Threats : what every engineer should learn from star wars

Threats what every engineer should learn from star wars

Secure your applications with help from your favorite Jedi masters In Threats: What Every Engineer Should Learn From Star Wars, accomplished security expert and educator Adam Shostack delivers an easy-to-read and engaging discussion of security threats and how to develop secure systems. The book wil...

Descripción completa

Detalles Bibliográficos
Otros Autores: Shostack, Adam, author (author)
Formato: Libro electrónico
Idioma:Inglés
Publicado: Hoboken, NJ : John Wiley & Sons, Inc [2023]
Materias:
Computer security.
Computer software > Development.
Star Wars films.
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009724219306719
Tabla de Contenidos:
  • Cover
  • Title Page
  • Copyright Page
  • Contents
  • Preface
  • Introduction
  • Who This Book Is For
  • What You'll Gain from This Book
  • A Few Words for the Nonengineer
  • Security Terminology
  • How This Book Is Organized
  • Chapter 1 Spoofing and Authenticity
  • Identifiers and Authentication
  • Technical Identifiers
  • Human Identifiers
  • Authenticating People to People
  • Authenticating People to Computers
  • Authenticating Computers to People
  • Authenticating Computers to Computers
  • Spoofing Attacks
  • Spoofing Files
  • Spoofing Processes
  • Spoofing Machines
  • Spoofing in Specific Scenarios
  • Internet of Things
  • Mobile Phones
  • Cloud
  • Considerations in Authenticating to Organizations
  • Mechanisms for Spoofing Attacks
  • Misrepresentation
  • Attacks on Authentication Mechanisms
  • Threats Against Authentication Types
  • Defenses
  • Authenticating People
  • Authenticating Computers
  • Conclusion
  • Chapter 2 Tampering and Integrity
  • Introduction
  • Targets of Tampering
  • Tampering with Storage
  • Tampering with Communications
  • Tampering with Time
  • Process Tampering
  • Tampering in Specific Technologies
  • Mechanisms for Tampering
  • Location for Tampering
  • Tools for Tampering
  • Defenses
  • Cryptography
  • The Kernel
  • Detection
  • Conclusion
  • Chapter 3 Repudiation and Proof
  • Introduction
  • The Threat: Repudiation
  • Message Repudiation
  • Fraud
  • Account Takeover
  • Logging Threats
  • Repudiation in Specific Technologies
  • Internet of Things (Including Phones)
  • Cloud
  • AI/ML
  • Crypto and Blockchain
  • Repudiation Mechanisms
  • Defenses
  • Cryptography
  • Keeping Logs
  • Using Logs
  • Antifraud Tools
  • Conclusion
  • Chapter 4 Information Disclosure and Confidentiality
  • Threats to Confidentiality
  • Information Disclosure, at Rest
  • Information Disclosure, in Motion.
  • Information Disclosure from a Process
  • Human Connections
  • Side Effects and Covert Channels
  • Information Disclosure Mechanisms
  • Information Disclosure with Specific Scenarios
  • Internet of Things
  • Mobile Phones
  • Cloud
  • AI/ML
  • Blockchain
  • Privacy
  • Defenses
  • Operating System Defenses
  • Defending Your Process
  • Cryptography
  • Conclusion
  • Chapter 5 Denial of Service and Availability
  • Resources Consumed by Denial-of-Service Threats
  • Compute
  • Storage
  • Networks
  • Electrical Power
  • Money
  • Other Resources
  • Denial-of-Service Properties
  • Bespoke or Generalized
  • Amplification
  • Authentication Targets
  • Ephemeral or Persistent
  • Direct or Emergent
  • Denial of Service in Specific Technologies
  • Authentication Services
  • Cloud
  • Protocol Design
  • IoT and Mobile
  • Defenses
  • Abundance and Quotas
  • Graceful Degradation
  • Resilience Testing
  • Conclusion
  • Chapter 6 Expansion of Authority and Isolation
  • Expansion Mechanisms and Effects
  • Authority in Specific Scenarios
  • Confused Deputies
  • Internet of Things
  • Mobile
  • Cloud
  • Defenses
  • Least Privilege and Separation of Privilege
  • Architecture as Barrier
  • Code as Barrier
  • Authority and Privilege
  • Access Control (Background)
  • Newer Approaches to Policy
  • Conclusion
  • Chapter 7 Predictability and Randomness
  • Predictability Threats
  • Guessing and Testing
  • Cryptographic Threats
  • Time and Timing Threats
  • Information Disclosure and Time
  • Tampering with Time
  • Predictability in Specific Scenarios
  • Network Traffic
  • Local System Threats
  • Business Processes
  • Defenses
  • Preventing Races
  • Defenses Against Guessing and Searching
  • Usability
  • Assume Transparency
  • Conclusion
  • Chapter 8 Parsing and Corruption
  • What Is Parsing?
  • How Parsers Work
  • A "Bit" of Context
  • All Data Is Tainted
  • Threats to Parsers.
  • SQL Injection Example
  • Surprising Output
  • Overly Powerful Input
  • Denial-of-Service Threats to Parsers
  • Bad Advice
  • Chained Parsers
  • Specific Parsing Scenario Threats
  • Parsing Protocols + Document Formats
  • C Code + Memory Safety
  • Defenses
  • The Robustness Principle
  • Input Validation
  • Memory Safety
  • LangSec
  • Conclusion
  • Chapter 9 Kill Chains
  • Threats: Kill Chains
  • Server Kill Chain
  • Desktop Kill Chains
  • Acquire or Use Credentials
  • Kill Chains for Specific Scenarios
  • Cloud
  • IoT
  • Mobile (IoS, Android)
  • Weaponization as a Subchain
  • "No One Would Ever Do That"
  • Ransomware
  • Elements of Network Kill Chains
  • History
  • History of Kill Chains
  • Defenses
  • Types of Defenses
  • Defensive Scenarios
  • Conclusion
  • Epilogue
  • Glossary
  • Bibliography
  • Story Index
  • Episode I: The Phantom Menace
  • Episode III: Revenge of the Sith
  • Obi-Wan (Television Series)
  • Rogue One
  • Star Wars: A New Hope
  • The Empire Strikes Back
  • Return of the Jedi
  • Index
  • EULA.

Ejemplares similares