Hacking
M. L. Srinivasan
Certified Information Systems Security Professional (CISSP) is an internationally recognized and coveted qualification. Success in this respected exam opens the door to your dream job as a security expert with an eye-catching salary. But passing the final exam is challenging. Every year a lot of candidates do not prepare sufficiently for the examination, and fail at the final stage. This happens when they cover everything but do not revise properly and hence lack confidence.This simple yet informative book will take you through the final weeks before the exam with a day-by-day plan covering all of the exam topics. It will build your confidence and enable you to crack the Gold Standard exam, knowing that you have done all you can to prepare for the big day.This book provides concise explanations of important concepts in all 10 domains of the CISSP Common Body of Knowledge (CBK). Starting with Confidentiality, Integrity, and Availability, you will focus on classifying information and supporting assets. You will understand data handling requirements for sensitive information before gradually moving on to using secure design principles while implementing and managing engineering processes. You will understand the application of cryptography in communication security and prevent or mitigate strategies for network attacks. You will also learn security control requirements and how to assess their effectiveness. Finally, you will explore advanced topics such as automated and manual test result analysis and reporting methods.A complete mock test is included at the end to evaluate whether you're ready for the exam. This book is not a replacement for full study guides; instead, it builds on and reemphasizes concepts learned from them.
Ted Jordan
The CISSP exam is for security professionals who understand that poor security can put a company out of business. The exam covers eight important security domains - risk management, security architecture, data security, network security, identity management, auditing, security operations, and software development security. Designed to cover all the concepts tested in the CISSP exam, CISSP (ISC)2 Certification Practice Exams and Tests will assess your knowledge of information security and introduce you to the tools you need to master to pass the CISSP exam (version May 2021). With more than 100 questions for every CISSP domain, this book will test your understanding and fill the gaps in your knowledge with the help of descriptive answers and detailed explanations. You'll also find two complete practice exams that simulate the real CISSP exam, along with answers. By the end of this book, you'll be ready to take and pass the (ISC)2 CISSP exam and achieve the Certified Information Systems Security Professional certification putting you in the position to build a career as a security engineer, security manager, or chief information security officer (CISO)
Shinesa Cambric, Michael Ratemo
As more and more companies are moving to cloud and multi-cloud environments, being able to assess the compliance of these environments properly is becoming more important. But in this fast-moving domain, getting the most up-to-date information is a challenge—so where do you turn?Cloud Auditing Best Practices has all the information you’ll need. With an explanation of the fundamental concepts and hands-on walk-throughs of the three big cloud players, this book will get you up to speed with cloud auditing before you know it.After a quick introduction to cloud architecture and an understanding of the importance of performing cloud control assessments, you’ll quickly get to grips with navigating AWS, Azure, and GCP cloud environments. As you explore the vital role an IT auditor plays in any company’s network, you'll learn how to successfully build cloud IT auditing programs, including using standard tools such as Terraform, Azure Automation, AWS Policy Sentry, and many more.You’ll also get plenty of tips and tricks for preparing an effective and advanced audit and understanding how to monitor and assess cloud environments using standard tools.By the end of this book, you will be able to confidently apply and assess security controls for AWS, Azure, and GCP, allowing you to independently and effectively confirm compliance in the cloud.
Shinesa Cambric, Michael Ratemo
As more and more companies are moving to cloud and multi-cloud environments, being able to assess the compliance of these environments properly is becoming more important. But in this fast-moving domain, getting the most up-to-date information is a challenge—so where do you turn?Cloud Auditing Best Practices has all the information you’ll need. With an explanation of the fundamental concepts and hands-on walk-throughs of the three big cloud players, this book will get you up to speed with cloud auditing before you know it.After a quick introduction to cloud architecture and an understanding of the importance of performing cloud control assessments, you’ll quickly get to grips with navigating AWS, Azure, and GCP cloud environments. As you explore the vital role an IT auditor plays in any company’s network, you'll learn how to successfully build cloud IT auditing programs, including using standard tools such as Terraform, Azure Automation, AWS Policy Sentry, and many more.You’ll also get plenty of tips and tricks for preparing an effective and advanced audit and understanding how to monitor and assess cloud environments using standard tools.By the end of this book, you will be able to confidently apply and assess security controls for AWS, Azure, and GCP, allowing you to independently and effectively confirm compliance in the cloud.
Ganesh Ramakrishnan, Mansoor Haqanee
As organizations embrace cloud-centric environments, it becomes imperative for security professionals to master the skills of effective cloud investigation. Cloud Forensics Demystified addresses this pressing need, explaining how to use cloud-native tools and logs together with traditional digital forensic techniques for a thorough cloud investigation. The book begins by giving you an overview of cloud services, followed by a detailed exploration of the tools and techniques used to investigate popular cloud platforms such as Amazon Web Services (AWS), Azure, and Google Cloud Platform (GCP). Progressing through the chapters, you’ll learn how to investigate Microsoft 365, Google Workspace, and containerized environments such as Kubernetes. Throughout, the chapters emphasize the significance of the cloud, explaining which tools and logs need to be enabled for investigative purposes and demonstrating how to integrate them with traditional digital forensic tools and techniques to respond to cloud security incidents. By the end of this book, you’ll be well-equipped to handle security breaches in cloud-based environments and have a comprehensive understanding of the essential cloud-based logs vital to your investigations. This knowledge will enable you to swiftly acquire and scrutinize artifacts of interest in cloud security incidents.
Ganesh Ramakrishnan, Mansoor Haqanee
As organizations embrace cloud-centric environments, it becomes imperative for security professionals to master the skills of effective cloud investigation. Cloud Forensics Demystified addresses this pressing need, explaining how to use cloud-native tools and logs together with traditional digital forensic techniques for a thorough cloud investigation. The book begins by giving you an overview of cloud services, followed by a detailed exploration of the tools and techniques used to investigate popular cloud platforms such as Amazon Web Services (AWS), Azure, and Google Cloud Platform (GCP). Progressing through the chapters, you’ll learn how to investigate Microsoft 365, Google Workspace, and containerized environments such as Kubernetes. Throughout, the chapters emphasize the significance of the cloud, explaining which tools and logs need to be enabled for investigative purposes and demonstrating how to integrate them with traditional digital forensic tools and techniques to respond to cloud security incidents. By the end of this book, you’ll be well-equipped to handle security breaches in cloud-based environments and have a comprehensive understanding of the essential cloud-based logs vital to your investigations. This knowledge will enable you to swiftly acquire and scrutinize artifacts of interest in cloud security incidents.
Giuseppe Di Federico, Fabrizio Barcaroli
Identity is paramount for every architecture design, making it crucial for enterprise and solutions architects to understand the benefits and pitfalls of implementing identity patterns. However, information on cloud identity patterns is generally scattered across different sources and rarely approached from an architect’s perspective, and this is what Cloud Identity Patterns and Strategies aims to solve, empowering solutions architects to take an active part in implementing identity solutions.Throughout this book, you’ll cover various theoretical topics along with practical examples that follow the implementation of a standard de facto identity provider (IdP) in an enterprise, such as Azure Active Directory. As you progress through the chapters, you’ll explore the different factors that contribute to an enterprise's current status quo around identities and harness modern authentication approaches to meet specific requirements of an enterprise. You’ll also be able to make sense of how modern application designs are impacted by the company’s choices and move on to recognize how a healthy organization tackles identity and critical tasks that the development teams pivot on.By the end of this book, you’ll be able to breeze through creating portable, robust, and reliable applications that can interact with each other.
Cloud Penetration Testing. Learn how to effectively pentest AWS, Azure, and GCP applications
Kim Crawley
With AWS, Azure, and GCP gaining prominence, understanding their unique features, ecosystems, and penetration testing protocols has become an indispensable skill, which is precisely what this pentesting guide for cloud platforms will help you achieve. As you navigate through the chapters, you’ll explore the intricacies of cloud security testing and gain valuable insights into how pentesters evaluate cloud environments effectively.In addition to its coverage of these cloud platforms, the book also guides you through modern methodologies for testing containerization technologies such as Docker and Kubernetes, which are fast becoming staples in the cloud ecosystem. Additionally, it places extended focus on penetration testing AWS, Azure, and GCP through serverless applications and specialized tools. These sections will equip you with the tactics and tools necessary to exploit vulnerabilities specific to serverless architecture, thus providing a more rounded skill set.By the end of this cloud security book, you’ll not only have a comprehensive understanding of the standard approaches to cloud penetration testing but will also be proficient in identifying and mitigating vulnerabilities that are unique to cloud environments.
Cloud Security Automation. Get to grips with automating your cloud security on AWS and OpenStack
Prashant Priyam
Security issues are still a major concern forall IT organizations. For many enterprises,the move to cloud computing has raisedconcerns for security, but when applicationsare architected with focus on security,cloud platforms can be made just as secureas on-premises platforms. Cloud instancescan be kept secure by employing securityautomation that helps make your data meetyour organization's security policy.This book starts with the basics of whycloud security is important and howautomation can be the most effective wayof controlling cloud security. You willthen delve deeper into the AWS cloudenvironment and its security servicesby dealing with security functions suchas Identity and Access Managementand will also learn how these servicescan be automated. Moving forward,you will come across aspects suchas cloud storage and data security, automatingcloud deployments, and so on. Then,you'll work with OpenStack security modulesand learn how private cloud securityfunctions can be automated for bettertime- and cost-effectiveness. Toward the endof the book, you will gain an understandingof the security compliance requirementsfor your Cloud.By the end of this book, you will havehands-on experience of automating yourcloud security and governance.
Cloud Security Automation. Get to grips with automating your cloud security on AWS and OpenStack
Prashant Priyam
Security issues are still a major concern forall IT organizations. For many enterprises,the move to cloud computing has raisedconcerns for security, but when applicationsare architected with focus on security,cloud platforms can be made just as secureas on-premises platforms. Cloud instancescan be kept secure by employing securityautomation that helps make your data meetyour organization's security policy.This book starts with the basics of whycloud security is important and howautomation can be the most effective wayof controlling cloud security. You willthen delve deeper into the AWS cloudenvironment and its security servicesby dealing with security functions suchas Identity and Access Managementand will also learn how these servicescan be automated. Moving forward,you will come across aspects suchas cloud storage and data security, automatingcloud deployments, and so on. Then,you'll work with OpenStack security modulesand learn how private cloud securityfunctions can be automated for bettertime- and cost-effectiveness. Toward the endof the book, you will gain an understandingof the security compliance requirementsfor your Cloud.By the end of this book, you will havehands-on experience of automating yourcloud security and governance.
Eyal Estrin
Securing cloud resources is no easy task—each provider has its unique set of tools, processes, and challenges, demanding specialized expertise. This book cuts through the complexity, delivering practical guidance on embedding security best practices across the core infrastructure components of AWS, Azure, and GCP. It equips information security professionals and cloud engineers with the skills to identify risks and implement robust security controls throughout the design, deployment, and maintenance of public cloud environments.Starting with the shared responsibility model, cloud service models, and deployment models, this book helps you get to grips with fundamental concepts such as compute, storage, networking, identity management, and encryption. You’ll then explore common threats and compliance requirements for cloud environments. As you progress, you'll implement security strategies across deployments ranging from small-scale environments to enterprise-grade production systems, including hybrid and multi-cloud setups.This edition expands on emerging topics like GenAI service security and DevSecOps, with hands-on examples leveraging built-in security features of AWS, Azure, and GCP.By the end of this book, you'll confidently secure any cloud environment with a comprehensive understanding of cloud security principles.
CMake Cookbook. Building, testing, and packaging modular software with modern CMake
Radovan Bast, Roberto Di Remigio
CMake is cross-platform, open-source software for managing the build process in a portable fashion. This book features a collection of recipes and building blocks with tips and techniques for working with CMake, CTest, CPack, and CDash.CMake Cookbook includes real-world examples in the form of recipes that cover different ways to structure, configure, build, and test small- to large-scale code projects. You will learn to use CMake's command-line tools and master modern CMake practices for configuring, building, and testing binaries and libraries. With this book, you will be able to work with external libraries and structure your own projects in a modular and reusable way. You will be well-equipped to generate native build scripts for Linux, MacOS, and Windows, simplify and refactor projects using CMake, and port projects to CMake.
Zander Brumbaugh
Roblox is a global virtual platform like no other for both playing and creating games. With well over 150 million monthly active users, Roblox hosts all genres of games that can be played by other members of the community using the Lua programming language. Not only can you create games for free, but you can also earn considerable sums of money if from the success of your games, and become part of the vast and supportive developer circle that provides excellent opportunities for networking in a tight-knit community.With this practical book, you'll get hands-on experience working on the Roblox platform. You'll start with an overview of Roblox development and then understand how to use Roblox Studio. As you progress, you'll gradually learn everything you need from how to program in Roblox Lua to creating Obby and Battle Royale games. Finally, you'll delve into the logistics of game production, focusing on optimizing the performance of your game by implementing impressive mechanics, monetization, and marketing practices.By the end of this Roblox book, you'll be able to lead or work with a team to bring your gaming world to life, and extend that experience to players around the world.
Nearchos Nearchou
In today’s world, the crime-prevention landscape is impossible to navigate. The dark web means new frontiers of combat against bad actors that pop up daily. Everyone from narcotics dealers to human traffickers are exploiting the dark web to evade authorities. If you want to find your feet in this tricky terrain and fight crime on the dark web, take this comprehensive, easy-to-follow cyber security guide with you.Combating Crime on the Dark Web contains everything you need to be aware of when tackling the world of the dark web. Step by step, you’ll gain acumen in the tactics that cybercriminals are adopting and be equipped with the arsenal of strategies that are available to you as a cybersecurity specialist.This cyber security book ensures that you are well acquainted with all the latest techniques to combat dark web criminality. After a primer on cybercrime and the history of the dark web, you’ll dive right into the main domains of the dark web ecosystem, reaching a working understanding of how drug markets, child pornography, and human trafficking operate. Once well-versed with the functioning of criminal groups, you’ll be briefed on the most effective tools and methods being employed by law enforcement, tech companies, and others to combat such crimes, developing both a toolkit and a mindset that can help you stay safe from such criminal activities and can be applied in any sector or domain. By the end of this book, you’ll be well prepared to begin your pushback against the criminal elements of the dark web.
Nearchos Nearchou
In today’s world, the crime-prevention landscape is impossible to navigate. The dark web means new frontiers of combat against bad actors that pop up daily. Everyone from narcotics dealers to human traffickers are exploiting the dark web to evade authorities. If you want to find your feet in this tricky terrain and fight crime on the dark web, take this comprehensive, easy-to-follow cyber security guide with you.Combating Crime on the Dark Web contains everything you need to be aware of when tackling the world of the dark web. Step by step, you’ll gain acumen in the tactics that cybercriminals are adopting and be equipped with the arsenal of strategies that are available to you as a cybersecurity specialist.This cyber security book ensures that you are well acquainted with all the latest techniques to combat dark web criminality. After a primer on cybercrime and the history of the dark web, you’ll dive right into the main domains of the dark web ecosystem, reaching a working understanding of how drug markets, child pornography, and human trafficking operate. Once well-versed with the functioning of criminal groups, you’ll be briefed on the most effective tools and methods being employed by law enforcement, tech companies, and others to combat such crimes, developing both a toolkit and a mindset that can help you stay safe from such criminal activities and can be applied in any sector or domain. By the end of this book, you’ll be well prepared to begin your pushback against the criminal elements of the dark web.
Mercury Learning and Information, Aditya K. Sood
Artificial intelligence is transforming industries, but it also exposes organizations to new cyber threats. This course begins by introducing the foundational concepts of securing large language models (LLMs), generative AI applications, and the broader AI infrastructure. Participants will explore the evolving threat landscape, gaining insights into how attackers exploit vulnerabilities in AI systems and the risks posed by trust and compliance failures.The course provides real-world case studies to highlight attack vectors like adversarial inputs, data poisoning, and model theft. Participants will learn practical methods for identifying and mitigating vulnerabilities in AI systems. These insights prepare learners to proactively safeguard their AI infrastructures using advanced security assessment techniques.Finally, the course equips participants with actionable strategies to defend AI systems. You’ll learn to protect sensitive data, implement robust security measures, and address ethical challenges in AI. By the end, you’ll be ready to secure AI ecosystems and adapt to the fast-evolving AI security landscape.
Mark Birch
CompTIA Advanced Security Practitioner (CASP+) ensures that security practitioners stay on top of the ever-changing security landscape. The CompTIA CASP+ CAS-004 Certification Guide offers complete, up-to-date coverage of the CompTIA CAS-004 exam so you can take it with confidence, fully equipped to pass on the first attempt.Written in a clear, succinct way with self-assessment questions, exam tips, and mock exams with detailed explanations, this book covers security architecture, security operations, security engineering, cryptography, governance, risk, and compliance. You'll begin by developing the skills to architect, engineer, integrate, and implement secure solutions across complex environments to support a resilient enterprise. Moving on, you'll discover how to monitor and detect security incidents, implement incident response, and use automation to proactively support ongoing security operations. The book also shows you how to apply security practices in the cloud, on-premises, to endpoints, and to mobile infrastructure. Finally, you'll understand the impact of governance, risk, and compliance requirements throughout the enterprise.By the end of this CASP study guide, you'll have covered everything you need to pass the CompTIA CASP+ CAS-004 certification exam and have a handy reference guide.
Jonathan Isley
The CompTIA CySA+ (CS0-003) Certification Guide is your complete resource for passing the latest CySA+ exam and developing real-world cybersecurity skills. Covering all four exam domains—security operations, vulnerability management, incident response, and reporting and communication—this guide provides clear explanations, hands-on examples, and practical guidance drawn from real-world scenarios.You’ll learn how to identify and analyze signs of malicious activity, apply threat hunting and intelligence concepts, and leverage tools to manage, assess, and respond to vulnerabilities and attacks. The book walks you through the incident response lifecycle and shows you how to report and communicate findings during both proactive and reactive cybersecurity efforts.To solidify your understanding, each chapter includes review questions and interactive exercises. You’ll also get access to over 250 flashcards and two full-length practice exams that mirror the real test—helping you gauge your readiness and boost your confidence.Whether you're starting your career in cybersecurity or advancing from an entry-level role, this guide equips you with the knowledge and skills you need to pass the CS0-003 exam and thrive as a cybersecurity analyst.
Glen D. Singh
This book helps you to easily understand core networking concepts without the need of prior industry experience or knowledge within this fi eld of study. This updated second edition of the CompTIA Network+ N10-008 Certification Guide begins by introducing you to the core fundamentals of networking technologies and concepts, before progressing to intermediate and advanced topics using a student-centric approach.You’ll explore best practices for designing and implementing a resilient and scalable network infrastructure to support modern applications and services. Additionally, you’ll learn network security concepts and technologies to effectively secure organizations from cyber attacks and threats. The book also shows you how to efficiently discover and resolve networking issues using common troubleshooting techniques.By the end of this book, you’ll have gained sufficient knowledge to efficiently design, implement, and maintain a network infrastructure as a successful network professional within the industry. You’ll also have gained knowledge of all the official CompTIA Network+ N10-008 exam objectives, networking technologies, and how to apply your skills in the real world.
Glen D. Singh
This book helps you to easily understand core networking concepts without the need of prior industry experience or knowledge within this fi eld of study. This updated second edition of the CompTIA Network+ N10-008 Certification Guide begins by introducing you to the core fundamentals of networking technologies and concepts, before progressing to intermediate and advanced topics using a student-centric approach.You’ll explore best practices for designing and implementing a resilient and scalable network infrastructure to support modern applications and services. Additionally, you’ll learn network security concepts and technologies to effectively secure organizations from cyber attacks and threats. The book also shows you how to efficiently discover and resolve networking issues using common troubleshooting techniques.By the end of this book, you’ll have gained sufficient knowledge to efficiently design, implement, and maintain a network infrastructure as a successful network professional within the industry. You’ll also have gained knowledge of all the official CompTIA Network+ N10-008 exam objectives, networking technologies, and how to apply your skills in the real world.
Ian Neil
CompTIA Security+ is a worldwide certification that establishes the fundamental knowledge required to perform core security functions and pursue an IT security career. CompTIA Security+ Certification Guide is a best-in-class exam study guide that covers all of CompTIA Security+ 501 exam objectives. It is authored by Ian Neil, who is a world-class trainer of CompTIA Security+ 501. Packed with self-assessment scenarios and realistic exam questions, this guide will help you master the core concepts to succeed in the exam the first time you take it. Using relevant examples, you will learn all the important security fundamentals from Certificates and Encryption to Identity and Access Management concepts. You will then dive into the important domains of the exam; namely, threats, attacks and vulnerabilities, technologies and tools, architecture and design, risk management, and cryptography and Public Key Infrastructure (PKI). This book comes with over 600 practice questions with detailed explanation that is at the exam level and also includes two mock exams to help you with your study plan. This guide will ensure that encryption and certificates are made easy for you.
Ian Neil
CompTIA Security+ is a worldwide certification that establishes the fundamental knowledge required to perform core security functions and pursue an IT security career. CompTIA Security+ Certification Guide is a best-in-class exam study guide that covers all of CompTIA Security+ 501 exam objectives. It is authored by Ian Neil, who is a world-class trainer of CompTIA Security+ 501. Packed with self-assessment scenarios and realistic exam questions, this guide will help you master the core concepts to succeed in the exam the first time you take it. Using relevant examples, you will learn all the important security fundamentals from Certificates and Encryption to Identity and Access Management concepts. You will then dive into the important domains of the exam; namely, threats, attacks and vulnerabilities, technologies and tools, architecture and design, risk management, and cryptography and Public Key Infrastructure (PKI). This book comes with over 600 practice questions with detailed explanation that is at the exam level and also includes two mock exams to help you with your study plan. This guide will ensure that encryption and certificates are made easy for you.