论坛公告:应用容器安全指南(SP800-190)中文版   美国政府宣布禁用卡巴斯基软件   《中华人民共和国网络安全法》讨论帖   新手报到专用帖   【论坛公告】关于本站广告贴泛滥问题的整理通知   

当前时区为 UTC + 8 小时


发表新帖 回复这个主题  [ 4 篇帖子 ] 
作者 内容
 文章标题 : 推荐读书:OReilly.Beautiful.Security.May.2009
帖子发表于 : 2012-02-28 16:26 
离线
高级用户

注册: 2007-07-11 15:33
最近: 2016-04-01 11:09
拥有: 549.20 安全币

奖励: 1 安全币
在线: 2450 点
帖子: 144
如题,安全经典,从另外的角度理解信息安全


附件:
OReilly.Beautiful.Security.May.2009.pdf [2.85 MiB]

注意:所有附件下载均需支付10安全币,不足10安全币不能下载!重复下载以前下载过的附件不再需要安全币。


--------本帖迄今已累计获得12安全币用户奖励--------
回到顶部
 奖励本帖 用户资料  
 
 文章标题 : Re: 推荐读书:OReilly.Beautiful.Security.May.2009
帖子发表于 : 2012-02-28 17:15 
离线
高级用户

关注按钮

注册: 2009-01-15 13:02
最近: 2017-06-05 11:20
拥有: 5,781.60 安全币

奖励: 72 安全币
在线: 5332 点
帖子: 254
贴个目录 有兴趣的可以看看
1 PSYCHOLOGICAL SECURITY TRAPS 1
by Peiter “Mudge” Zatko
Learned Helplessness and Naïveté 2
Confirmation Traps 10
Functional Fixation 14
Summary 20
2 WIRELESS NETWORKING: FERTILE GROUND FOR SOCIAL ENGINEERING 21
by Jim Stickley
Easy Money 22
Wireless Gone Wild 28
Still, Wireless Is the Future 31
3 BEAUTIFUL SECURITY METRICS 33
by Elizabeth A. Nichols
Security Metrics by Analogy: Health 34
Security Metrics by Example 38
Summary 60
4 THE UNDERGROUND ECONOMY OF SECURITY BREACHES 63
by Chenxi Wang
The Makeup and Infrastructure of the Cyber Underground 64
The Payoff 66
How Can We Combat This Growing Underground Economy? 71
Summary 72
5 BEAUTIFUL TRADE: RETHINKING E-COMMERCE SECURITY 73
by Ed Bellis
Deconstructing Commerce 74
Weak Amelioration Attempts 76
E-Commerce Redone: A New Security Model 83
The New Model 86
6 SECURING ONLINE ADVERTISING: RUSTLERS AND SHERIFFS IN THE NEW WILD WEST 89
by Benjamin Edelman
Attacks on Users 89
Advertisers As Victims 98
Creating Accountability in Online Advertising 105
7 THE EVOLUTION OF PGP’S WEB OF TRUST 107
by Phil Zimmermann and Jon Callas
PGP and OpenPGP 108
Trust, Validity, and Authority 108
PGP and Crypto History 116
Enhancements to the Original Web of Trust Model 120
Interesting Areas for Further Research 128
References 129
8 OPEN SOURCE HONEYCLIENT: PROACTIVE DETECTION OF CLIENT-SIDE EXPLOITS 131
by Kathy Wang
Enter Honeyclients 133
Introducing the World’s First Open Source Honeyclient 133
Second-Generation Honeyclients 135
Honeyclient Operational Results 139
Analysis of Exploits 141
Limitations of the Current Honeyclient Implementation 143
Related Work 144
The Future of Honeyclients 146
9 TOMORROW’S SECURITY COGS AND LEVERS 147
by Mark Curphey
Cloud Computing and Web Services: The Single Machine Is Here 150
Connecting People, Process, and Technology: The Potential for Business Process Management 154
Social Networking: When People Start Communicating, Big Things Change 158
Information Security Economics: Supercrunching and the New Rules of the Grid 162
Platforms of the Long-Tail Variety: Why the Future Will Be Different for Us All 165
Conclusion 168
Acknowledgments 169
10 SECURITY BY DESIGN 171
by John McManus
Metrics with No Meaning 172
Time to Market or Time to Quality? 174
How a Disciplined System Development Lifecycle Can Help 178
Conclusion: Beautiful Security Is an Attribute of Beautiful Systems 181
11 FORCING FIRMS TO FOCUS: IS SECURE SOFTWARE IN YOUR FUTURE? 183
by Jim Routh
Implicit Requirements Can Still Be Powerful 184
How One Firm Came to Demand Secure Software 185
Enforcing Security in Off-the-Shelf Software 190
Analysis: How to Make the World’s Software More Secure 193
12 OH NO, HERE COME THE INFOSECURITY LAWYERS! 199
by Randy V. Sabett
Culture 200
Balance 202
Communication 207
Doing the Right Thing 211
13 BEAUTIFUL LOG HANDLING 213
by Anton Chuvakin
Logs in Security Laws and Standards 213
Focus on Logs 214
When Logs Are Invaluable 215
Challenges with Logs 216
Case Study: Behind a Trashed Server 218
Future Logging 221
Conclusions 223
14 INCIDENT DETECTION: FINDING THE OTHER 68% 225
by Grant Geyer and Brian Dunphy
A Common Starting Point 226
Improving Detection with Context 228
Improving Perspective with Host Logging 232
Summary 237
15 DOING REAL WORK WITHOUT REAL DATA 239
by Peter Wayner
How Data Translucency Works 240
A Real-Life Example 243
Personal Data Stored As a Convenience 244
Trade-offs 244
Going Deeper 245
References 246
16 CASTING SPELLS: PC SECURITY THEATER 247
by Michael Wood and Fernando Francisco
Growing Attacks, Defenses in Retreat 248
The Illusion Revealed 252
Better Practices for Desktop Security 257
Conclusion 258
CONTRIBUTORS 259
INDEX 269


--------本帖迄今已累计获得16安全币用户奖励--------


回到顶部
 奖励本帖 用户资料  
 
 文章标题 : Re: 推荐读书:OReilly.Beautiful.Security.May.2009
帖子发表于 : 2012-06-14 09:31 
离线
高级用户

注册: 2009-08-06 11:42
最近: 2016-03-08 18:33
拥有: 3,786.00 安全币

奖励: 32 安全币
在线: 3886 点
帖子: 226
是安全之美,网上很多地方可以下载。


回到顶部
 奖励本帖 用户资料  
 
 文章标题 : Re: 推荐读书:OReilly.Beautiful.Security.May.2009
帖子发表于 : 2013-01-21 19:31 
离线
新手

注册: 2013-01-10 09:50
最近: 2014-02-14 10:42
拥有: 64.00 安全币

奖励: 2 安全币
在线: 334 点
帖子: 5
这个好像打不开呀!


回到顶部
 奖励本帖 用户资料  
 
显示帖子 :  排序  
发表新帖 回复这个主题  [ 4 篇帖子 ] 

当前时区为 UTC + 8 小时


在线用户

正在浏览此版面的用户:没有注册用户 和 1 位游客


不能 在这个版面发表主题
不能 在这个版面回复主题
不能 在这个版面编辑帖子
不能 在这个版面删除帖子
不能 在这个版面提交附件

前往 :  
华安信达(CISPS.org) ©2003 - 2012