- Table View
- List View
Secure and Resilient Software Development
by Mark S. Merkow Lakshmikanth RaghavanAlthough many software books highlight open problems in secure software development, few provide easily actionable, ground-level solutions. Breaking the mold, Secure and Resilient Software Development teaches you how to apply best practices and standards for consistent and secure software development. It details specific quality software developmen
Secure and Resilient Software: Requirements, Test Cases, and Testing Methods
by Mark S. Merkow Lakshmikanth RaghavanSecure and Resilient Software: Requirements, Test Cases, and Testing Methods provides a comprehensive set of requirements for secure and resilient software development and operation. It supplies documented test cases for those requirements as well as best practices for testing nonfunctional requirements for improved information assurance. This resource-rich book includes: Pre-developed nonfunctional requirements that can be reused for any software development project Documented test cases that go along with the requirements and can be used to develop a Test Plan for the software Testing methods that can be applied to the test cases provided Downloadable resources with all security requirements and test cases as well as MS Word versions of the checklists, requirements, and test cases covered in the book Offering ground-level, already-developed software nonfunctional requirements and corresponding test cases and methods, this book will help to ensure that your software meets its nonfunctional requirements for security and resilience. The accompanying downloadable resources filled with helpful checklists and reusable documentation provides you with the tools needed to integrate security into the requirements analysis, design, and testing phases of your software development lifecycle.Some Praise for the Book:This book pulls together the state of the art in thinking about this important issue in a holistic way with several examples. It takes you through the entire lifecycle from conception to implementation ... .—Doug Cavit, Chief Security Strategist, Microsoft Corporation...provides the reader with the tools necessary to jump-start and mature security within the software development lifecycle (SDLC). —Jeff Weekes, Sr. Security Architect at Terra Verde Services
Secure and Smart Cyber-Physical Systems
by Danda B. Rawat Uttam Ghosh Fortune MhlangaCybersecurity is a paramount concern in both Internet of Things (IoT) and Cyber-Physical Systems (CPSs) due to the interconnected and often critical nature of these systems. The integration of AI/ML into the realm of IoT and CPS security has gained significant attention and momentum in recent years. The success of AI/ML in various domains has sparked interest in leveraging these technologies to enhance the security, resilience, and adaptability of IoT and CPS. Secure and Smart Cyber-Physical Systems provides an extensive exploration of AI/ML-based security applications in the context of IoT and CPS.Features• Presents cutting-edge topics and research in IoT and CPS.• Includes contributions from leading worldwide researchers.• Focuses on CPS architectures for secure and smart environments.• Explores AI/ML and blockchain approaches for providing security and privacy to CPS including smart grids, smart cities, and smart healthcare.• Provides comprehensive guidance into the intricate world of software development for medical devices.• Covers a blueprint for the emergence of 6G communications technology in Industry 5.0 and federated-learning-based secure financial services.This book covers state-of-the-art problems, existing solutions, and potential research directions for CPS researchers, scholars, and professionals in both industry and academia.
Secure and Trusted Cyber Physical Systems: Recent Approaches and Future Directions (Smart Sensors, Measurement and Instrumentation #43)
by Ernest Foo Shantanu Pal Zahra JadidiThis book highlights the latest design and development of security issues and various defences to construct safe, secure and trusted Cyber-Physical Systems (CPS). In addition, the book presents a detailed analysis of the recent approaches to security solutions and future research directions for large-scale CPS, including its various challenges and significant security requirements. Furthermore, the book provides practical guidance on delivering robust, privacy, and trust-aware CPS at scale. Finally, the book presents a holistic insight into IoT technologies, particularly its latest development in strategic applications in mission-critical systems, including large-scale Industrial IoT, Industry 4.0, and Industrial Control Systems. As such, the book offers an essential reference guide about the latest design and development in CPS for students, engineers, designers, and professional developers.
Secure and Trustworthy Cyberphysical Microfluidic Biochips: A practical guide to cutting-edge design techniques for implementing secure and trustworthy cyberphysical microfluidic biochips
by Krishnendu Chakrabarty Jack Tang Mohamed Ibrahim Ramesh KarriThis book describes novel hardware security and microfluidic biochip design methodologies to protect against tampering attacks in cyberphysical microfluidic biochips (CPMBs). It also provides a general overview of this nascent area of research, which will prove to be a vital resource for practitioners in the field.This book shows how hardware-based countermeasures and design innovations can be a simple and effective last line of defense, demonstrating that it is no longer justifiable to ignore security and trust in the design phase of biochips.
Secure and Trustworthy Transportation Cyber-Physical Systems
by Houbing Song Yunchuan SunThis book comprehensively reviews the cyber security and privacy issues in transportation cyber-physical systems (TCPSs). It examines theories and various state-of-the-art technologies and methodologies. Starting with a survey of the latest solutions in TCPSs, it introduces a smart-transport-system architecture design based on cyber-physical systems. It then discusses in detail the principles and metrics of evaluating safety and privacy in TCPSs and elaborates the verification and analysis of secure, robust and trustworthy TCPSs. Moreover, it demonstrates the advanced and novel tools commonly used in practice by several researchers. Lastly it provides an exhaustive case study on the authentication and attestation in TCPSs. This book is of interest not only to readers in the field of TCPSs, but also to those in interdisciplinary fields, such as energy, healthcare, bio-engineering etc.
Secure by Design
by Daniel Sawano Dan Bergh Johnsson Daniel DeogunAs a developer, you need to build software in a secure way. But you can't spend all your time focusing on security. The answer is to use good design principles, tools, and mindsets that make security an implicit result - it's secure by design. Secure by Design teaches developers how to use design to drive security in software development. This book is full of patterns, best practices, and mindsets that you can directly apply to your real world development. Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.
Secure, Resilient, and Agile Software Development
by Mark MerkowA collection of best practices and effective implementation recommendations that are proven to work, Secure, Resilient, and Agile Software Development leaves the boring details of software security theory out of the discussion as much as possible to concentrate on practical applied software security for practical people. Written to aid your career as well as your organization, the book shows how to gain skills in secure and resilient software development and related tasks. The book explains how to integrate these development skills into your daily duties, thereby increasing your professional value to your company, your management, your community, and your industry. Secure, Resilient, and Agile Software Development was written for the following professionals: AppSec architects and program managers in information security organizations Enterprise architecture teams with application development focus Scrum teams DevOps teams Product owners and their managers Project managers Application security auditors With a detailed look at Agile and Scrum software development methodologies, this book explains how security controls need to change in light of an entirely new paradigm on how software is developed. It focuses on ways to educate everyone who has a hand in any software development project with appropriate and practical skills to Build Security In. After covering foundational and fundamental principles for secure application design, this book dives into concepts, techniques, and design goals to meet well-understood acceptance criteria on features an application must implement. It also explains how the design sprint is adapted for proper consideration of security as well as defensive programming techniques. The book concludes with a look at white box application analysis and sprint-based activities to improve the security and quality of software under development.
Securing AI Model Weights: Preventing Theft and Misuse of Frontier Models
by Sella Nevo Dan Lahav Ajay Karpur Yogev Bar-On Henry-Alexander Bradley Jeff AlstottAs frontier artificial intelligence (AI) models—that is, models that match or exceed the capabilities of the most advanced models at the time of their development—become more capable, protecting them from theft and misuse will become more important. The authors of this report explore what it would take to protect model weights—the learnable parameters that encode the core intelligence of an AI—from theft by a variety of potential attackers.
Securing Ajax Applications
by Christopher WellsAjax applications should be open yet secure. Far too often security is added as an afterthought. Potential flaws need to be identified and addressed right away. This book explores Ajax and web application security with an eye for dangerous gaps and offers ways that you can plug them before they become a problem. By making security part of the process from the start, you will learn how to build secure Ajax applications and discover how to respond quickly when attacks occur. Securing Ajax Applications succinctly explains that the same back-and-forth communications that make Ajax so responsive also gives invaders new opportunities to gather data, make creative new requests of your server, and interfere with the communications between you and your customers. This book presents basic security techniques and examines vulnerabilities with JavaScript, XML, JSON, Flash, and other technologies -- vital information that will ultimately save you time and money. Topics include: An overview of the evolving web platform, including APIs, feeds, web services and asynchronous messaging Web security basics, including common vulnerabilities, common cures, state management and session management How to secure web technologies, such as Ajax, JavaScript, Java applets, Active X controls, plug-ins, Flash and Flex How to protect your server, including front-line defense, dealing with application servers, PHP and scripting Vulnerabilities among web standards such as HTTP, XML, JSON, RSS, ATOM, REST, and XDOS How to secure web services, build secure APIs, and make open mashups secure Securing Ajax Applications takes on the challenges created by this new generation of web development, and demonstrates why web security isn't just for administrators and back-end programmers any more. It's also for web developers who accept the responsibility that comes with using the new wonders of the Web.
Securing Ajax Applications
by Christopher WellsAjax applications should be open yet secure. Far too often security is added as an afterthought. Potential flaws need to be identified and addressed right away. This book explores Ajax and web application security with an eye for dangerous gaps and offers ways that you can plug them before they become a problem. By making security part of the process from the start, you will learn how to build secure Ajax applications and discover how to respond quickly when attacks occur.Securing Ajax Applications succinctly explains that the same back-and-forth communications that make Ajax so responsive also gives invaders new opportunities to gather data, make creative new requests of your server, and interfere with the communications between you and your customers. This book presents basic security techniques and examines vulnerabilities with JavaScript, XML, JSON, Flash, and other technologies -- vital information that will ultimately save you time and money. Topics include: An overview of the evolving web platform, including APIs, feeds, web services and asynchronous messaging Web security basics, including common vulnerabilities, common cures, state management and session management How to secure web technologies, such as Ajax, JavaScript, Java applets, Active X controls, plug-ins, Flash and Flex How to protect your server, including front-line defense, dealing with application servers, PHP and scripting Vulnerabilities among web standards such as HTTP, XML, JSON, RSS, ATOM, REST, and XDOS How to secure web services, build secure APIs, and make open mashups secure Securing Ajax Applications takes on the challenges created by this new generation of web development, and demonstrates why web security isn't just for administrators and back-end programmers any more. It's also for web developers who accept the responsibility that comes with using the new wonders of the Web.
Securing Blockchain Networks like Ethereum and Hyperledger Fabric: Learn advanced security configurations and design principles to safeguard Blockchain networks
by Alessandro ParisiBuild secure private blockchain networks to handle mission-critical security challenges such as denial-of-service attacks, user wallets, and pool mining attacks Key Features Explore blockchain concepts such as cryptography, consensus algorithms, and security assumptions Architect network security for mission-critical decentralized apps (Dapps) using design security considerations Consider various deployment and operational aspects while building a blockchain network Book Description Blockchain adoption has extended from niche research to everyday usage. However, despite the blockchain revolution, one of the key challenges faced in blockchain development is maintaining security, and this book will demonstrate the techniques for doing this. You'll start with blockchain basics and explore various blockchain attacks on user wallets, and denial of service and pool mining attacks. Next, you'll learn cryptography concepts, consensus algorithms in blockchain security, and design principles while understanding and deploying security implementation guidelines. You'll not only cover architectural considerations, but also work on system and network security and operational configurations for your Ethereum and Hyperledger Fabric network. You'll later implement security at each level of blockchain app development, understanding how to secure various phases of a blockchain app using an example-based approach. You'll gradually learn to securely implement and develop decentralized apps, and follow deployment best practices. Finally, you'll explore the architectural components of Hyperledger Fabric, and how they can be configured to build secure private blockchain networks. By the end of this book, you'll have learned blockchain security concepts and techniques that you can implement in real blockchain production environments. What you will learn Understand blockchain consensus algorithms and security assumptions Design secure distributed applications and smart contracts Understand how blockchains manage transactions and help to protect wallets and private keys Prevent potential security threats that can affect distributed ledger technologies (DLTs) and blockchains Use pentesting tools for assessing potential flaws in Dapps and smart contracts Assess privacy compliance issues and manage sensitive data with blockchain Who this book is for This book is for blockchain developers, security professionals, and Ethereum and Hyperledger developers who are looking to implement security in blockchain platforms and ensure secure data management using an example-driven approach. Basic knowledge of blockchain concepts will be beneficial.
Securing Cloud Services
by Lee NewcombeLee Newcombe is an enterprise architect with commercial experience at numerous high-profile companies, including a retail bank, a systems integrator and one of the Big 4 consultancies. He has worked within various Cloud programmes and acted as the IT industry security expert during the early days of the UK Government's G-Cloud programme. Lee has been writing about, presenting on, and working with Cloud technologies since 2007, and is a named contributor to the Cloud Security Alliance guidance document.
Securing Cloud and Mobility: A Practitioner's Guide (Systems Innovation Book Ser.)
by Ian Lim E. Coleen Coolidge Paul HouraniA practitioners' handbook on securing virtualization, cloud computing, and mobility, this book bridges academic theory with real world implementation. It provides pragmatic guidance on securing the multi-faceted layers of private and public cloud deployments as well as mobility infrastructures. The book offers in-depth coverage of implementation plans, workflows, process consideration points, and project planning. Topics covered include physical and virtual segregation, orchestration security, threat intelligence, identity management, cloud security assessments, cloud encryption services, audit and compliance, certifications, secure mobile architecture and secure mobile coding standards.
Securing Converged IP Networks
by Tyson MacaulayInternet Protocol (IP) networks increasingly mix traditional data assets with traffic related to voice, entertainment, industrial process controls, metering, and more. Due to this convergence of content, IP networks are emerging as extremely vital infrastructure components, requiring greater awareness and better security and management. Off
Securing Cyber-Physical Systems
by Al-Sakib Khan PathanThink about someone taking control of your car while you're driving. Or, someone hacking into a drone and taking control. Both of these things have been done, and both are attacks against cyber-physical systems (CPS). Securing Cyber-Physical Systems explores the cybersecurity needed for CPS, with a focus on results of research and real-world deploy
Securing Delay-Tolerant Networks with BPSec
by Edward J. Birrane III Sarah Heiner Ken McKeeverSecuring Delay-Tolerant Networks with BPSec One-stop reference on how to secure a Delay-Tolerant Network (DTN), written by experienced industry insiders Securing Delay-Tolerant Networks with BPSec answers the question, “How can delay-tolerant networks be secured when operating in environments that would otherwise break many of the common security approaches used on the terrestrial Internet today?” The text is composed of three sections: (1) security considerations for delay-tolerant networks, (2) the design, implementation, and customization of the BPSec protocol, and (3) how this protocol can be applied, combined with other security protocols, and deployed in emerging network environments. The text includes pragmatic considerations for deploying BPSec in both regular and delay-tolerant networks. It also features a tutorial on how to achieve several important security outcomes with a combination of security protocols, BPSec included. Overall, it covers best practices for common security functions, clearly showing designers how to prevent network architecture from being over-constrained by traditional security approaches. Written by the lead author and originator of the BPSec protocol specification, Securing Delay-Tolerant Networks (DTNs) with BPSec includes information on: The gap between cryptography and network security, how security requirements constrain network architectures, and why we need something different DTN stressing conditions, covering intermittent connectivity, congested paths, partitioned topologies, limited link state, and multiple administrative controls Securing the terrestrial internet, involving a layered approach to security, the impact of protocol design on security services, and securing the internetworking and transport layers A delay-tolerant security architecture, including desirable properties of a DTN secure protocol, fine-grained security services, and protocol augmentation Securing Delay-Tolerant Networks (DTNs) with BPSec is a one-stop reference on the subject for any professional operationally deploying BP who must use BPSec for its security, including software technical leads, software developers, space flight mission leaders, network operators, and technology and product development leaders in general.
Securing DevOps: Security in the Cloud
by Julien VehentSummarySecuring DevOps explores how the techniques of DevOps and security should be applied together to make cloud services safer. This introductory book reviews the latest practices used in securing web applications and their infrastructure and teaches you techniques to integrate security directly into your product. You'll also learn the core concepts of DevOps, such as continuous integration, continuous delivery, and infrastructure as a service.Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.About the TechnologyAn application running in the cloud can benefit from incredible efficiencies, but they come with unique security threats too. A DevOps team's highest priority is understanding those risks and hardening the system against them.About the BookSecuring DevOps teaches you the essential techniques to secure your cloud services. Using compelling case studies, it shows you how to build security into automated testing, continuous delivery, and other core DevOps processes. This experience-rich book is filled with mission-critical strategies to protect web applications against attacks, deter fraud attempts, and make your services safer when operating at scale. You'll also learn to identify, assess, and secure the unique vulnerabilities posed by cloud deployments and automation tools commonly used in modern infrastructures. What's insideAn approach to continuous securityImplementing test-driven security in DevOpsSecurity techniques for cloud servicesWatching for fraud and responding to incidentsSecurity testing and risk assessmentAbout the ReaderReaders should be comfortable with Linux and standard DevOps practices like CI, CD, and unit testing.About the AuthorJulien Vehent is a security architect and DevOps advocate. He leads the Firefox Operations Security team at Mozilla, and is responsible for the security of Firefox's high-traffic cloud services and public websites.Table of ContentsSecuring DevOpsPART 1 - Case study: applying layers of security to a simple DevOps pipelineBuilding a barebones DevOps pipeline Security layer 1: protecting web applications Security layer 2: protecting cloud infrastructures Security layer 3: securing communications Security layer 4: securing the delivery pipeline PART 2 - Watching for anomalies and protecting services against attacksCollecting and storing logs Analyzing logs for fraud and attacks Detecting intrusions The Caribbean breach: a case study in incident response PART 3 - Maturing DevOps securityAssessing risks Testing security Continuous security
Securing Digital Video: Techniques for DRM and Content Protection
by Eric DiehlContent protection and digital rights management (DRM) are fields that receive a lot of attention: content owners require systems that protect and maximize their revenues; consumers want backwards compatibility, while they fear that content owners will spy on their viewing habits; and academics are afraid that DRM may be a barrier to knowledge sharing. DRM technologies have a poor reputation and are not yet trusted. This book describes the key aspects of content protection and DRM systems, the objective being to demystify the technology and techniques. In the first part of the book, the author builds the foundations, with sections that cover the rationale for protecting digital video content; video piracy; current toolboxes that employ cryptography, watermarking, tamper resistance, and rights expression languages; different ways to model video content protection; and DRM. In the second part, he describes the main existing deployed solutions, including video ecosystems; how video is protected in broadcasting; descriptions of DRM systems, such as Microsoft's DRM and Apple's FairPlay; techniques for protecting prerecorded content distributed using DVDs or Blu-ray; and future methods used to protect content within the home network. The final part of the book looks towards future research topics, and the key problem of interoperability. While the book focuses on protecting video content, the DRM principles and technologies described are also used to protect many other types of content, such as ebooks, documents and games. The book will be of value to industrial researchers and engineers developing related technologies, academics and students in information security, cryptography and media systems, and engaged consumers.
Securing Docker
by Scott GallagherLearn how to secure your Docker environment and keep your environments secure irrespective of the threats out there About This Book * Gain confidence in using Docker for containerization without compromising on security * This book covers different techniques to help you develop your container security skills * It is loaded with practical examples and real-world scenarios to secure your container-based applications Who This Book Is For This book is for developers who wish to use Docker as their testing platform as well as security professionals who are interested in securing Docker containers. You must be familiar with the basics of Docker. What You Will Learn * Find out how to secure your Docker hosts and nodes * Secure your Docker components * Explore different security measures/methods for Linux kernels * Install and run the Docker Bench security application * Monitor and report security issues * Familiarize yourself with third-party tools such as Traffic Authorization, Summon, sVirt, and SELinux to secure your Docker environment In Detail With the rising integration and adoption of Docker containers, there is a growing need to ensure their security. The purpose of this book is to provide techniques and enhance your skills to secure Docker containers easily and efficiently. The book starts by sharing the techniques to configure Docker components securely and explore the different security measures/methods one can use to secure the kernel. Furthermore, we will cover the best practices to report Docker security findings and will show you how you can safely report any security findings you come across. Toward the end, we list the internal and third-party tools that can help you immunize your Docker environment. By the end of this book, you will have a complete understanding of Docker security so you are able to protect your container-based applications. Style and approach This book is your one-stop solution to resolve all your Docker security concerns. It will familiarize you with techniques to safeguard your applications that run on Docker containers.
Securing E-Business Applications and Communications
by John Bowers Jonathan S. HeldThis book walks readers through the process of setting up a secure E-commerce Web site. It includes implementation examples for Unix (Solaris and Linux), Windows NT 4.0, and Windows 2000. The authors pay particular attention to the security issues involved. They also highlight the plethora of encryption algorithms that are instrumental in securing data. Together, the authors and the reader develop a site from concept to implementation. The material makes use of numerous coding examples to illustrate how to use the most current technologies - from Microsoft, Sun, and others - to support secure transactions.
Securing Hadoop
by Sudheesh NarayananThis book is a step-by-step tutorial filled with practical examples which will focus mainly on the key security tools and implementation techniques of Hadoop security.This book is great for Hadoop practitioners (solution architects, Hadoop administrators, developers, and Hadoop project managers) who are looking to get a good grounding in what Kerberos is all about and who wish to learn how to implement end-to-end Hadoop security within an enterprise setup. It's assumed that you will have some basic understanding of Hadoop as well as be familiar with some basic security concepts.
Securing IoT and Big Data: Next Generation Intelligence (Internet of Everything (IoE))
by Alagan Anpalagan T. Poongodi Vijayalakshmi Saravanan Firoz KhanThis book covers IoT and Big Data from a technical and business point of view. The book explains the design principles, algorithms, technical knowledge, and marketing for IoT systems. It emphasizes applications of big data and IoT. It includes scientific algorithms and key techniques for fusion of both areas. Real case applications from different industries are offering to facilitate ease of understanding the approach. The book goes on to address the significance of security algorithms in combing IoT and big data which is currently evolving in communication technologies. The book is written for researchers, professionals, and academicians from interdisciplinary and transdisciplinary areas. The readers will get an opportunity to know the conceptual ideas with step-by-step pragmatic examples which makes ease of understanding no matter the level of the reader.
Securing IoT in Industry 4.0 Applications with Blockchain
by P. KalirajThe Industry 4.0 revolution is changing the world around us. Artificial intelligence and machine learning, automation and robotics, big data, Internet of Things, augmented reality, virtual reality, and creativity are the tools of Industry 4.0. Improved collaboration is seen between smart systems and humans, which merges humans' critical and cognitive thinking abilities with highly accurate and fast industrial automation. Securing IoT in Industry 4.0 Applications with Blockchain examines the role of IoT in Industry 4.0 and how it can be made secure through various technologies including blockchain. The book begins with an in-depth look at IoT and discusses applications, architecture, technologies, tools, and programming languages. It then examines blockchain and cybersecurity, as well as how blockchain achieves cybersecurity. It also looks at cybercrimes and their preventive measures and issues related to IoT security and trust. Features An overview of how IoT is used to improve the performance of Industry 4.0 systems The evolution of the Industrial Internet of Things (IIoT), its proliferation and market share, and some examples across major industries An exploration of how smart farming is helping farmers prevent plant disease The concepts behind the Internet of Nano Things (IoNT), including the nanomachine and nanonetwork architecture and nano-communication paradigms A look at how blockchains can enhance cybersecurity in a variety of applications, including smart contracts, transferring financial instruments, and Public Key Infrastructure An overview of the structure and working of a blockchain, including the types, evolution, benefits, and applications of blockchain to industries A framework of technologies designed to shield networks, computers, and data from malware, vulnerabilities, and unauthorized activities An explanation of the automation system employed in industries along with its classification, functionality, flexibility, limitations, and applications
Securing Microsoft Azure OpenAI (Tech Today)
by Karl OtsSecurely harness the full potential of OpenAI’s artificial intelligence tools in Azure Securing Microsoft Azure OpenAI is an accessible guide to leveraging the comprehensive AI capabilities of Microsoft Azure while ensuring the utmost data security. This book introduces you to the collaborative powerhouse of Microsoft Azure and OpenAI, providing easy access to cutting-edge language models like GPT-4o, GPT-3.5-Turbo, and DALL-E. Designed for seamless integration, the Azure OpenAI Service revolutionizes applications from dynamic content generation to sophisticated natural language translation, all hosted securely within Microsoft Azure’s environment. Securing Microsoft Azure OpenAI demonstrates responsible AI deployment, with a focus on identifying potential harm and implementing effective mitigation strategies. The book provides guidance on navigating risks and establishing best practices for securely and responsibly building applications using Azure OpenAI. By the end of this book, you’ll be equipped with the best practices for securely and responsibly harnessing the power of Azure OpenAI, making intelligent decisions that respect user privacy and maintain data integrity.