflect recent changes to HLA and to support Linux, Mac OS X, and FreeBSD. Whether you're new to programming or you have experience with high-level languages, The Art of Assembly Language, 2nd Edition is your essential guide to learning this complex, low-level language.
A no-nonsense guide to all the essentials you'll need to become a TypeScript wizard and build a TypeScript application from scratch. If you're an experienced JavaScript developer or want to level up your current TypeScript skills, with Total TypeScript, you'll learn everything you need to build a TypeScript product from scratch. Based on a series of sold-out workshops, the material in Total TypeScript has been tested by hundreds of developers to ensure their effectiveness and value. You'll explore useful patterns you can immediately apply in your projects and helpful workarounds for TypeScript's most common pitfalls. Dozens of exercises throughout range from writing solutions from scratch to advanced typing to debugging, so you'll be prepared for the gotchas that appear in real-world applications. You'll also learn how to:Set up a TypeScript development environment and how to leverage its superpower IDE. Add types to functions, arrays, and objects, and make reusable types with type aliasesExpress object types, including index signatures, Records, and interfacesTake advantage of classic object-oriented patterns in your codeConfigure TypeScript for any situation and powerful features to design your own typesWith this straightforward and approachable guide, you'll go from learning the foundations to a TypeScript wizard equipped to handle any TypeScript project that comes your way with confidence.
This first-of-its-kind guide to detecting stealthy Mac malware gives you the tools and techniques to counter even the most sophisticated threats targeting the Apple ecosystem. Macs have become a popular target of cyber-criminals, and there are few effective defenses against these pernicious threats - until now. The second volume of Mac Malware Detection is the first book to cover state-of-the-art programming techniques and security tools for detecting and countering malicious code running on a macOS system. Author Patrick Wardle, a former NSA hacker and a leading authority on macOS threat analysis, shares real-world examples from his own research to reveal the many strategies used by actual malware specimens to evade detection. As you dive deep into the Mac operating system's internals, you'll learn about:Apple's public and private frameworks and APIsHow to build heuristic-based security tools for the macOSUsing the macOS Endpoint Security framework to develop real-time monitoring software Objective-See's suite of anti-malware tools, including KnockKnock, BlockBlock, and OverSightBut this book is not just aimed at practitioners - for anyone interested in understanding the current threats facing the Apple ecosystem, it's a must-read.
Start building beautiful web applications in JavaScript with the bestselling introduction to the language, updated with new features, fresh exercises, and fun projects.Simple for beginners to pick up, JavaScript is a flexible, lightweight language for building full-scale applications for the modern web. This much-anticipated fourth edition of Eloquent JavaScript shows you how to write beautiful, effective JavaScript code. It has been updated to reflect the current state of both JavaScript and web browsers, discussing new features like optional chaining, nullish coalescing, class properties, private fields, and newly standardized methods. Chapters on asynchronous programming, objects, and modules have been overhauled to reflect modern JavaScript style and improve readability.This bestselling book teaches through extensive examples and immerses you in code from the start, while exercises and full-chapter projects give you hands-on experience with writing your own programs. As you build projects, like a website and a pixel art editor, you’ll:Understand the essential elements of JS programming, including syntax, control, and dataOrganize and clarify your code with object-oriented and functional programming techniquesUse the DOM effectively to interact with browsersScript the browser and make basic web applicationsHarness Node.js to build servers and utilitiesIsn’t it time you became fluent in the language of the web?
Enter the wonderful world of graph algorithms, where you’ll learn when and how to apply these highly useful data structures to solve a wide range of fascinating (and fantastical) computational problems.Graph Algorithms the Fun Way offers a refreshing approach to complex concepts by blending humor, imaginative examples, and practical Python implementations to reveal the power and versatility of graph based problem-solving in the real world. Through clear diagrams, engaging examples, and Python code, you’ll build a solid foundation for addressing graph problems in your own projects.Explore a rich landscape of cleverly constructed scenarios where:Hedge mazes illuminate depth-first searchUrban explorations demonstrate breadth-first searchIntricate labyrinths reveal bridges and articulation pointsStrategic planning illustrates bipartite matchingFrom fundamental graph structures to advanced topics, you will:Implement powerful algorithms, including Dijkstra’s, A*, and Floyd-WarshallTackle puzzles and optimize pathfinding with newfound confidenceUncover real-world applications in social networks and transportation systemsDevelop robust intuition for when and why to apply specific graph techniquesDelve into topological sorting, minimum spanning trees, strongly connected components, and random walks. Confront challenges like graph coloring and the traveling salesperson problem.Prepare to view the world through the lens of graphs—where connections reveal insights and algorithms unlock new possibilities.
Crypto can be cryptic. Serious Cryptography, 2nd Edition arms you with the tools you need to pave the way to understanding modern crypto.This thoroughly revised and updated edition of the bestselling introduction to modern cryptography breaks down fundamental mathematical concepts without shying away from meaty discussions of how they work. In this practical guide, you’ll gain immeasurable insight into topics like authenticated encryption, secure randomness, hash functions, block ciphers, and public-key techniques such as RSA and elliptic curve cryptography.You’ll find coverage of topics like:The basics of computational security, attacker models, and forward secrecyThe strengths and limitations of the TLS protocol behind HTTPS secure websitesQuantum computation and post-quantum cryptographyHow algorithms like AES, ECDSA, Ed25519, Salsa20, and SHA-3 workAdvanced techniques like multisignatures, threshold signing, and zero-knowledge proofsEach chapter includes a discussion of common implementation mistakes using real-world examples and details what could go wrong and how to avoid these pitfalls. And, true to form, you’ll get just enough math to show you how the algorithms work so that you can understand what makes a particular solution effective—and how they break. NEW TO THIS EDITION: This second edition has been thoroughly updated to reflect the latest developments in cryptography. You’ll also find a completely new chapter covering the cryptographic protocols in cryptocurrency and blockchain systems.Whether you’re a seasoned practitioner or a beginner looking to dive into the field, Serious Cryptography will demystify this often intimidating topic. You’ll grow to understand modern encryption and its applications so that you can make better decisions about what to implement, when, and how.
Effective C, 2nd edition, is an introduction to essential C language programming that will soon have you writing programs, solving problems, and building working systems.The latest release of the C programming language, C23, enhances the safety, security, and usability of the language. This second edition of Effective C has been thoroughly updated to cover C23, offering a modern introduction to C that will teach you best practices for writing professional, effective, and secure programs that solve real-world problems.Effective C is a true product of the C community. Robert C. Seacord, a long-standing member of the C standards committee with over 40 years of programming experience, developed the book in collaboration with other C experts, such as Clang’s lead maintainer Aaron Ballman and C project editor JeanHeyd Meneide. Thanks to the efforts of this expert group, you’ll learn how to: Develop professional C code that is fast, robust, and secureUse objects, functions, and types effectivelSafely and correctly use integers and floating-point typesManage dynamic memory allocation Use strings and character types efficientlyPerform I/O operations using C standard streams and POSIX file descriptors Make effective use of C’s preprocessorDebug, test, and analyze C programs The world runs on code written in C. Effective C will show you how to get the most out of the language and build robust programs that stand the test of time.New to this edition: This edition has been extensively rewritten to align with modern C23 programming practices and leverage the latest C23 features.Updated to cover C23
Master the art of offensive bash scripting. This highly practical hands-on guide covers chaining commands together, automating tasks, crafting living-off-the-land attacks, and more!In the hands of the penetration tester, bash scripting becomes a powerful offensive security tool. In Black Hat Bash, you’ll learn how to use bash to automate tasks, develop custom tools, uncover vulnerabilities, and execute advanced, living-off-the-land attacks against Linux servers. You’ll build a toolbox of bash scripts that will save you hours of manual work. And your only prerequisite is basic familiarity with the Linux operating system.You’ll learn the basics of bash syntax, then set up a Kali Linux lab to apply your skills across each stage of a penetration test—from initial access to data exfiltration. Along the way, you’ll learn how to perform OS command injection, access remote machines, gather information stealthily, and navigate restricted networks to find the crown jewels. Hands-on exercises throughout will have you applying your newfound skills.Key topics covered include:Bash scripting essentials: From control structures, functions, loops, and text manipulation with grep, awk, and sed.How to set up your lab: Create a hacking environment with Kali and Docker and install additional tools.Reconnaissance and vulnerability scanning: Learn how to perform host discovery, fuzzing, and port scanning using tools like Wfuzz, Nmap, and Nuclei.Exploitation and privilege escalation: Establish web and reverse shells, and maintain continuous access.Defense evasion and lateral movement: Audit hosts for landmines, avoid detection, and move through networks to uncover additional targets.Whether you’re a pentester, a bug bounty hunter, or a student entering the cybersecurity field, Black Hat Bash will teach you how to automate, customize, and optimize your offensive security strategies quickly and efficiently, with no true sorcery required.
"Make the leap from following the step-by-step instructions for building official LEGO sets to designing your own original models. Covers basic concepts like overlapping bricks for structural stability, sophisticated techniques like half-stud offsets and sideways building, and using software to help design photorealistic mosaics and elegant sculptures"--
If you work with embedded systems, you''re bound to encounter the ubiquitous Inter-Integrated Circuit bus (IIC, I2C, or I2C) - a serial protocol for connecting integrated circuits in a computer system. In The Book of I2C, the first comprehensive guide to this bus, bestselling author Randall Hyde draws on 40 years of industry experience to get you started designing and programming I2C systems.
A hands-on, beginner-friendly guide to building and programming LEGO® robots.You're the new owner of a LEGO® robotics kit. Now what? Getting Started with LEGO® MINDSTORMS teaches you the basics of robotics engineering, using examples compatible with the LEGO® MINDSTORMS Robot Inventor and SPIKE Prime sets. You'll be making remote-control vehicles, motorized grabbers, automatic ball launchers, and other exciting robots in no time.Rather than feature step-by-step instructions for building a handful of models, you'll find essential information and expert tips and tricks for designing, building, and programming your own robotic creations. The book features a comprehensive introduction to coding with Word Blocks, an intuitive visual programming language based on Scratch, and explores topics such as using motors and sensors, building sturdy structures, and troubleshooting problems when things go wrong. As you learn, loads of challenges and open-ended projects will inspire you to try out ideas. Your journey to becoming a confident robot designer begins here.
Strengthen your coding skills by exploring the weird world of esoteric programming languages.Explore the wonderful, wild, and often weird world of esoteric programming languages. The book begins with the history and theory of programming languages, addressing concepts like Turing machines and Turing completeness. You're then treated to a tour of three "atypical" programming languages, real languages that are unusual and require out of the box thinking. Following that are five chapters on existing esoteric languages (esolangs), some of which are easy to use, others quite difficult, and others novel because of their approach (programming with pictures, for example). Finally, the remaining chapters detail the development and use of two entirely new programming languages. The main point of the book is to encourage readers to think differently about what it means to express thought using a programming language, and to explore the limits and boundaries of what a programming language might be. Though readers aren't likely to use any of these languages in their day jobs, learning to think in these languages will make them better, more confident programmers.
Tag along with a master hacker on a truly memorable attack. From reconnaissance to infiltration, you’ll experience their every thought, frustration, and strategic decision-making first-hand in this exhilarating narrative journey into a highly defended Windows environment driven by AI.Step into the shoes of a master hacker and break into an intelligent, highly defensive Windows environment. You’ll be infiltrating the suspicious (fictional) offshoring company G & S Trust and their hostile Microsoft stronghold. While the target is fictional, the corporation’s vulnerabilities are based on real-life weaknesses in today’s advanced Windows defense systems. You’ll experience all the thrills, frustrations, dead-ends, and eureka moments of the mission first-hand, while picking up practical, cutting-edge techniques for evading Microsoft’s best security systems. The adventure starts with setting up your elite hacking infrastructure complete with virtual Windows system. After some thorough passive recon, you’ll craft a sophisticated phishing campaign to steal credentials and gain initial access. Once inside you’ll identify the security systems, scrape passwords, plant persistent backdoors, and delve deep into areas you don’t belong. Throughout your task you’ll get caught, change tack on a tee, dance around defensive monitoring systems, anddisable tools from the inside. Spark Flow’s clever insights, witty reasoning, andstealth maneuvers teach you to be patient, persevere, and adapt your skills at the drop of a hat. You’ll learn how to:Identify and evade Microsoft security systems like Advanced Threat Analysis,QRadar, MDE, and AMSISeek out subdomains and open ports with Censys, Python scripts, and other OSINT toolsScrape password hashes using KerberoastingPlant camouflaged C# backdoors and payloadsGrab victims’ credentials with more advanced techniques like reflection anddomain replication Like other titles in the How to Hack series, this book is packed with interesting tricks, ingenious tips, and links to useful resources to give you a fast-paced, hands-on guide to penetrating and bypassing Microsoft security systems.
A swift and practical introduction to building interactive data visualization apps in Python, known as dashboards. You''ve seen dashboards before; think election result visualizations you can update in real time, or population maps you can filter by demographic. With the Python Dash library you''ll create analytic dashboards that present data in effective, usable, elegant ways in just a few lines of code. A swift and practical introduction to building interactive data visualization apps in Python, known as dashboards
The fascinating inside story of how the Android operating system came to be.In 2004, Android was two people who wanted to build camera software but couldn't get investors interested. Today, Android is a large team at Google, delivering an operating system (including camera software) to over 3 billion devices worldwide. This is the inside story, told by the people who made it happen.Androids: The Team that Built the Android Operating System is a first-hand chronological account of how the startup began, how the team came together, and how they all built an operating system from the kernel level to its applications and everything in between. It describes the tenuous beginnings of this ambitious project as a tiny startup, then as a small acquisition by Google that took on an industry with strong, entrenched competition. Author Chet Haase joined the Android team at Google in May 2010 and later recorded conversations with team members to preserve the early days of Android's history leading to the launch of 1.0. This engaging and accessible book captures the developers' stories in their own voices to answer the question: How did Android succeed?
DevOps for the Desperate is a hands-on, no-nonsense guide for those who land in a DevOps environment and need to get up and running quickly.This book introduces fundamental concepts software developers need to know to flourish in a modern DevOps environment including infrastructure as code, configuration management, security, containerization and orchestration, monitoring and alerting, and troubleshooting. Readers will follow along with hands-on examples to learn how to tackle common DevOps tasks. The book begins with an exploration of DevOps concepts using Vagrant and Ansible to build systems with repeatable and predictable states, including configuring a host with user-based security. Next up is a crash course on containerization, orchestration, and delivery using Docker, Kubernetes, and a CI/CDpipeline. The book concludes with a primer in monitoring and alerting with tips for troubleshootingcommon host and application issues. You'll learn how to: • Use Ansible to manage users and groups, and enforce complex passwords • Create a security policy for administrative permissions, and automate a host-based firewall • Get started with Docker to containerize applications, use Kubernetes for orchestration, and deploycode using a CI/CD pipeline • Build a monitoring stack, investigate common metric patterns, and trigger alerts • Troubleshoot and analyze common issues and errors found on hosts
A hands-on, real-world introduction to data analysis with the Python programming language, loaded with wide-ranging examples.Python is an ideal choice for accessing, manipulating, and gaining insights from data of all kinds. Python for Data Science introduces you to the Pythonic world of data analysis with a learn-by-doing approach rooted in practical examples and hands-on activities. You’ll learn how to write Python code to obtain, transform, and analyze data, practicing state-of-the-art data processing techniques for use cases in business management, marketing, and decision support.You will discover Python’s rich set of built-in data structures for basic operations, as well as its robust ecosystem of open-source libraries for data science, including NumPy, pandas, scikit-learn, matplotlib, and more. Examples show how to load data in various formats, how to streamline, group, and aggregate data sets, and how to create charts, maps, and other visualizations. Later chapters go in-depth with demonstrations of real-world data applications, including using location data to power a taxi service, market basket analysis to identify items commonly purchased together, and machine learning to predict stock prices.
Learn to expertly apply a range of machine learning methods to real data with this practical guide.Machine learning without advanced math! This book presents a serious, practical look at machine learning, preparing you for valuable insights on your own data. The Art of Machine Learning is packed with real dataset examples and sophisticated advice on how to make full use of powerful machine learning methods. Readers will need only an intuitive grasp of charts, graphs, and the slope of a line, as well as familiarity with the R programming language.You'll become skilled in a range of machine learning methods, starting with the simple k-Nearest Neighbors method (k-NN), then on to random forests, gradient boosting, linear/logistic models, support vector machines, the LASSO, and neural networks. Final chapters introduce text and image classification, as well as time series. You'll learn not only how to use machine learning methods, but also why these methods work, providing the strong foundational background you'll need in practice. Additional features: • How to avoid common problems, such as dealing with "dirty" data and factor variables with large numbers of levels • A look at typical misconceptions, such as dealing with unbalanced data • Exploration of the famous Bias-Variance Tradeoff, central to machine learning, and how it plays out in practice for each machine learning method • Dozens of illustrative examples involving real datasets of varying size and field of application • Standard R packages are used throughout, with a simple wrapper interface to provide convenient access. After finishing this book, you will be well equipped to start applying machine learning techniques to your own datasets.
Modeling and Simulation in Python teaches readers how to analyze real-world scenarios using the Python programming language, requiring no more than a background in high school math.Modeling and Simulation in Python is a thorough but easy-to-follow introduction to physical modeling—that is, the art of describing and simulating real-world systems. Readers are guided through modeling things like world population growth, infectious disease, bungee jumping, baseball flight trajectories, celestial mechanics, and more while simultaneously developing a strong understanding of fundamental programming concepts like loops, vectors, and functions.Clear and concise, with a focus on learning by doing, the author spares the reader abstract, theoretical complexities and gets right to hands-on examples that show how to produce useful models and simulations.
A practical guide to understanding and analyzing cyber attacks by advanced attackers, such as nation states.Cyber attacks are no longer the domain of petty criminals. Today, companies find themselves targeted by sophisticated nation state attackers armed with the resources to craft scarily effective campaigns. This book is a detailed guide to understanding the major players in these cyber wars, the techniques they use, and the process of analyzing their advanced attacks. Whether you’re an individual researcher or part of a team within a Security Operations Center (SoC), you’ll learn to approach, track, and attribute attacks to these advanced actors. The first part of the book is an overview of actual cyber attacks conducted by nation-state actors and other advanced organizations. It explores the geopolitical context in which the attacks took place, the patterns found in the attackers’ techniques, and the supporting evidence analysts used to attribute such attacks. Dive into the mechanisms of: North Korea’s series of cyber attacks against financial institutions, which resulted in billions of dollars stolenThe world of targeted ransomware attacks, which have leveraged nation state tactics to cripple entire corporate enterprises with ransomwareRecent cyber attacks aimed at disrupting or influencing national elections globallyThe book’s second part walks through how defenders can track and attribute future attacks. You’ll be provided with the tools, methods, and analytical guidance required to dissect and research each stage of an attack campaign. Here, Jon DiMaggio demonstrates some of the real techniques he has employed to uncover crucial information about the 2021 Colonial Pipeline attacks, among many other advanced threats. He now offers his experience to train the next generation of expert analysts.
A resource to help forensic investigators locate, analyze, and understand digital evidence found on modern Linux systems after a crime, security incident or cyber attack.Practical Linux Forensics dives into the technical details of analyzing postmortem forensic images of Linux systems which have been misused, abused, or the target of malicious attacks. It helps forensic investigators locate and analyze digital evidence found on Linux desktops, servers, and IoT devices. Throughout the book, you learn how to identify digital artifacts which may be of interest to an investigation, draw logical conclusions, and reconstruct past activity from incidents. You’ll learn how Linux works from a digital forensics and investigation perspective, and how to interpret evidence from Linux environments. The techniques shown are intended to be independent of the forensic analysis platforms and tools used.Learn how to:Extract evidence from storage devices and analyze partition tables, volume managers, popular Linux filesystems (Ext4, Btrfs, and Xfs), and encryptionInvestigate evidence from Linux logs, including traditional syslog, the systemd journal, kernel and audit logs, and logs from daemons and applicationsReconstruct the Linux startup process, from boot loaders (UEFI and Grub) and kernel initialization, to systemd unit files and targets leading up to a graphical loginPerform analysis of power, temperature, and the physical environment of a Linux machine, and find evidence of sleep, hibernation, shutdowns, reboots, and crashesExamine installed software, including distro installers, package formats, and package management systems from Debian, Fedora, SUSE, Arch, and other distrosPerform analysis of time and Locale settings, internationalization including language and keyboard settings, and geolocation on a Linux systemReconstruct user login sessions (shell, X11 and Wayland), desktops (Gnome, KDE, and others) and analyze keyrings, wallets, trash cans, clipboards, thumbnails, recent files and other desktop artifactsAnalyze network configuration, including interfaces, addresses, network managers, DNS, wireless artifacts (Wi-Fi, Bluetooth, WWAN), VPNs (including WireGuard), firewalls, and proxy settingsIdentify traces of attached peripheral devices (PCI, USB, Thunderbolt, Bluetooth) including external storage, cameras, and mobiles, and reconstruct printing and scanning activity
Learn firsthand just how easy a cyberattack can be.Go Hack Yourself is an eye-opening, hands-on introduction to the world of hacking, from an award-winning cybersecurity coach. As you perform common attacks against yourself, you’ll be shocked by how easy they are to carry out—and realize just how vulnerable most people really are.You’ll be guided through setting up a virtual hacking lab so you can safely try out attacks without putting yourself or others at risk. Then step-by-step instructions will walk you through executing every major type of attack, including physical access hacks, Google hacking and reconnaissance, social engineering and phishing, malware, password cracking, web hacking, and phone hacking. You’ll even hack a virtual car! You’ll experience each hack from the point of view of both the attacker and the target. Most importantly, every hack is grounded in real-life examples and paired with practical cyber defense tips, so you’ll understand how to guard against the hacks you perform.You’ll learn:How to practice hacking within a safe, virtual environmentHow to use popular hacking tools the way real hackers do, like Kali Linux, Metasploit, and John the RipperHow to infect devices with malware, steal and crack passwords, phish for sensitive information, and moreHow to use hacking skills for good, such as to access files on an old laptop when you can’t remember the passwordValuable strategies for protecting yourself from cyber attacksYou can’t truly understand cyber threats or defend against them until you’ve experienced them firsthand. By hacking yourself before the bad guys do, you’ll gain the knowledge you need to keep you and your loved ones safe.
Disasters happen. Be prepared. Here’s how.As a leading security engineer, Michal Zalewski has spent his career methodically anticipating and planning for cyberattacks. In Practical Doomsday, Zalewski applies the same thoughtful, rational approach to preparing for disasters of all kinds. By sharing his research, advice, and a healthy dose of common sense, he’ll help you rest easy knowing you have a plan for the worst—even if the worst never comes.The book outlines a level-headed model for evaluating risks, one that weighs the probability of scenarios against the cost of preparing for them. You’ll learn to apply that model to the whole spectrum of potential crises, from personal hardships like job loss or a kitchen fire, to large-scale natural disasters and industrial accidents, to recurring pop-culture fears like all-out nuclear war. You’ll then explore how basic lifestyle adjustments, such as maintaining a robust rainy-day fund, protecting yourself online, and fostering good relationships with your neighbors, can boost your readiness for a wide range of situations. You’ll also take a no-nonsense look at the supplies and equipment essential to surviving sudden catastrophes, like prolonged power outages or devastating storms, and examine the merits and legal implications of different self-defense strategies.You’ll learn:How to identify and meaningfully assess risks in your life, then develop strategies for managing themWays to build up and diversify a robust financial safety net—a key component of nearly all effective preparedness strategiesHow to adapt your prep plans to a variety of situations, from shelter-in-place scenarios to evacuations by car or on footSensible approaches to stockpiling food, water, and other essentials, along with recommendations on what supplies are actually worth having Disasters happen, but they don’t have to dominate your life. Practical Doomsday will help you plan ahead, so you can stop worrying about what tomorrow may bring and start enjoying your life today.
What every software professional should know about security.Designing Secure Software consolidates Loren Kohnfelder’s more than twenty years of experience into a concise, elegant guide to improving the security of technology products. Written for a wide range of software professionals, it emphasizes building security into software design early and involving the entire team in the process. The book begins with a discussion of core concepts like trust, threats, mitigation, secure design patterns, and cryptography. The second part, perhaps this book’s most unique and important contribution to the field, covers the process of designing and reviewing a software design with security considerations in mind. The final section details the most common coding flaws that create vulnerabilities, making copious use of code snippets written in C and Python to illustrate implementation vulnerabilities. You’ll learn how to: • Identify important assets, the attack surface, and the trust boundaries in a system • Evaluate the effectiveness of various threat mitigation candidates • Work with well-known secure coding patterns and libraries • Understand and prevent vulnerabilities like XSS and CSRF, memory flaws, and more • Use security testing to proactively identify vulnerabilities introduced into code • Review a software design for security flaws effectively and without judgment Kohnfelder’s career, spanning decades at Microsoft and Google, introduced numerous software security initiatives, including the co-creation of the STRIDE threat modeling framework used widely today. This book is a modern, pragmatic consolidation of his best practices, insights, and ideas about the future of software.
Tilmeld dig nyhedsbrevet og få gode tilbud og inspiration til din næste læsning.
Ved tilmelding accepterer du vores persondatapolitik.