Holistic Information Security
- Learn to improve your website security
- Teaches methods for maximizing security at minimal cost, by introducing effective measures at key stages
- Practical advive that can be immediately applied to websites and team processed to strengthen against attack
- How to think for yourself when you're under attack
This book begins a new Holistic Infosec series that will give you a broad and in-depth coverage of what web developers and architects need to know today to create robust, reliable, maintainable and secure software, and networks - that are delivered continuously, on time, with no nasty surprises.
Holistic Information Security begins by taking the reader to the 30,000' view, so you can start to see the entire security landscape. It then explains a very simple threat modelling approach created by Bruce Schneier, called the Sensible Security Model (SSM).
Kim Carter then takes Schneier's approach and applies it to increasingly fine details of Information Security picture. Kim details how to set-up a security focussed distribution with all the tools and configuration options required for working through the book. You'll then walk through the Process and Practices that attackers often execute, and Kim provides key techniques from that experience to show you how to train website defenders. You'll also learn how website defenders can find defects from the most expensive places through to the cheapest places within your Sprint cycles.
This book will ultimately help you answer your own questions, and you'll learn how to create systems, and arm people, to withstand the types of attacks commonly encountered today. You'll see that by simply lifting the lower hanging fruit for an attacker, they will frequently move on to an easier target. Unless they are specifically targeting you... so Kim Carter then goes into depth about how you can find many of the risks and countermeasures to increase the difficulty for your attacker, and dramatically increase your chances of defense and counter-attack in the modern security world.
What you will learn
- How to use the Schneier threat modelling approach
- Setting up your tool-belt
- The process of penetration testing
- A collection of processes and practises formulated from penetration testing
- How to augment your Scrum Sprints to increase security
- How to survive if you are being directly targeted and attacked
- How to think for yourself when you're under pressure in the modern security world