- Pioneering Public Key: Public Exchange of Secret Keys
- May 18, 2001
- Learn the answer to the secret key delivery problem has plagued cryptographers, governments, and kings for thousands of years.
|
- PKI: Broken, But Fixable
- Nov 30, 2011
- The public key infrastructure (PKI) used for securing the Web has recently been found to be much less secure than was previously thought. David Chisnall discusses some of the flaws in the design and some potential solutions.
|
- Preparing for a FISMA Security Audit
- Nov 16, 2007
- How do you prepare for an audit, and what do you do when the findings are issued? Randy Nash examines how to survive the audit gauntlet.
|
- Resource Inventory
- May 12, 2001
In this sample chapter, IT security expert Donald Pipkin addresses the resource inventory aspect of information security ...
|
- Responding to a Customer's Security Incidents, Part 4: Processing Incident Data
- Jan 9, 2004
- This fourth article focuses on authenticating, preserving, and processing the incident data. Only the salient points for best practices that should be executed in processing the incident data are discussed.
|
- Responding to Customer's Security Incidents--Part 3: Following Up After an Incident
- Oct 31, 2003
- The third in a five-part series, this article focuses on following up after an incident and presents the best practices that should be executed in the follow-up phase.
|
- Reverse-Engineering the First Pocket PC Trojan, Part 1
- Oct 1, 2004
- Cyrus Peikari, Seth Fogie, Ratter/29A, and Jonathan Read present a detailed two-part analysis of the Brador Trojan horse for the Windows Mobile operating system.
|
- Reverse-Engineering the First Pocket PC Trojan, Part 2
- Oct 8, 2004
- In part 2 of their series on the Brador Trojan horse for the Pocket PC, Cyrus Peikari, Seth Fogie, Ratter/29A, and Jonathan Read take us on a detailed tour of exactly how this nasty piece of business works.
|
- Robert Seacord on the CERT C Secure Coding Standard
- Dec 15, 2008
- Robert C. Seacord and David Chisnall discuss the CERT C Secure Coding standard, developing C standards, and the future of the language and its offshoots.
|
- Secret Key Assurances
- May 18, 2001
- The authors review the concept of assurances in cryptography and examine three other necessary electronic data assurances -- authentication, integrity, and nonrepudiation.
|
- Secret Key Cryptography
- Jun 7, 2002
- Learn the basics of secret key cryptography. This excerpt discusses data-scrambling techniques used in early cryptographic systems and elaborates on the concepts employed in modern cryptosystems. It also describes well-known contemporary algorithms and discusses the security services enabled through secret key cryptography.
|
- Secure By Design? Techniques and Frameworks You Need to Know for Secure Application Development
- Dec 19, 2012
- What do you know about developing secure robust software? Randy Nash discusses several available techniques and frameworks for secure application development.
|
- Secure Coding in C and C++: Strings
- Dec 1, 2005
- Strings—such as command-line arguments, environment variables, and console input—are of special concern in secure programming because they comprise most of the data exchanged between an end user and a software system. This chapter covers the security issues with strings and how you can sidestep them.
|
- Securing a Web App at the Last Minute
- Jul 26, 2011
- While consumers and the media are increasingly aware of the risks to confidential information over web apps, firms still tend to focus on development, leaving data security until just before the go-live date. Ajay Gupta points out that last-minute steps are available to improve the security of your apps before launching them onto the Internet.
|
- Securing Databases with Cryptography
- Nov 23, 2005
- This chapter discusses how cryptography can fit into your security profile. After explaining what cryptography is and providing a general idea of how it works, we dig into the various types of cryptographic algorithms and see where the strengths and weaknesses of each lie.
|
- Securing Sun Linux Systems: Part II, Network Security
- Sep 26, 2003
- The second in a two-part series, this article provides recommendations for securing the Sun Linux 5.0 operating system.
|
- Security Blanket or Security Theater?
- Oct 13, 2011
- This chapter explains how to better identify true threats from accidents and measure your vulnerability to either.
|
- Security in Microsoft IIS
- Nov 13, 2003
- Microsoft's IIS has earned a reputation for being relatively insecure. In this sample book chapter, you'll learn what you can do to make sure your own server isn't at risk, from Passport.NET Authentication to setting the identity of Worker Processes.
|
- Software [In]security: A Software Security Framework: Working Towards a Realistic Maturity Model
- Oct 15, 2008
- Gary McGraw and Brian Chess introduce a software security framework (SSF) to help understand and plan a software security initiative.
|
- Software [In]security: Application Assessment as a Factory
- Jul 17, 2008
- Gary McGraw explains how creating an application assessment factory can salvage the power of the cost per defect metric while mitigating the potential for its misuse.
|