Wydawca: K-i-s-publishing
Benjamin Strout
Vulnerability researchers are in increasingly high demand as the number of security incidents related to crime continues to rise with the adoption and use of technology. To begin your journey of becoming a security researcher, you need more than just the technical skills to find vulnerabilities; you’ll need to learn how to adopt research strategies and navigate the complex and frustrating process of sharing your findings. This book provides an easy-to-follow approach that will help you understand the process of discovering, disclosing, and publishing your first zero-day vulnerability through a collection of examples and an in-depth review of the process.You’ll begin by learning the fundamentals of vulnerabilities, exploits, and what makes something a zero-day vulnerability. Then, you'll take a deep dive into the details of planning winning research strategies, navigating the complexities of vulnerability disclosure, and publishing your research with sometimes-less-than-receptive vendors.By the end of the book, you'll be well versed in how researchers discover, disclose, and publish vulnerabilities, navigate complex vendor relationships, receive credit for their work, and ultimately protect users from exploitation. With this knowledge, you’ll be prepared to conduct your own research and publish vulnerabilities.
Andrew Pease
Threat Hunting with Elastic Stack will show you how to make the best use of Elastic Security to provide optimal protection against cyber threats. With this book, security practitioners working with Kibana will be able to put their knowledge to work and detect malicious adversary activity within their contested network.You'll take a hands-on approach to learning the implementation and methodologies that will have you up and running in no time. Starting with the foundational parts of the Elastic Stack, you'll explore analytical models and how they support security response and finally leverage Elastic technology to perform defensive cyber operations.You’ll then cover threat intelligence analytical models, threat hunting concepts and methodologies, and how to leverage them in cyber operations. After you’ve mastered the basics, you’ll apply the knowledge you've gained to build and configure your own Elastic Stack, upload data, and explore that data directly as well as by using the built-in tools in the Kibana app to hunt for nefarious activities.By the end of this book, you'll be able to build an Elastic Stack for self-training or to monitor your own network and/or assets and use Kibana to monitor and hunt for adversaries within your network.
Threat Modeling Best Practices. Proven frameworks and practical techniques to secure modern systems
Derek Fisher
Threat modeling has become a cornerstone of modern cybersecurity, yet it is often overlooked, leaving security gaps that attackers can exploit. With the rise in system complexity, cloud adoption, AI-driven threats, and stricter compliance requirements, security teams need a structured approach to proactively spot and stop risks before attackers do. This book delivers exactly that, offering actionable insights for applying industry best practices and emerging technologies to secure systems. It breaks down the fundamentals of threat modeling and walks you through key frameworks and tools such as STRIDE, MITRE ATT&CK, PyTM, and Attack Paths, helping you choose the right model and create a roadmap tailored to your business. You'll learn how to use leading threat modeling tools, identify and prioritize potential threats, and integrate these practices into the software development life cycle to detect risks early. The book also examines how AI can enhance analysis and streamline security decision-making for faster, stronger defenses.By the end, you'll have everything you need to build systems that anticipate and withstand evolving threats, keeping your organization secure in an ever-changing digital landscape.*Email sign-up and proof of purchase required
Threat Modeling Gameplay with EoP. A reference manual for spotting threats in software architecture
Brett Crawley, Adam Shostack
Are you looking to navigate security risks, but want to make your learning experience fun? Here's a comprehensive guide that introduces the concept of play to protect, helping you discover the threats that could affect your software design via gameplay.Each chapter in this book covers a suit in the Elevation of Privilege (EoP) card deck (a threat category), providing example threats, references, and suggested mitigations for each card. You’ll explore the methodology for threat modeling—Spoofing, Tampering, Repudiation, Information Disclosure, and Elevation of Privilege (S.T.R.I.D.E.) with Privacy deck and the T.R.I.M. extension pack. T.R.I.M. is a framework for privacy that stands for Transfer, Retention/Removal, Inference, and Minimization. Throughout the book, you’ll learn the meanings of these terms and how they should be applied. From spotting vulnerabilities to implementing practical solutions, the chapters provide actionable strategies for fortifying the security of software systems.By the end of this book, you will be able to recognize threats, understand privacy regulations, access references for further exploration, and get familiarized with techniques to protect against these threats and minimize risks.
Gema Socorro Rodríguez
With resources on Android and Kotlin abound, it’s difficult to find content that focuses on resolving common challenges faced by app developers. This book by Gema Socorro Rodríguez – a Google Developer Expert for Android with over 15 years of experience and a proven track record as an effective instructor – is designed to bridge the gap between theory and real-world application. It equips you with the skills to tackle everyday problems in Android development through hands-on projects.Under Gema's expert guidance, you’ll build three sophisticated Android projects. You'll start your development journey by building a WhatsApp-like application, learning how to process asynchronous messages reactively, render them using Jetpack Compose, and advance to creating and uploading a backup of these messages. Next, you’ll channel your creativity into Packtagram, an Instagram-inspired app that offers advanced photo-editing capabilities using the latest CameraX libraries. Your final project will be a Netflix-style app, integrating video playback functionality with ExoPlayer for both foreground and background operations, and implementing device casting features.By the end of this book, you'll have crafted three fully functional, multi-platform projects and gained the confidence to solve the most common challenges in Android development.
Andrew Berridge, Michael Phillips
The need for agile business intelligence (BI) is growing daily, and TIBCO Spotfire® combines self-service features with essential enterprise governance and scaling capabilities to provide best-practice analytics solutions. Spotfire is easy and intuitive to use and is a rewarding environment for all BI users and analytics developers.Starting with data and visualization concepts, this book takes you on a journey through increasingly advanced topics to help you work toward becoming a professional analytics solution provider. Examples of analyzing real-world data are used to illustrate how to work with Spotfire. Once you've covered the AI-driven recommendations engine, you'll move on to understanding Spotfire's rich suite of visualizations and when, why and how you should use each of them. In later chapters, you'll work with location analytics, advanced analytics using TIBCO Enterprise Runtime for R®, how to decide whether to use in-database or in-memory analytics, and how to work with streaming (live) data in Spotfire. You'll also explore key product integrations that significantly enhance Spotfire's capabilities.This book will enable you to exploit the advantages of the Spotfire serve topology and learn how to make practical use of scheduling and routing rules.By the end of this book, you will have learned how to build and use powerful analytics dashboards and applications, perform spatial analytics, and be able to administer your Spotfire environment efficiently