| Description |
1 online resource |
| Contents |
Cover -- Title Page -- Copyright Page -- Contents -- Preface -- Introduction -- Who This Book Is For -- What You'll Gain from This Book -- A Few Words for the Nonengineer -- Security Terminology -- How This Book Is Organized -- Chapter 1 Spoofing and Authenticity -- Identifiers and Authentication -- Technical Identifiers -- Human Identifiers -- Authenticating People to People -- Authenticating People to Computers -- Authenticating Computers to People -- Authenticating Computers to Computers -- Spoofing Attacks -- Spoofing Files -- Spoofing Processes -- Spoofing Machines |
|
Spoofing in Specific Scenarios -- Internet of Things -- Mobile Phones -- Cloud -- Considerations in Authenticating to Organizations -- Mechanisms for Spoofing Attacks -- Misrepresentation -- Attacks on Authentication Mechanisms -- Threats Against Authentication Types -- Defenses -- Authenticating People -- Authenticating Computers -- Conclusion -- Chapter 2 Tampering and Integrity -- Introduction -- Targets of Tampering -- Tampering with Storage -- Tampering with Communications -- Tampering with Time -- Process Tampering -- Tampering in Specific Technologies -- Mechanisms for Tampering |
|
Location for Tampering -- Tools for Tampering -- Defenses -- Cryptography -- The Kernel -- Detection -- Conclusion -- Chapter 3 Repudiation and Proof -- Introduction -- The Threat: Repudiation -- Message Repudiation -- Fraud -- Account Takeover -- Logging Threats -- Repudiation in Specific Technologies -- Internet of Things (Including Phones) -- Cloud -- AI/ML -- Crypto and Blockchain -- Repudiation Mechanisms -- Defenses -- Cryptography -- Keeping Logs -- Using Logs -- Antifraud Tools -- Conclusion -- Chapter 4 Information Disclosure and Confidentiality -- Threats to Confidentiality |
|
Information Disclosure, at Rest -- Information Disclosure, in Motion -- Information Disclosure from a Process -- Human Connections -- Side Effects and Covert Channels -- Information Disclosure Mechanisms -- Information Disclosure with Specific Scenarios -- Internet of Things -- Mobile Phones -- Cloud -- AI/ML -- Blockchain -- Privacy -- Defenses -- Operating System Defenses -- Defending Your Process -- Cryptography -- Conclusion -- Chapter 5 Denial of Service and Availability -- Resources Consumed by Denial-of-Service Threats -- Compute -- Storage -- Networks -- Electrical Power -- Money |
|
Other Resources -- Denial-of-Service Properties -- Bespoke or Generalized -- Amplification -- Authentication Targets -- Ephemeral or Persistent -- Direct or Emergent -- Denial of Service in Specific Technologies -- Authentication Services -- Cloud -- Protocol Design -- IoT and Mobile -- Defenses -- Abundance and Quotas -- Graceful Degradation -- Resilience Testing -- Conclusion -- Chapter 6 Expansion of Authority and Isolation -- Expansion Mechanisms and Effects -- Authority in Specific Scenarios -- Confused Deputies -- Internet of Things -- Mobile -- Cloud -- Defenses |
| Summary |
Secure your applications with help from your favorite Jedi masters In Threats: What Every Engineer Should Learn From Star Wars, accomplished security expert and educator Adam Shostack delivers an easy-to-read and engaging discussion of security threats and how to develop secure systems. The book will prepare you to take on the Dark Side as you learn--in a structured and memorable way--about the threats to your systems. You'll move from thinking of security issues as clever one-offs and learn to see the patterns they follow. This book brings to light the burning questions software developers should be asking about securing systems, and answers them in a fun and entertaining way, incorporating cybersecurity lessons from the much-loved Star Wars series. You don't need to be fluent in over 6 million forms of exploitation to face these threats with the steely calm of a Jedi master. You'll also find: Understandable and memorable introductions to the most important threats that every engineer should know Straightforward software security frameworks that will help engineers bake security directly into their systems Strategies to align large teams to achieve application security in today's fast-moving and agile world Strategies attackers use, like tampering, to interfere with the integrity of applications and systems, and the kill chains that combine these threats into fully executed campaigns An indispensable resource for software developers and security engineers, Threats: What Every Engineer Should Learn From Star Wars belongs on the bookshelves of everyone delivering or operating technology: from engineers to executives responsible for shipping secure code. |
| Subject |
Computer security.
|
|
Computer software -- Development.
|
|
Star Wars films.
|
|
Sécurité informatique. |
|
Guerre des étoiles (Films) |
|
Computer security |
|
Computer software -- Development |
|
Star Wars films |
| Genre |
Electronic books.
|
| Other Form: |
Print version: 1119895162 9781119895169 (OCoLC)1331705057 |
| ISBN |
9781119895176 (electronic bk.) |
|
1119895170 (electronic bk.) |
|
9781119897699 (electronic bk.) |
|
1119897696 (electronic bk.) |
|
More Resources