دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
دانلود کتاب Alice and Bob Learn Application Security
دانلود کتاب Alice and Bob Learn امنیت برنامه
مشخصات کتاب
Alice and Bob Learn Application Security
دسته بندی: امنیت ویرایش: 1 نویسندگان: Tanya Janca سری: ISBN (شابک) : 9781119687351, 1119687357 ناشر: John Wiley & Sons سال نشر: 2020 تعداد صفحات: 285 زبان: English فرمت فایل : PDF (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود) حجم فایل: 4 مگابایت
قیمت کتاب (تومان) : 40,000
کلمات کلیدی مربوط به کتاب Alice and Bob Learn امنیت برنامه: امنیت، تست نفوذ، برنامههای کاربردی وب، استقرار، بهترین روشها، رمزگذاری، توسعه برنامه، تست واحد، تست، XSS، زیرساخت به عنوان کد، سیاستهای امنیتی، مدیریت رمز عبور، جعل درخواستهای بین سایتی، جعل درخواست از سمت سرور، امنیت برنامه، تفکر طراحی، تهیه نسخه پشتیبان، آزمایش چندگانه
در صورت تبدیل فایل کتاب Alice and Bob Learn Application Security به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب Alice and Bob Learn امنیت برنامه نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
توضیحاتی درمورد کتاب به خارجی
فهرست مطالب
Cover Title Page Copyright Page About the Author About the Technical Editors Acknowledgments Contents at a Glance Contents Foreword Introduction Pushing Left About This Book Out-of-Scope Topics The Answer Key Part 1 What You Must Know to Write Code Safe Enough to Put on the Internet Chapter 1 Security Fundamentals The Security Mandate: CIA Confidentiality Integrity Availability Assume Breach Insider Threats Defense in Depth Least Privilege Supply Chain Security Security by Obscurity Attack Surface Reduction Hard Coding Never Trust, Always Verify Usable Security Factors of Authentication Exercises Chapter 2 Security Requirements Requirements Encryption Never Trust System Input Encoding and Escaping Third-Party Components Security Headers: Seatbelts for Web Apps Security Headers in Action X-XSS-Protection Content-Security-Policy (CSP) X-Frame-Options X-Content-Type-Options Referrer-Policy Strict-Transport-Security (HSTS) Feature-Policy X-Permitted-Cross-Domain-Policies Expect-CT Public Key Pinning Extension for HTTP (HPKP) Securing Your Cookies The Secure Flag The HttpOnly Flag Persistence Domain Path Same-Site Cookie Prefixes Data Privacy Data Classification Passwords, Storage, and Other Important Decisions HTTPS Everywhere TLS Settings Comments Backup and Rollback Framework Security Features Technical Debt = Security Debt File Uploads Errors and Logging Input Validation and Sanitization Authorization and Authentication Parameterized Queries URL Parameters Least Privilege Requirements Checklist Exercises Chapter 3 Secure Design Design Flaw vs. Security Bug Discovering a Flaw Late Pushing Left Secure Design Concepts Protecting Sensitive Data Never Trust, Always Verify/Zero Trust/Assume Breach Backup and Rollback Server-Side Security Validation Framework Security Features Security Function Isolation Application Partitioning Secret Management Re-authentication for Transactions (Avoiding CSRF) Segregation of Production Data Protection of Source Code Threat Modeling Exercises Chapter 4 Secure Code Selecting Your Framework and Programming Language Example #1 Example #2 Example #3 Programming Languages and Frameworks: The Rule Untrusted Data HTTP Verbs Identity Session Management Bounds Checking Authentication (AuthN) Authorization (AuthZ) Error Handling, Logging, and Monitoring Backups and Rollbacks Rules for Errors Logging Monitoring Exercises Chapter 5 Common Pitfalls OWASP Defenses and Vulnerabilities Not Previously Covered Cross-Site Request Forgery Server-Side Request Forgery Deserialization Race Conditions Closing Comments Exercises Part 2 What You Should Do to Create Very Good Code Chapter 6 Testing and Deployment Testing Your Code Code Review Static Application Security Testing (SAST) Software Composition Analysis (SCA) Unit Tests Infrastructure as Code (IaC) and Security as Code (SaC) Testing Your Application Manual Testing Browsers Developer Tools Web Proxies Fuzzing Dynamic Application Security Testing (DAST) Infrastructure VA/Security Assessment/PenTest Testing Your Infrastructure Testing Your Database Testing Your APIs and Web Services Testing Your Integrations Testing Your Network Deployment Editing Code Live on a Server Publishing from an IDE “Homemade” Deployment Systems Run Books Contiguous Integration/Continuous Delivery/Continuous Deployment Exercises Chapter 7 An AppSec Program Application Security Program Goals Creating and Maintaining an Application Inventory Capability to Find Vulnerabilities in Written, Running, and Third-Party Code Knowledge and Resources to Fix the Vulnerabilities Education and Reference Materials Providing Developers with Security Tools Having One or More Security Activities During Each Phase of Your SDLC Implementing Useful and Effective Tooling An Incident Response Team That Knows When to Call You Continuously Improve Your Program Based on Metrics, Experimentation, and Feedback A Special Note on DevOps and Agile Application Security Activities Application Security Tools Your Application Security Program Chapter 8 Securing Modern Applications and Systems APIs and Microservices Online Storage Containers and Orchestration Serverless Infrastructure as Code (IaC) Security as Code (SaC) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) Continuous Integration/Delivery/Deployment Dev(Sec)Ops DevSecOps The Cloud Cloud Computing Cloud Native Cloud Native Security Cloud Workflows Modern Tooling IAST Interactive Application Security Testing Runtime Application Security Protection File Integrity Monitoring Application Control Tools (Approved Software Lists) Security Tools Created for DevOps Pipelines Application Inventory Tools Least Privilege and Other Policy Automation Modern Tactics Summary Exercises Part 3 Helpful Information on How to Continue to Create Very Good Code Chapter 9 Good Habits Password Management Remove Password Complexity Rules Use a Password Manager Passphrases Don’t Reuse Passwords Do Not Implement Password Rotation Multi-Factor Authentication Incident Response Fire Drills Continuous Scanning Technical Debt Inventory Other Good Habits Policies Downloads and Devices Lock Your Machine Privacy Summary Exercises Chapter 10 Continuous Learning What to Learn Offensive = Defensive Don’t Forget Soft Skills Leadership != Management Learning Options Accountability Create Your Plan Take Action Exercises Learning Plan Chapter 11 Closing Thoughts Lingering Questions When Have You Done Enough? How Do You Get Management on Board? How Do You Get Developers on Board? Where Do You Start? Where Do You Get Help? Conclusion Appendix A Resources Introduction Chapter 1: Security Fundamentals Chapter 2: Security Requirements Chapter 3: Secure Design Chapter 4: Secure Code Chapter 5: Common Pitfalls Chapter 6: Testing and Deployment Chapter 7: An AppSec Program Chapter 8: Securing Modern Applications and Systems Chapter 9: Good Habits Chapter 10: Continuous Learning Appendix B Answer Key Chapter 1: Security Fundamentals Chapter 2: Security Requirements Chapter 3: Secure Design Chapter 4: Secure Code Chapter 5: Common Pitfalls Chapter 6: Testing and Deployment Chapter 7: An AppSec Program Chapter 8: Securing Modern Applications and Systems Chapter 9: Good Habits Chapter 10: Continuous Learning Index
نظرات کاربران
کتاب های مرتبط
دانلود کتاب Informatikai biztonság és kriptográfia
دانلود کتاب Plato’s Examination of Pleasure: A Translation of the Philebus, with Introduction and Commentary by R. Hackforth
دانلود کتاب IT-Sicherheit für TCP/IP- und IoT-Netzwerke: Grundlagen, Konzepte, Protokolle, Härtung
دانلود کتاب Essential Cybersecurity Science: Build, Test, and Evaluate Secure Systems
دانلود کتاب Hacking Exposed
دانلود کتاب Seguridad informática
دانلود کتاب Hackez Google Android Introduction a la programmation systeme
دانلود کتاب Corporate computer security
دانلود کتاب Assessing and Insuring Cybersecurity Risk
