Bezpieczeństwo systemów
Ajay Singh Chauhan
Network scanning is the process of assessing a network to identify an active host network; same methods can be used by an attacker or network administrator for security assessment. This procedure plays a vital role in risk assessment programs or while preparing a security plan for your organization.Practical Network Scanning starts with the concept of network scanning and how organizations can benefit from it. Then, going forward, we delve into the different scanning steps, such as service detection, firewall detection, TCP/IP port detection, and OS detection. We also implement these concepts using a few of the most prominent tools on the market, such as Nessus and Nmap. In the concluding chapters, we prepare a complete vulnerability assessment plan for your organization. By the end of this book, you will have hands-on experience in performing network scanning using different tools and in choosing the best tools for your system.
Practical OneOps. Implement DevOps with ease
Nilesh Nimkar
Walmart’s OneOps is an open source DevOps platform that is used for cloud and application lifecycle management. It can manage critical and complex application workload on any multi cloud-based infrastructure and revolutionizes the way administrators, developers, and engineers develop and launch new products.This practical book focuses on real-life cases and hands-on scenarios to develop, launch, and test your applications faster, so you can implement the DevOps process using OneOps.You will be exposed to the fundamental aspects of OneOps starting with installing, deploying, and configuring OneOps in a test environment, which will also come in handy later for development and debugging. You will also learn about design and architecture, and work through steps to perform enterprise level deployment. You will understand the initial setup of OneOps such as creating organization, teams, and access management. Finally, you will be taught how to configure, repair, scale, and extend applications across various cloud platforms.
Tony Hsiang-Chih Hsu
Security automation is the automatic handling of software security assessments tasks. This book helps you to build your security automation framework to scan for vulnerabilities without human intervention.This book will teach you to adopt security automation techniques to continuously improve your entire software development and security testing. You will learn to use open source tools and techniques to integrate security testing tools directly into your CI/CD framework. With this book, you will see how to implement security inspection at every layer, such as secure code inspection, fuzz testing, Rest API, privacy, infrastructure security, and web UI testing. With the help of practical examples, this book will teach you to implement the combination of automation and Security in DevOps. You will learn about the integration of security testing results for an overall security status for projects.By the end of this book, you will be confident implementing automation security in all layers of your software development stages and will be able to build your own in-house security automation platform throughout your mobile and cloud releases.
Megan Roddie, Jason Deyalsingh, Gary J. Katz
Threat validation is the backbone of every strong security detection strategy—it ensures your detection pipeline is effective, reliable, and resilient against real-world threats.This comprehensive guide is designed for those new to detection validation, offering clear, actionable frameworks to help you assess, test, and refine your security detections with confidence. Covering the entire detection lifecycle, from development to validation, this book provides real-world examples, hands-on tutorials, and practical projects to solidify your skills.Beyond just technical know-how, this book empowers you to build a career in detection engineering, equipping you with the essential expertise to thrive in today’s cybersecurity landscape.By the end of this book, you'll have the tools and knowledge to fortify your organization’s defenses, enhance detection accuracy, and stay ahead of cyber threats.
Valentina Costa-Gazcón
Threat hunting (TH) provides cybersecurity analysts and enterprises with the opportunity to proactively defend themselves by getting ahead of threats before they can cause major damage to their business.This book is not only an introduction for those who don’t know much about the cyber threat intelligence (CTI) and TH world, but also a guide for those with more advanced knowledge of other cybersecurity fields who are looking to implement a TH program from scratch.You will start by exploring what threat intelligence is and how it can be used to detect and prevent cyber threats. As you progress, you’ll learn how to collect data, along with understanding it by developing data models. The book will also show you how to set up an environment for TH using open source tools. Later, you will focus on how to plan a hunt with practical examples, before going on to explore the MITRE ATT&CK framework.By the end of this book, you’ll have the skills you need to be able to carry out effective hunts in your own environment.
Valentina Costa-Gazcón
Practical Threat Intelligence and Data-Driven Threat Hunting, 2nd edition is more than just a book—it's your roadmap to becoming a proficient threat hunter and a valuable asset to your organization's cybersecurity efforts. Whether you're looking to start a career in cyber intelligence or seeking to enhance your existing skills, this book equips you with the knowledge and practical insights needed to proactively detect and thwart cyber threats. With a strong focus on hands-on learning and open-source tools, it's your ultimate guide to staying ahead in the ever-changing world of cybersecurity. You'll start by unraveling the core concepts of cyber threat intelligence, diving into the intricacies of threat intelligence cycles and understanding the nuances of advanced persistent threats. From there, you'll learn how to collect and analyze indicators of compromise, set up a centralized threat hunting environment using open-source tools, and develop hypotheses for hunting campaigns. The book will also guide you through the MITRE ATT&CK Framework, providing practical examples and hands-on experience.Don't wait for threats to knock on your door. Be the hunter, not the hunted. Get your copy of Practical Threat Intelligence and Data-Driven Threat Hunting, 2nd edition and empower yourself to defend against cyber adversaries effectively.
Gus Khawaja
Companies all over the world want to hire professionals dedicated to application security. Practical Web Penetration Testing focuses on this very trend, teaching you how to conduct application security testing using real-life scenarios.To start with, you’ll set up an environment to perform web application penetration testing. You will then explore different penetration testing concepts such as threat modeling, intrusion test, infrastructure security threat, and more, in combination with advanced concepts such as Python scripting for automation. Once you are done learning the basics, you will discover end-to-end implementation of tools such as Metasploit, Burp Suite, and Kali Linux. Many companies deliver projects into production by using either Agile or Waterfall methodology. This book shows you how to assist any company with their SDLC approach and helps you on your journey to becoming an application security specialist.By the end of this book, you will have hands-on knowledge of using different tools for penetration testing.
Prawdziwa głębia OSINT. Odkryj wartość danych Open Source Intelligence
Rae L. Baker
OSINT (ang. open source intelligence) polega na pozyskiwaniu danych wywiadowczych z ogólnodostępnych źródeł. Jest to zestaw praktycznych umiejętności, które przydadzą się nie tylko analitykom - metody białego wywiadu okazują się pomocne na wielu ścieżkach kariery, a także w życiu codziennym. Łatwo się przekonasz, że OSINT pozwala uzyskać niezwykle cenne informacje, a przy tym jest satysfakcjonującym i ciekawym zajęciem! Dzięki tej książce nauczysz się gromadzić publicznie dostępne informacje, korzystać z wiedzy o cyklu życia wrażliwych danych i przekształcać je w informacje wywiadowcze przydatne dla zespołów zajmujących się bezpieczeństwem. Opanujesz proces gromadzenia i analizy danych, poznasz również strategie, które należy wdrożyć podczas poszukiwania informacji z publicznie dostępnych źródeł. Ugruntujesz wiedzę na temat bezpieczeństwa operacyjnego i uświadomisz sobie, w jaki sposób niektórzy używają publicznie dostępnych danych do nielegalnych celów. Książkę tę szczególnie docenią inżynierowie społeczni i specjaliści do spraw bezpieczeństwa, a także kadra kierownicza. Najciekawsze zagadnienia: strategie stosowania urządzeń IoT do gromadzenia danych wywiadowczych pozyskiwanie danych przy użyciu publicznie dostępnych informacji transportowych techniki poprawy bezpieczeństwa operacyjnego zagrożenia związane z ogólnodostępnymi danymi metody gromadzenia danych wywiadowczych stosowane przez najlepsze zespoły do spraw bezpieczeństwa Dostrzegaj to, co pozostaje niewidoczne dla innych!