LitMy.ru - литература в один клик

Threats: What Every Engineer Should Learn From Star Wars

  • Добавил: literator
  • Дата: 31-01-2023, 04:06
  • Комментариев: 0
Threats: What Every Engineer Should Learn From Star WarsНазвание: Threats: What Every Engineer Should Learn From Star Wars
Автор: Adam Shostack
Издательство: Wiley
Год: 2023
Страниц: 354
Язык: английский
Формат: pdf (true), epub, mobi
Размер: 10.2 MB

Secure your applications with help from your favorite Jedi masters.

In Threats: What Every Engineer Should Learn From Star Wars, accomplished security expert and educator Adam Shostack delivers an easy-to-read and engaging discussion of security threats and how to develop secure systems. The book will prepare you to take on the Dark Side as you learn—in a structured and memorable way—about the threats to your systems. You’ll move from thinking of security issues as clever one-offs and learn to see the patterns they follow.

This book brings to light the burning questions software developers should be asking about securing systems, and answers them in a fun and entertaining way, incorporating cybersecurity lessons from the much-loved Star Wars series. You don’t need to be fluent in over 6 million forms of exploitation to face these threats with the steely calm of a Jedi master.

This book is about threats. We all know a threat when we hear one—“Give me your money, or else!” “I have altered the terms of the deal. Pray I do not alter them…any further.” I use threat to mean a future problem and one that can often be averted if we take preventative action. Security folks use the word threat in a variety of ways. We call an attacker a threat, or sometimes a threat agent. The anti-malware part of the industry calls each virus or bit of malware a threat.

Carrying out a threat is an attack. Each of the threat, its manifestation, and its impact can be a concern. The law considers a credible threat as assault; the act of hitting someone is the battery in “assault and battery.” These can result in injury. In cybersecurity, we often worry about both the threat and its result. If someone breaks in by spoofing a legitimate user, they can quickly chain other threats, such as tampering or information disclosure. Especially as you are learning, being specific about the relationship between mechanism and impact can be helpful. A risk is the quantified refinement of a threat, and those quantifications often involve probability of success and the magnitude of the impact in dollars or lives.

This book starts with STRIDE, a classic way of thinking about threats. STRIDE stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Expansion of Authority. STRIDE is a mnemonic that helps us remember six major groups of threats, covered in the first six chapters. Those are followed by chapters on predictability, parsing, and kill chains. Most chapters in this book follow the same general plan: start with an explanation of the threat, then how it manifests in specific technologies, the mechanisms that attackers use, and finally a short section on defenses.

You’ll also find:

Understandable and memorable introductions to the most important threats that every engineer should know
Straightforward software security frameworks that will help engineers bake security directly into their systems
Strategies to align large teams to achieve application security in today’s fast-moving and agile world
Strategies attackers use, like tampering, to interfere with the integrity of applications and systems, and the kill chains that combine these threats into fully executed campaigns

Who This Book Is For:
Over the last few decades, the job of software development and systems operation has changed. We've learned that our hopes of retrofitting properties from accessibility to reliability to usability have cost us dearly and that we need to incorporate each from the start. We are learning that security is much the same way. Choices made during system development have consequences. We see the need to address security earlier and more holistically. This book is also for security professionals and enthusiasts. There are many pathways into many fields focused on security and hacking. Few of them provide a broad framework that will serve to organize the flood of information about threats, vulnerabilities, and exploits that you'll encounter. My hope is that this book serves all of them.

Скачать Threats: What Every Engineer Should Learn From Star Wars












[related-news] [/related-news]
Внимание
Уважаемый посетитель, Вы зашли на сайт как незарегистрированный пользователь.
Мы рекомендуем Вам зарегистрироваться либо войти на сайт под своим именем.