Group items tagged

Foundations of Security: What Every Programmer Needs to Know teaches new and current software professionals state-of-the-art software security design principles, methodology, and concrete programming techniques they need to build secure software systems. Once youre enabled with the techniques covered in this book, you can start to alleviate some of the inherent vulnerabilities that make today's software so susceptible to attack. The book uses web servers and web applications as running examples throughout the book. For the past few years, the Internet has had a "wild, wild west" flavor to it. Credit card numbers are stolen in massive numbers. Commercial web sites have been shut down by Internet worms. Poor privacy practices come to light and cause great embarrassment to the corporations behind them. All these security-related issues contribute at least to a lack of trust and loss of goodwill. Often there is a monetary cost as well, as companies scramble to clean up the mess when they get spotlighted by poor security practices. It takes time to build trust with users, and trust is hard to win back. Security vulnerabilities get in the way of that trust. Foundations of Security: What Every Programmer Needs To Know helps you manage risk due to insecure code and build trust with users by showing how to write code to prevent, detect, and contain attacks. The lead author cofounded the Stanford Center for Professional Development Computer Security Certification. This book teaches you how to be more vigilant and develop a sixth sense for identifying and eliminating potential security vulnerabilities. Youll receive hands-on code examples for a deep and practical understanding of security. Youll learn enough about security to get the job done.

Hackers reportedly used an off-the-shelf computer attack created in China to compromise the computers of at least 48 companies, including in the chemical and defense industries -- an attack described as being similar to the notorious Stuxnet virus, if not as severe. The goal of the attacks, reported Monday by security software company Symantec, "appears to be to collect intellectual property such as design documents, formulas, and manufacturing processes." The purpose: "industrial espionage, collecting intellectual property for competitive advantage." Symantec dubbed the attack "Nitro" and said a total of 29 companies in the chemical industry were targeted, in addition to 19 in other sectors, starting in late July. Among the companies were some that develop materials used primarily in military vehicles. Read more: http://www.foxnews.com/scitech/2011/10/31/nitro-hackers-reportedly-attack-dozens-companies-in-chemical-defense-industries/?test=latestnews#ixzz1cTIClsp4

yber attacks on the UK are at "disturbing" levels, according to the director of Britain's biggest intelligence agency. Government computers, along with defence, technology and engineering firms' designs have been targeted, Iain Lobban, the head of GCHQ, has said. China and Russia are thought to be among the worst culprits involved in cyber attacks. On Tuesday, the government hosts a two-day conference on the issue. Foreign Secretary William Hague convened the London Conference on Cyberspace after criticism that ministers are failing to take the threat from cyberwarfare seriously enough.