Software Security Books

Essential reading from Cigital security experts

Cigital’s approach to software security is rooted in the “Building Security In” methodology outlined in Software Security, written by our CTO Dr. Gary McGraw. Software Security is a practical guide to building and maintaining secure software. The software security touchpoints described in this book have their basis in good software engineering and involve explicitly pondering security throughout the software development lifecycle. This means knowing and understanding common risks (including implementation bugs and architectural flaws), designing for security, and subjecting all software artifacts to thorough, objective risk analyses and testing. Get the book Author Gary McGraw, Cigital CTO Table of contents [table id=9 /]
Hacking Exposed Mobile: Security Secrets & Solutions will help you identify key threats across the expanding mobile risk landscape and evade them with ready-to-use countermeasures. This cutting-edge guide reveals secure mobile development guidelines, ways to leverage mobile OS features and MDM to isolate apps and data, and techniques the pros use to secure mobile payment systems. You’ll find out how attackers compromise networks and devices, attack mobile services, and subvert mobile apps. Then, you’ll learn how to battle these attacks by encrypting mobile data, fortifying mobile platforms, and eradicating malware. Get the book Authors Joel Scambray, Principal, Cigital Neil Bergman, Senior Consultant, Cigital Mike Stanfield, Consultant, Cigital Jason Rouse, Security Architect, Bloomberg LP Table of contents [table id=8 /]
Since 1999, Hacking Exposed has educated millions of readers about how easy it is to hack into computer networks and systems. Hacking Exposed 7: Network Security Secrets & Solutions builds on the fundamentals of earlier editions and discusses topics including enumeration, footprinting, scanning, operating system detection, and more. The latest edition examines current threats, including the new menace APT, embedded hacking, database hacking, and mobile devices. Hacking Exposed 7 covers every core area of interest to penetration testers, including countermeasures to the various threats and vulnerabilities it details. Written in an easy-to-read style, the updated version remains the best book available on the topic. Get the book Author Joel Scambray, Cigital Consultant Stuart McClure George Kurtz Table of contents [table id=11 /]
Security Metrics: A Beginner’s Guide explains, step by step, how to develop and implement a successful security metrics program. You’ll discover how to communicate the value of an information security program, enable investment planning and decision-making, and drive necessary change to improve your organization’s security. This practical resource covers project management, communication, analytics tools, target identification, objective definition, obtaining stakeholder buy-in, metrics automation, data quality, and resourcing. You’ll also get details on cloud-based security metrics and process improvement. Templates, checklists, and examples give you the hands-on help you need to get started right away. Get the book Author Caroline Wong Table of Contents [table id=10 /]
Millions of people use web applications daily, making them a popular attack vector. Using code obfuscation, hackers can evade your security measures by creating hundreds—if not millions—of variants from just one attack. Web Application Obfuscation considers web infrastructure and security controls from an attacker’s perspective, revealing the common shortcomings of security systems. You’ll find out how attackers can bypass different types of security controls, how these security controls can introduce new types of vulnerabilities, and how to avoid common pitfalls so you can strengthen your defenses. Get the book Author David Lindsay Mario Heiderich Gareth Heyes Table of contents [table id=12 /]
Since 1999, Hacking Exposed has educated millions of readers about the ease of hacking into computer networks and systems. Hacking Exposed: Web Applications shows you how to meet this challenge by cataloging the greatest threats your web apps will face and explain how they work in excruciating detail, including how to prevent each and every attack. Get the book Author Joel Scambray, Cigital Consultant Vincent Liu Caleb Sima Table of contents [table id=13 /]
Web applications are everywhere and in every industry. From retail to banking to human resources to gambling, everything is on the web. Web Security Testing Cookbook is about how we test web applications, especially with an eye towards security. We are developers, testers, architects, quality managers, and consultants who need to test web software. Regardless of what quality or development methodology we follow, the addition of security to our test agenda requires a new way of approaching testing. We also need specialized tools that facilitate security testing. Throughout the recipes in this book, we’ll be leveraging the homogenous nature of web applications. Wherever we can we will take advantage of things that we know are uniformly true, or frequently true, about web applications. This commonality makes the recipes in this book versatile and likely to work for you. Moreover, it means that you will develop versatile testing tools that are likely capable of testing more than just one application. Get the book Author Paco Hope, Cigital Consultant Ben Walther Table of contents [table id=14 /]
Software that is developed from the beginning with security in mind will resist, tolerate, and recover from attacks more effectively than would otherwise be possible. Whether you are a project manager, lead requirements analyst, software architect, or systems integrator, Software Security Engineering: A Guide for Project Managers will teach you how to manage the development of secure, software-intensive systems. You’ll also come away with the tools you need to identify and compare potential new practices that can be adapted to augment your current practices. Get the book Author Julia H. Allen Sean Barnum Robert J. Ellison Gary McGraw, Cigital CTO Nancy R. Mead Table of contents [table id=15 /]
Meet the challenges of Windows security with the exclusive Hacking Exposed “attack-countermeasure” approach. Learn how real-world malicious hackers conduct reconnaissance of targets and then exploit common misconfigurations and software flaws on both clients and servers. Get practical advice based on the authors’ and contributors’ many years as security professionals hired to break into the world’s largest IT infrastructures. Get the book Author Joel Scambray, Cigital Consultant Table of contents [table id=16 /]
Exploiting Online Games frankly describes controversial security issues surrounding MMORPGs such as World of Warcraft. This no-holds-barred book comes fully loaded with code examples, debuggers, bots, and hacks. if you are a gamer, a game developer, a software security person or an interested bystander, this book exposes the inner workings of online game security for all to see. It discusses and describes security problems associated with advanced massively distributed software. With hundreds of thousands of interacting users, today’s online games are a bellwether of modern software. The kinds of attack and defense techniques described in Exploiting Online Games are tomorrow’s security techniques on display today. Get the book Author Gary McGraw, Cigital CTO Table of contents [table id=17 /]
FreeBSD and OpenBSD continue to gain popularity because of their security benefits over Linux. In Mastering FreeBSD and OpenBSD Security, three security experts provide in-depth explanations of how to secure your most critical systems from security foundations to deployment situations to auditing and incident response. Get the book Author Yanek Korff Paco Hope, Cigital Consultant Bruce Potter Table of contents [table id=18 /]
How does software break? How do attackers make software break on purpose? Why are firewalls, intrusion detection systems, and antivirus software not stopping software attacks? What tools can be used to break software? This book provides the answers. Exploiting Software is loaded with examples of real software attacks, attack patterns, tools, and techniques used by bad guys to break software. If you want to protect your software from attack, you must first learn how real attacks are really carried out. Get the book Author Greg Hoglund Gary McGraw, Cigital CTO