THREATS what every engineer should learn from star wars.

Mostrar otras versiones (1)

Secure your applications with help from your favorite Jedi masters In Threats: What Every Engineer Should Learn From Star Wars, accomplished security expert and educator Adam Shostack delivers an easy-to-read and engaging discussion of security threats and how to develop secure systems. The book wil...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Shostack, Adam
Formato: Electrónico eBook
Idioma:Inglés
Publicado: [S.l.] : JOHN WILEY & SONS, 2023.
Temas:
Computer security.
Computer software > Development.
Star Wars films.
Sécurité informatique.
Guerre des étoiles (Films)
Computer security
Computer software > Development
Star Wars films
Electronic books.
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Cover
  • Title Page
  • Copyright Page
  • Contents
  • Preface
  • Introduction
  • Who This Book Is For
  • What You'll Gain from This Book
  • A Few Words for the Nonengineer
  • Security Terminology
  • How This Book Is Organized
  • Chapter 1 Spoofing and Authenticity
  • Identifiers and Authentication
  • Technical Identifiers
  • Human Identifiers
  • Authenticating People to People
  • Authenticating People to Computers
  • Authenticating Computers to People
  • Authenticating Computers to Computers
  • Spoofing Attacks
  • Spoofing Files
  • Spoofing Processes
  • Spoofing Machines
  • Spoofing in Specific Scenarios
  • Internet of Things
  • Mobile Phones
  • Cloud
  • Considerations in Authenticating to Organizations
  • Mechanisms for Spoofing Attacks
  • Misrepresentation
  • Attacks on Authentication Mechanisms
  • Threats Against Authentication Types
  • Defenses
  • Authenticating People
  • Authenticating Computers
  • Conclusion
  • Chapter 2 Tampering and Integrity
  • Introduction
  • Targets of Tampering
  • Tampering with Storage
  • Tampering with Communications
  • Tampering with Time
  • Process Tampering
  • Tampering in Specific Technologies
  • Mechanisms for Tampering
  • Location for Tampering
  • Tools for Tampering
  • Defenses
  • Cryptography
  • The Kernel
  • Detection
  • Conclusion
  • Chapter 3 Repudiation and Proof
  • Introduction
  • The Threat: Repudiation
  • Message Repudiation
  • Fraud
  • Account Takeover
  • Logging Threats
  • Repudiation in Specific Technologies
  • Internet of Things (Including Phones)
  • Cloud
  • AI/ML
  • Crypto and Blockchain
  • Repudiation Mechanisms
  • Defenses
  • Cryptography
  • Keeping Logs
  • Using Logs
  • Antifraud Tools
  • Conclusion
  • Chapter 4 Information Disclosure and Confidentiality
  • Threats to Confidentiality
  • Information Disclosure, at Rest
  • Information Disclosure, in Motion
  • Information Disclosure from a Process
  • Human Connections
  • Side Effects and Covert Channels
  • Information Disclosure Mechanisms
  • Information Disclosure with Specific Scenarios
  • Internet of Things
  • Mobile Phones
  • Cloud
  • AI/ML
  • Blockchain
  • Privacy
  • Defenses
  • Operating System Defenses
  • Defending Your Process
  • Cryptography
  • Conclusion
  • Chapter 5 Denial of Service and Availability
  • Resources Consumed by Denial-of-Service Threats
  • Compute
  • Storage
  • Networks
  • Electrical Power
  • Money
  • Other Resources
  • Denial-of-Service Properties
  • Bespoke or Generalized
  • Amplification
  • Authentication Targets
  • Ephemeral or Persistent
  • Direct or Emergent
  • Denial of Service in Specific Technologies
  • Authentication Services
  • Cloud
  • Protocol Design
  • IoT and Mobile
  • Defenses
  • Abundance and Quotas
  • Graceful Degradation
  • Resilience Testing
  • Conclusion
  • Chapter 6 Expansion of Authority and Isolation
  • Expansion Mechanisms and Effects
  • Authority in Specific Scenarios
  • Confused Deputies
  • Internet of Things
  • Mobile
  • Cloud
  • Defenses

Ejemplares similares