Texto completo en Odilo

Texto completo en Odilo

Texto completo en Odilo

Texto completo en Odilo

Texto completo en Odilo

Texto completo en Odilo

Texto completo en Odilo

Texto completo en Odilo

Texto completo en Odilo

Texto completo en Odilo

Texto completo en Odilo

Texto completo en Odilo

Texto completo en Odilo

Tabla de Contenidos: “…12.1.1 Continuous integration -- 12.1.2 Continuous delivery -- 12.2 The role of automated tests in a CI/CD pipeline -- 12.3 Version-control checks -- Summary -- 13 A culture of quality -- 13.1 Using type systems to make invalid states unrepresentable -- 13.2 Reviewing code to catch problems machines can't -- 13.3 Using linters and formatters to produce consistent code -- 13.4 Monitoring your systems to understand how they actually behave -- 13.5 Explaining your software with good documentation -- Summary -- index -- inside back cover…”

Tabla de Contenidos: “…Nmap Advanced Enumeration -- Enumerating Users -- POP3 (Port 110) and IMAP4 (Port 143) -- Brute-Forcing POP3 E-mail Accounts -- Database Protocols -- Microsoft SQL Server (Port 1433) -- Oracle Database Server (Port 1521) -- MySQL (Port 3306) -- CI/CD Protocols -- Docker (Port 2375) -- Jenkins (Port 8080/50000) -- Brute-Forcing a Web Portal Using Hydra -- Step 1: Enable a Proxy -- Step 2: Intercept the Form Request -- Step 3: Extracting Form Data and Brute-Forcing with Hydra -- Web Protocols 80/443 -- Graphical Remoting Protocols -- RDP (Port 3389) -- RDP Brute-Force -- VNC (Port 5900) -- File Sharing Protocols -- SMB (Port 445) -- Brute-Forcing SMB -- SNMP (Port UDP 161) -- SNMP Enumeration -- Summary -- Chapter 7 Exploitation Phase -- Vulnerabilities Assessment -- Vulnerability Assessment Workflow -- Vulnerability Scanning with OpenVAS -- Installing OpenVAS -- Scanning with OpenVAS -- Exploits Research -- SearchSploit -- Services Exploitation -- Exploiting FTP Service -- FTP Login -- Remote Code Execution -- Spawning a Shell -- Exploiting SSH Service -- SSH Login -- Telnet Service Exploitation -- Telnet Login -- Sniffing for Cleartext Information -- E-mail Server Exploitation -- Docker Exploitation -- Testing the Docker Connection -- Creating a New Remote Kali Container -- Getting a Shell into the Kali Container -- Docker Host Exploitation -- Exploiting Jenkins -- Reverse Shells -- Using Shells with Metasploit -- Exploiting the SMB Protocol -- Connecting to SMB Shares -- SMB Eternal Blue Exploit -- Summary -- Chapter 8 Web Application Vulnerabilities -- Web Application Vulnerabilities -- Mutillidae Installation -- Apache Web Server Installation -- Firewall Setup -- Installing PHP -- Database Installation and Setup -- Mutillidae Installation -- Cross-Site Scripting -- Reflected XSS -- Stored XSS -- Exploiting XSS Using the Header…”

Tabla de Contenidos: “…Exercise 2 - creating an Azure Cosmos DB SQL API account -- Adding a new database and a new container -- Adding data to a database -- Querying data -- Exercise 3 - connecting to the Azure Cosmos DB SQL API with the SDK -- Exercise 3 - connecting Azure App Service with Azure Cosmos DB -- Summary -- Questions -- Chapter 10: Big Data Storage Overview -- Exploring Azure Data Lake Storage -- Creating an Azure Data Lake instance using the Azure portal -- Creating an Azure Data Lake instance using the Azure CLI -- Exploring Azure Data Factory -- ADF components -- Creating an ADF using the Azure portal -- Exploring Azure Databricks -- Azure Synapse Analytics -- Azure Databricks features -- Azure Databricks components -- Creating an Azure Databricks workspace -- Exploring Azure Synapse Analytics -- Exploring Azure Analysis Services -- Summary -- Further reading -- Questions -- Part 3: Ensuring Continuous Integration and Continuous Container Deployment on Azure -- Chapter 11: Containers and Continuous Deployment on Azure -- Setting up continuous deployment for Docker with Azure DevOps and Azure Container Registry -- Creating the pipeline -- Continuous deployment for Windows containers with Azure DevOps -- Deploying to Azure Container Registry -- Deploying to Azure App Service -- Integrating Docker Hub with the CI/CD pipeline -- Summary -- Assessments -- Index -- Other Books You May Enjoy…”

Tabla de Contenidos: “…Attacking design weaknesses -- Authorization attacks -- Object-level authorization -- Function-level authorization -- Data attacks -- Injection attack -- Detecting injection vulnerabilities -- SQL injection -- NoSQL injection -- Command injection -- Path traversal -- Server-side request forgery -- Other API attacks -- API abuse -- Unrestricted access to sensitive business flows -- Business logic attacks -- Summary -- Further reading -- Part 3: Defending APIs -- Chapter 8: Shift-Left for API Security -- Technical requirements -- Using the OpenAPI Specification -- Data -- Security -- Generating client and server code -- Leveraging the positive security model -- Conducting threat modeling of APIs -- Automating API security -- CI/CD integration -- Semgrep -- Thinking like an attacker -- Summary -- Further reading -- Chapter 9: Defending against Common Vulnerabilities -- Technical requirements -- Authentication vulnerabilities -- Handling JWTs securely -- Implementing OAuth2 -- Password and token hardening -- Securing the reset process -- Handling authentication in code -- Authorization vulnerabilities -- Object-level vulnerabilities -- Function-level vulnerabilities -- Using authorization middleware -- Data vulnerabilities -- Excessive data exposure -- Mass assignment -- Implementation vulnerabilities -- Injection -- Server-Side Request Forgery -- Insufficient logging and monitoring -- Protecting against unrestricted resource consumption -- Defending against API business-level attacks -- Unrestricted access to sensitive business flows -- Unsafe consumption of APIs -- Summary -- Further reading -- Chapter 10: Securing Your Frameworks and Languages -- Technical requirements -- Managing the design-first process in the real world -- Using code-generation tools -- Swagger Codegen -- OpenAPI Generator -- Summary -- Further reading…”

Tabla de Contenidos: “…Chapter 11: Deploying and Maintaining an Automotive IoT Application -- The DevSecOps life cycle -- The plan stage -- CI -- The code stage -- The build stage -- The test stage -- CD -- The release stage -- The deploy stage -- The operate stage -- The monitor stage -- Summary -- References -- Part 5: Putting It All Together -- Chapter 12: Processes and Practices -- Introduction to processes and practices -- ASPICE -- SWE.1 - Software Requirements Analysis -- SWE.2 - Software Architectural Design -- SWE.3 - Software Detailed Design and Unit Construction -- SWE.4 - Software Unit Verification -- SWE.5 - Software Integration and Integration Test -- SWE.6 - Software Qualification Test -- Functional safety -- Vocabulary -- Risk classification system -- Development process -- Additional automotive processes and practices -- DFMEA -- 5 Whys root cause analysis -- Fishbone -- A-B-A testing -- Summary -- Reference -- Chapter 13: Embedded Automotive IoT Development -- Embedded software development -- Electrical engineering -- Schematics/block diagrams -- Datasheets, errata, and application notes -- Device drivers -- Hardware Abstraction Layer (HAL) -- Additional aspects of embedded development -- Automotive-focused aspects -- Power state management -- Operating systems -- Hypervisors -- Development tools -- Life cycle management tools -- Software development ecosystem -- You and your customers -- You and your co-suppliers -- You and your suppliers -- Summary -- References -- Chapter 14: Final Thoughts -- Agile -- Agile+ASPICE -- Automotive embedded testing -- Types of testing -- Security -- Summary -- References -- Index -- Other Books You May Enjoy…”