Abstract: 175+ Cybersecurity Misconceptions and the Myth-Busting Skills You Need to Correct Them Cybersecurity is fraught with hidden and unsuspected dangers and difficulties. Despite our best intentions, there are common and avoidable mistakes that arise from folk wisdom, faulty assumptions about the world, and our own human biases. Cybersecurity implementations, investigations, and research all suffer as a result. Many of the bad practices sound logical, especially to people new to the field of cybersecurity, and that means they get adopted and repeated despite not being correct. For instance, why isn't the user the weakest link? In Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us, three cybersecurity pioneers don't just deliver the first comprehensive collection of falsehoods that derail security from the frontlines to the boardroom; they offer expert practical advice for avoiding or overcoming each myth. Whatever your cybersecurity role or experience, Eugene H. Spafford, Leigh Metcalf, and Josiah Dykstra will help you surface hidden dangers, prevent avoidable errors, eliminate faulty assumptions, and resist deeply human cognitive biases that compromise prevention, investigation, and research. Throughout the book, you'll find examples drawn from actual cybersecurity events, detailed techniques for recognizing and overcoming security fallacies, and recommended mitigations for building more secure products and businesses. Read over 175 common misconceptions held by users, leaders, and cybersecurity professionals, along with tips for how to avoid them. Learn the pros and cons of analogies, misconceptions about security tools, and pitfalls of faulty assumptions. What really is the weakest link? When aren't "best practices" best? Discover how others understand cybersecurity and improve the effectiveness of cybersecurity decisions as a user, a developer, a researcher, or a leader. Get a high-level exposure to why statistics and figures may mislead as well as enlighten. Develop skills to identify new myths as they emerge, strategies to avoid future pitfalls, and techniques to help mitigate them. "You are made to feel as if you would never fall for this and somehow this makes each case all the more memorable. ... Read the book, laugh at the right places, and put your learning to work. You won't regret it."--The Foreword by Vint Cerf, Internet Hall of Fame Pioneer Register your book for convenient access to downloads, updates, and/or corrections as they become available. See inside book for details

Abstract: The Comprehensive Guide to Computer Security, Extensively Revised with Newer Technologies, Methods, Ideas, and Examples In this updated guide, University of California at Davis Computer Security Laboratory co-director Matt Bishop offers clear, rigorous, and thorough coverage of modern computer security. Reflecting dramatic growth in the quantity, complexity, and consequences of security incidents, Computer Security, Second Edition, links core principles with technologies, methodologies, and ideas that have emerged since the first edition's publication. Writing for advanced undergraduates, graduate students, and IT professionals, Bishop covers foundational issues, policies, cryptography, systems design, assurance, and much more. He thoroughly addresses malware, vulnerability analysis, auditing, intrusion detection, and best-practice responses to attacks. In addition to new examples throughout, Bishop presents entirely new chapters on availability policy models and attack analysis. Understand computer security goals, problems, and challenges, and the deep links between theory and practice Learn how computer scientists seek to prove whether systems are secure Define security policies for confidentiality, integrity, availability, and more Analyze policies to reflect core questions of trust, and use them to constrain operations and change Implement cryptography as one component of a wider computer and network security strategy Use system-oriented techniques to establish effective security mechanisms, defining who can act and what they can do Set appropriate security goals for a system or product, and ascertain how well it meets them Recognize program flaws and malicious logic, and detect attackers seeking to exploit them This is both a comprehensive text, explaining the most fundamental and pervasive aspects of the field, and a detailed reference. It will help you align security concepts with realistic policies, successfully implement your policies, and thoughtfully manage the trade-offs that inevitably arise. Register your book for convenient access to downloads, updates, and/or corrections as they become available. See inside book for details.

Abstract: Implement Industrial-Strength Security on Any Linux Server In an age of mass surveillance, when advanced cyberwarfare weapons rapidly migrate into every hacker's toolkit, you can't rely on outdated security methods-especially if you're responsible for Internet-facing services. In Linux® Hardening in Hostile Networks, Kyle Rankin helps you to implement modern safeguards that provide maximum impact with minimum effort and to strip away old techniques that are no longer worth your time. Rankin provides clear, concise guidance on modern workstation, server, and network hardening, and explains how to harden specific services, such as web servers, email, DNS, and databases. Along the way, he demystifies technologies once viewed as too complex or mysterious but now essential to mainstream Linux security. He also includes a full chapter on effective incident response that both DevOps and SecOps can use to write their own incident response plan. Each chapter begins with techniques any sysadmin can use quickly to protect against entry-level hackers and presents intermediate and advanced techniques to safeguard against sophisticated and knowledgeable attackers, perhaps even state actors. Throughout, you learn what each technique does, how it works, what it does and doesn't protect against, and whether it would be useful in your environment. Apply core security techniques including 2FA and strong passwords Protect admin workstations via lock screens, disk encryption, BIOS passwords, and other methods Use the security-focused Tails distribution as a quick path to a hardened workstation Compartmentalize workstation tasks into VMs with varying levels of trust Harden servers with SSH, use apparmor and sudo to limit the damage attackers can do, and set up remote syslog servers to track their actions Establish secure VPNs with OpenVPN, and leverage SSH to tunnel traffic when VPNs can't be used Configure a software load balancer to terminate SSL/TLS connections and initiate new ones downstream Set up standalone Tor services and hidden Tor services and relays Secure Apache and Nginx web servers, and take full advantage of HTTPS Perform advanced web server hardening with HTTPS forward secrecy and ModSecurity web application firewalls Strengthen email security with SMTP relay authentication, SMTPS, SPF records, DKIM, and DMARC Harden DNS servers, deter their use in DDoS attacks, and fully implement DNSSEC Systematically protect databases via network access control,...

Abstract: An Accessible Guide to the Java Language and Libraries Modern Java introduces major enhancements that impact the core Java technologies and APIs at the heart of the Java platform. Many old Java idioms are no longer needed and new features such as modularization make you far more effective. However, navigating these changes can be challenging. Core Java® SE 9 for the Impatient, Second Edition, is a complete yet concise guide that includes all the latest changes up to Java SE 9. Written by Cay S. Horstmann-author of the classic two-volume Core Java -this indispensable tutorial offers a faster, easier pathway for learning modern Java. Given Java SE 9's size and the scope of its enhancements, there's plenty to cover, but it's presented in small chunks organized for quick access and easy understanding. Horstmann's practical insights and sample code help you quickly take advantage of all that's new, from Java SE 9's long-awaited "Project Jigsaw" module system to the improvements first introduced in Java SE 8, including lambda expressions and streams. Use modules to simplify the development of well-performing complex systems Migrate applications to work with the modularized Java API and third-party modules Test code as you create it with the new JShell Read-Eval-Print Loop (REPL) Use lambda expressions to express actions more concisely Streamline and optimize data management with today's Streams API Leverage modern concurrent programming based on cooperating tasks Take advantage of a multitude of API improvements for working with collections, input/output, regular expressions, and processes Whether you're just getting started with modern Java or you're an experienced developer, this guide will help you write tomorrow's most robust, efficient, and secure Java code. Register your product at informit.com/register for convenient access to downloads, updates, and/or corrections as they become available.

Abstract: The Definitive Guide to Java Platform Best Practices-Updated for Java 7, 8, and 9 Java has changed dramatically since the previous edition of Effective Java was published shortly after the release of Java 6. This Jolt award-winning classic has now been thoroughly updated to take full advantage of the latest language and library features. The support in modern Java for multiple paradigms increases the need for specific best-practices advice, and this book delivers. As in previous editions, each chapter of Effective Java, Third Edition, consists of several "items," each presented in the form of a short, stand-alone essay that provides specific advice, insight into Java platform subtleties, and updated code examples. The comprehensive descriptions and explanations for each item illuminate what to do, what not to do, and why. The third edition covers language and library features added in Java 7, 8, and 9, including the functional programming constructs that were added to its object-oriented roots. Many new items have been added, including a chapter devoted to lambdas and streams. New coverage includes Functional interfaces, lambda expressions, method references, and streams Default and static methods in interfaces Type inference, including the diamond operator for generic types The SafeVarargs annotation The try-with-resources statement New library features such as the Optional interface, java.time, and the convenience factory methods for collections

Abstract: Cyber Security Engineering is the definitive modern reference and tutorial on the full range of capabilities associated with modern cyber security engineering. Pioneering software assurance experts Dr. Nancy R. Mead and Dr. Carol C. Woody bring together comprehensive best practices for building software systems that exhibit superior operational security, and for considering security throughout your full system development and acquisition lifecycles. Drawing on their pioneering work at the Software Engineering Institute (SEI) and Carnegie Mellon University, Mead and Woody introduce seven core principles of software assurance, and show how to apply them coherently and systematically. Using these principles, they help you prioritize the wide range of possible security actions available to you, and justify the required investments. Cyber Security Engineering guides you through risk analysis, planning to manage secure software development, building organizational models, identifying required and missing competencies, and defining and structuring metrics. Mead and Woody address important topics, including the use of standards, engineering security requirements for acquiring COTS software, applying DevOps, analyzing malware to anticipate future vulnerabilities, and planning ongoing improvements. This book will be valuable to wide audiences of practitioners and managers with responsibility for systems, software, or quality engineering, reliability, security, acquisition, or operations. Whatever your role, it can help you reduce operational problems, eliminate excessive patching, and deliver software that is more resilient and secure.

Abstract: Java® Performance Companion shows how to systematically and proactively improve Java performance with today's advanced multicore hardware and complex operating system environments. The authors, who are all leading Java performance and Java HotSpot VM experts, help you improve performance by using modern software engineering practices, avoiding common mistakes, and applying tips and tricks gleaned from years of real-world experience. Picking up where Charlie Hunt and Binu John's classic Java Performance left off, this book provides unprecedented detail on two powerful Java platform innovations: the Garbage First (G1) garbage collector and the HotSpot VM Serviceability Agent. Coverage includes Leveraging G1 to overcome limitations in parallel, serial, and CMS garbage collection Understanding each stage of G1 GC collections, both young and old Getting under the hood with G1 and efficiently fine-tuning it for your application Identifying potential optimizations, interpreting experimental results, and taking action Exploring the internals of the HotSpot VM Using HotSpot VM Serviceability Agent to analyze, triage, and resolve diverse HotSpot VM issues Troubleshooting out of memory errors, Java level deadlocks, and HotSpot VM crashes Extending the Serviceability Agent, and using the Plugin for VisualVM Mastering useful HotSpot VM command line options not covered in Java™ Performance Java® Performance Companion can help you squeeze maximum performance and value from Java with JDK 8 or 9-for any application, in any environment. Register your product at informit.com/register for convenient access to downloads, updates, and corrections as they become available.

Abstract: "With this book, Ted Neward helps you make the leap from being a good Java enterprise developer to a great developer!" -John Crupi, Sun Distinguished Engineer coauthor, Core J2EE Patterns If you want to build better Java enterprise applications and work more efficiently, look no further. Inside, you will find an accessible guide to the nuances of Java 2 Platform, Enterprise Edition (J2EE) development. Learn how to: Use in-process or local storage to avoid the network, see item 44 Set lower isolation levels for better transactional throughput, see item 35 Use Web services for open integration, see item 22 Consider your lookup carefully, see item 16 Pre-generate content to minimize processing, see item 55 Utilize role-based authorization, see item 63 Be robust in the face of failure, see item 7 Employ independent JREs for side-by-side versioning, see item 69 Ted Neward provides you with 75 easily digestible tips that will help you master J2EE development on a systemic and architectural level. His panoramic look at the good, the bad, and the ugly aspects of J2EE development will address your most pressing concerns. Learn how to design your enterprise systems so they adapt to future demands. Improve the efficiency of your code without compromising its correctness. Discover how to implement sophisticated functionality that is not directly supported by the language or platform. After reading Effective Enterprise Java , you will know how to design and implement better, more scalable enterprise-scope Java software systems.

Abstract: In this authoritative book, widely respected practitioner and teacher Matt Bishop presents a clear and useful introduction to the art and science of information security. Bishop's insights and realistic examples will help any practitioner or student understand the crucial links between security theory and the day-to-day security challenges of IT environments. Bishop explains the fundamentals of security: the different types of widely used policies, the mechanisms that implement these policies, the principles underlying both policies and mechanisms, and how attackers can subvert these tools--as well as how to defend against attackers. A practicum demonstrates how to apply these ideas and mechanisms to a realistic company. Coverage includes Confidentiality, integrity, and availability Operational issues, cost-benefit and risk analyses, legal and human factors Planning and implementing effective access control Defining security, confidentiality, and integrity policies Using cryptography and public-key systems, and recognizing their limits Understanding and using authentication: from passwords to biometrics Security design principles: least-privilege, fail-safe defaults, open design, economy of mechanism, and more Controlling information flow through systems and networks Assuring security throughout the system lifecycle Malicious logic: Trojan horses, viruses, boot sector and executable infectors, rabbits, bacteria, logic bombs--and defenses against them Vulnerability analysis, penetration studies, auditing, and intrusion detection and prevention Applying security principles to networks, systems, users, and programs Introduction to Computer Security is adapted from Bishop's comprehensive and widely praised book, Computer Security: Art and Science. This shorter version of the original work omits much mathematical formalism, making it more accessible for professionals and students who have a less formal mathematical background, or for readers with a more practical than theoretical interest.

Abstract: Stories about hacking, stolen credit card numbers, computer viruses, and identity theft are all around us, but what do they really mean to us? The goal of this book, quite simply, is to help educate people on the issues with high-tech crimes. High-Tech Crimes Revealed: Cyberwar Stories from the Digital Front demystifies the risks and realities of high-tech crimes. Demystifying these crimes and raising the awareness of users of technology will make people smarter and safer, and that will make all of us safer in the long run. Steven Branigan shares the inside details of real cases he worked on in his various roles in law-enforcement, information technology, and security. The result is a comprehensive, accessible look at how digital crimes are discovered, what techniques the criminals use and why, and (in some cases) how they can be brought to justice. Inside, you'll find extensive information on Actual hacker investigations, including the harm caused and how the criminals were tracked and caught The ins and outs of identity theft, a rapidly growing crime with potential for serious damage Using the criminology and psychology of hackers to detect and deter attacks The risks associated with various technologies Do's and don'ts for high-tech criminal investigations This easily understandable book will take you beyond hearing about high-tech crimes to actually understanding how and why they happen-and what can be done to protect yourself. "Most books on this topic impart knowledge in the form of techniques and methods. This book differs in that it imparts Steven Branigan's experience in the field, and real case studies in which problems are framed and effective solutions are crafted. In this respect this book imparts not only knowledge, but Steve's experience and wisdom as well." -Mike Tarrani, Independent Consultant "Steven Branigan provides a gripping account of what's involved in investigating computer crime. I strongly recommend this book to any security practitioner or anyone with an interest in computer security." -Michael Nickle, Lead Consultant, VeriSign "Being on the inside of several high-tech busts has given Steven Branigan the ability to make this book intriguing enough to keep high-tech types interested, while also doing a superb job of demystifying these real-life cases in a way that anyone can read and enjoy." -David Kensiski, Director of Operations, InfiniRoute Networks "The modern high-tech industry brought new things to our lives. B...

Abstract: Praise for Exploiting Software " Exploiting Software highlights the most critical part of the software quality problem. As it turns out, software quality problems are a major contributing factor to computer security problems. Increasingly, companies large and small depend on software to run their businesses every day. The current approach to software quality and security taken by software companies, system integrators, and internal development organizations is like driving a car on a rainy day with worn-out tires and no air bags. In both cases, the odds are that something bad is going to happen, and there is no protection for the occupant/owner. This book will help the reader understand how to make software quality part of the design--a key change from where we are today!" -- Tony Scott Chief Technology Officer, IS&S General Motors Corporation "It's about time someone wrote a book to teach the good guys what the bad guys already know. As the computer security industry matures, books like Exploiting Software have a critical role to play." -- Bruce Schneier Chief Technology Officer Counterpane Author of Beyond Fear and Secrets and Lies " Exploiting Software cuts to the heart of the computer security problem, showing why broken software presents a clear and present danger. Getting past the 'worm of the day' phenomenon requires that someone other than the bad guys understands how software is attacked. This book is a wake-up call for computer security." -- Elinor Mills Abreu Reuters' correspondent "Police investigators study how criminals think and act. Military strategists learn about the enemy's tactics, as well as their weapons and personnel capabilities. Similarly, information security professionals need to study their criminals and enemies, so we can tell the difference between popguns and weapons of mass destruction. This book is a significant advance in helping the 'white hats' understand how the 'black hats' operate. Through extensive examples and 'attack patterns,' this book helps the reader understand how attackers analyze software and use the results of the analysis to attack systems. Hoglund and McGraw explain not only how hackers attack servers, but also how malicious server operators can attack clients (and how each can protect themselves from the other). An excellent book for practicing security engineers, and an ideal book for an undergraduate class in software security." -- Jeremy Epstein Director, Product Security & Performance webMethods, Inc. "A provocative and revealing book from two leading security experts and world class software exploiters, Exploiting Software enters the mind of the cleverest and wickedest crackers and shows you how they think. It illustrates general principles for breaking software, and provides you a whirlwind tour of techniques for finding and exploiting software vulnerabilities, along with detailed examples from real software exploits. Exploiting Software is essential reading for anyone responsible for placing software in a hostile environment--that is, everyone who writes or installs programs that run on the Internet." -- Dave Evans, Ph.D. Associate Professor of Computer Science University of Virginia "The root cause for most of today's Internet hacker exploits and malicious software outbreaks are buggy software and faulty security software deployment. In Exploiting Software, Greg Hoglund and Gary McGraw help us in an interesting and provocative way to better defend ourselves against malicious hacker attacks on those software loopholes. The information in this book is an essential reference that needs to be understood, digested, and aggressively addressed by IT and information security professionals everywhere." -- Ken Cutler, CISSP, CISA Vice President, Curriculum Development & Professional Services, MIS Training Institute "This book describes the threats to software in concrete, understandable, and frightening detail. It also discusses how to find these problems before the bad folks do. A valuable addition to every programmer's and security person's library!" -- Matt Bishop, Ph.D. Professor of Computer Science University of California at Davis Author of Computer Security: Art and Science "Whether we slept through software engineering classes or paid attention, those of us who build things remain responsible for achieving meaningful and measurable vulnerability reductions. If you can't afford to stop all software manufacturing to teach your engineers how to build secure software from the ground up, you should at least increase awareness in your organization by demanding that they read Exploiting Software. This book clearly demonstrates what happens to broken software in the wild." -- Ron Moritz, CISSP Senior Vice President, Chief Security Strategist Computer Associates " Exploiting Software is the most up-to-date technical treatment of software security I have seen. If you worry about software and application vulnerability, Exploiting Software is a must-read. This book gets at all the timely and important issues surrounding software security in a technical, but still highly readable and engaging, way. Hoglund and McGraw have done an excellent job of picking out the major ideas in software exploit and nicely organizing them to make sense of the software security jungle." -- George Cybenko, Ph.D. Dorothy and Walter Gramm Professor of Engineering, Dartmouth Founding Editor-in-Chief, IEEE Security and Privacy "This is a seductive book. It starts with a simple story, telling about hacks and cracks. It draws you in with anecdotes, but builds from there. In a f.

Abstract: " J2EE™ Web Services is written in the tradition of great books people have come to expect from author Richard Monson-Haefel. More than a complete and concise Web services reference, this essential guide is the way for J2EE developers to quickly master Web services architecture and development." - Floyd Marinescu Author, EJB Design Patterns Director, TheServerSide.com "Written in a straightforward and approachable style, Monson-Haefel's latest book is a mustread for any Java developer who is serious about understanding and applying the J2EE APIs in support of Web services. By concentrating on the core technologies endorsed by the WS-I, it clearly explains why Web services will succeed in realizing the interoperability promise where previous attempts have failed." - James McCabe Software IT Architect IBM "This is the best-and most complete-description of J2EE Web services that I've seen. If you're a Java developer, you need this book." - David Chappell Chappell & Associates "For Java Web service developers, this book is going to be there on their desk next to their PC for easy reference. The book has it all, clear guides as to what WSDL, SAAJ, UDDI are, and how they are used in a variety of examples. Monson-Haefel has created another classic with this volume." - Dr. Bruce Scharlau Department of Computing Science University of Aberdeen, Scotland "Richard Monson-Haefel provides the most comprehensive analysis of J2EE Web services that I've seen so far to date. This book covers the core Web services technologies (XML, SOAP, WSDL, and UDDI), as well as the Java APIs for Web services (JAX-RPC, SAAJ, JAXR, JAXP, and Web Services for J2EE, version 1.1). Richard also goes into detail on issues such as fault handling, type mapping, and JAX-RPC handlers. Developers will find this book to be a very valuable reference." - Anne Thomas Manes Research Director, Burton Group Author, Web Services: A Manager's Guide " J2EE™ Web Services is an excellent reference and tutorial for both beginning and seasoned Web services architects and developers. This book is the first to fully cover the WS-I 1.0 Web services standards and their integration with J2EE 1.4 components. Spend time with this book, and you'll soon master J2EE Web Services and be able to successfully use this technology to solve key business integration problems in your enterprise." - Tom Marrs Senior J2EE/XML/Web Services Architect Distributed Computing Solutions, Inc. Web services are revolutionizing ...

Abstract: Written by Sun Microsystems' Java™ BluePrints team, Designing Web Services with the J2EE™ 1.4 Platform is the authoritative guide to the best practices for designing and integrating enterprise-level Web services using the Java 2 Platform, Enterprise Edition (J2EE) 1.4. This book provides the guidelines, patterns, and real-world examples architects and developers need in order to shorten the learning curve and start building robust, scalable, and portable solutions. The authors use the Java Adventure Builder application to bring the design process to life and help illustrate the use of Java APIs for XML Processing (JAXP), Java APIs for XML-Based RPC (JAX-RPC), and other Web service and Java-XML technologies. Key topic coverage includes: Web service requirements and design issues Support for Web services provided by the J2EE 1.4 platform Designing and implementing Web service end points Writing efficient Web service client applications Designing and developing XML-based applications Integrating applications and data using Web services The J2EE platform security model as it applies to Web services A coherent programming model for designing and developing Web service endpoints and clients Designing Web Services with the J2EE™ 1.4 Platform provides the insight, advice, and detail that make it easier to create effective Web service applications using the J2EE 1.4 platform.

Abstract: The J2EE™ Tutorial, Second Edition , is the complete guide to all major components of the Java 2 Platform, Enterprise Edition (J2EE) version 1.4. Written by members of the J2EE platform team at Sun Microsystems, this is the task-oriented and example-driven book that will have new and intermediate Java programmers building J2EE applications right away. The first chapters introduce the J2EE 1.4 platform architecture and APIs, the Sun Java System Application Server Platform Edition 8, and the basics of working with XML and Web applications. The greater part of the book is devoted to describing and demonstrating the Java XML, Web-tier, and Enterprise JavaBeans technologies and platform services. Extensive examples and case studies show you how to put these technologies to work in the real world. The technologies and services detailed include: Java API for XML Processing (JAXP) Java API for XML-Based RPC (JAX-RPC) SOAP with Attachments API for Java (SAAJ) Java API for XML Registries (JAXR) Java Servlet JavaServer Pages (JSP) JSP Standard Tag Library (JSTL) JavaServer Faces Internationalization and localization Enterprise JavaBeans (EJB) Transactions Resource connections Security Java Message Service API (JMS API) The J2EE™ Tutorial, Second Edition, will give you a head start in developing and deploying J2EE applications. The accompanying CD-ROM includes the tutorial examples (binary and source code) and the J2EE Software Development Kit, Enterprise Edition 1.4 (J2EE 1.4 SDK), which contains the Sun Java System Application Server Platform Edition 8, Java 2 Software Development Kit (J2SE SDK), and BluePrints sample applications.

Abstract: Enterprise Java™ Security: Building Secure J2EE™ Applications provides application developers and programmers with the know-how they need to utilize the latest Java security technologies in building secure enterprise infrastructures. Written by the leading Java security experts at IBM, this comprehensive guide covers the current status of the Java™ 2 Platform, Enterprise Edition (J2EE), and Java™ 2 Platform, Standard Edition (J2SE™), security architectures and offers practical solutions and usage patterns to address the challenges of Java security. To aid developers who need to build secure J2EE applications, Enterprise Java™ Security covers at length the J2EE security technologies, including the security aspects of servlets, JavaServer Pages(TM) (JSP™), and Enterprise JavaBeans™ (EJB™)-technologies that are at the core of the J2EE architecture. In addition, the book covers Web Services security. Examples and sample code are provided throughout the book to give readers a solid understanding of the underlying technology. The relationship between Java and cryptographic technologies is covered in great detail, including: Java Cryptography Architecture (JCA) Java Cryptography Extension (JCE) Public-Key Cryptography Standards (PKCS) Secure/Multipurpose Internet Mail Extensions (S/MIME) Java Secure Socket Extension (JSSE)

Abstract: "I had a question about how to use a new Eclipse 3.0 feature, job scheduling, so I thought I would try out this book. I immediately found the answer with a concise explanation. Cool!" --Erich Gamma Official Eclipse 3.0 FAQs is the convenient source for answers to your most crucial questions about writing Eclipse plug-ins. Whether you're creating simple extensions for personal use or commercial Eclipse-based applications, you'll find hundreds of concise solutions here--including many that aren't answered anywhere else. John Arthorne and Chris Laffra have worked with Eclipse technology since the very beginning; both are active members of the Eclipse development community and frequently answer questions on Eclipse newsgroups and mailing lists. Here, they cover an extraordinary range of topics, from workspace management to documentation, SWT to JFace, JDT to natural language support. Many FAQs include code samples and references to other information, making the book an invaluable desk reference for anyone working with Eclipse. Just a few of the 350+ questions answered here... How do I upgrade Eclipse? Page 29 What is new in Eclipse 3.0? Page 34 How can I add my views and actions to an existing perspective? Page 187 How do I set up a Java project to share in a repository? Page 58 How do I declare my own extension point? Page 74 How do I display a Web page in SWT? Page 141 How do I support multiple natural languages in my plug-in messages? Page 253 How do I save settings for a dialog or wizard? Page 166 How do I provide syntax coloring in an editor? Page 269 How do I hook into global actions, such as Copy and Delete? Page 225 How do I create a Rich Client application? Page 241 What is the purpose of activities? Page 229 How do I create and examine an AST? Page 369

Abstract: When an intruder, worm, virus, or automated attack succeeds in targeting a computer system, having specific controls and a response plan in place can greatly lessen losses. Accordingly, businesses are realizing that it is unwise to invest resources in preventing computer-related security incidents without equal consideration of how to detect and respond to such attacks and breaches. The Effective Incident Response Team is the first complete guide to forming and managing a Computer Incident Response Team (CIRT). In this book, system and network administrators and managers will find comprehensive information on establishing a CIRT's focus and scope, complete with organizational and workflow strategies for maximizing available technical resources. The text is also a valuable resource for working teams, thanks to its many examples of day-to-day team operations, communications, forms, and legal references. IT administrators and managers must be prepared for attacks on any platform, exploiting any vulnerability, at any time. The Effective Incident Response Team will guide readers through the critical decisions involved in forming a CIRT and serve as a valuable resource as the team evolves to meet the demands of ever-changing vulnerabilities. Inside, readers will find information on: Formulating reactive or preventative operational strategy Forming, training, and marketing the CIRT Selecting penetration-testing, intrusion-detection, network-monitoring, and forensics tools Recognizing and responding to computer incidents and attacks, including unauthorized access, denial-of-service attacks, port scans, and viruses Tracking, storing, and counting incident reports and assessing the cost of an incident Working with law enforcement and the legal community Benefiting from shared resources Scrutinizing closed incidents to further prevention Offering services such as user-awareness training, vulnerability and risk assessments, penetration testing, and architectural reviews Communicating the CIRT's return on investment through management reporting 0201761750B10062003

Abstract: "Ajay and Scott take an interesting approach in filling Defend I.T. with case studies and using them to demonstrate important security principles. This approach works well and is particularly valuable in the security space, where companies and consultants are often hesitant to discuss true security incidents for potential embarrassment and confidentiality reasons. Defend I.T. is full of engaging stories and is a good read." --Fyodor, author of the Nmap Security Scanner and Insecure.Org " Defend I.T. answers reader demand for scenario-driven examples. Security professionals will be able to look at these case studies and relate them to their own experiences. That sets this book apart." --Lance Hayden, Cisco Systems "This is an exciting book! It's like reading several mysteries at once from different viewpoints, with the added benefit of learning forensic procedures along the way. Readers will benefit from the procedures, and the entertaining presentation is a real plus." --Elizabeth Zinkann, Equilink Consulting The battle between IT professionals and those who use the Internet for destructive purposes is raging--and there is no end in sight. Reports of computer crime and incidents from the CERT Coordination Center at Carnegie Mellon University more than double each year and are expected to rise. Meanwhile, viruses and worms continue to take down organizations for days. Defend I.T.: Security by Example draws on detailed war stories to identify what was done right and what was done wrong in actual computer-security attacks, giving you the opportunity to benefit from real experiences. Approaches to securing systems and networks vary widely from industry to industry and organization to organization. By examining a variety of real-life incidents companies are too embarrassed to publicly share, the authors explain what could have been done differently to avoid the losses incurred--whether creating a different process for incident response or having better security countermeasures in place to begin with. Inside, you'll find in-depth case studies in a variety of categories: Basic Hacking: Blackhat bootcamp, including mapping a network, exploiting vulnerable architecture, and launching denial-of-service attacks Current Methods: The latest in malicious deeds, including attacks on wireless networks, viruses and worms, and compromised Web servers Additional Items on the Plate: Often overlooked security measures such as developing a security policy, intrusio...

Abstract: "As usual, Keith masterfully explains complex security issues in down-to-earth and easy-to-understand language. I bet you'll reach for this book often when building your next software application." --Michael Howard, coauthor, Writing Secure Code "When it comes to teaching Windows security, Keith Brown is 'The Man.' In The .NET Developer's Guide to Windows Security, Keith has written a book that explains the key security concepts of Windows NT, Windows 2000, Windows XP, and Windows Server 2003, and teaches you both how to apply them and how to implement them in C# code. By organizing his material into short, clear snippets, Brown has made a complicated subject highly accessible." --Martin Heller, senior contributing editor at Byte.com and owner of Martin Heller & Co. "Keith Brown has a unique ability to describe complex technical topics, such as security, in a way that can be understood by mere mortals (such as myself). Keith's book is a must read for anyone attempting to keep up with Microsoft's enhancements to its security features and the next major version of .NET." --Peter Partch, principal software engineer, PM Consulting "Keith's book is a collection of practical, concise, and carefully thought out nuggets of security insight. Every .NET developer would be wise to keep a copy of this book close at hand and to consult it first when questions of security arise during application development." --Fritz Onion, author of Essential ASP.NET with Examples in C# The .NET Developer's Guide to Windows Security is required reading for .NET programmers who want to develop secure Windows applications. Readers gain a deep understanding of Windows security and the know-how to program secure systems that run on Windows Server 2003, Windows XP, and Windows 2000. Author Keith Brown crystallizes his application security expertise into 75 short, specific guidelines. Each item is clearly explained, cross-referenced, and illustrated with detailed examples. The items build on one another until they produce a comprehensive picture of what tools are available and how developers should use them. The book highlights new features in Windows Server 2003 and previews features of the upcoming version 2.0 of the .NET Framework. A companion Web site includes the source code and examples used throughout the book. Topics covered include: Kerberos authentication Access control Impersonation Network security Constrained delegation Protocol transition Securing enterprise servi...

Abstract: "Both novice and seasoned readers will come away with an increased understanding of how Web hacking occurs and enhanced skill at developing defenses against such Web attacks. Technologies covered include Web languages and protocols, Web and database servers, payment systems and shopping carts, and critical vulnerabilities associated with URLs. This book is a virtual battle plan that will help you identify and eliminate threats that could take your Web site off line..." --From the Foreword by William C. Boni, Chief Information Security Officer, Motorola "Just because you have a firewall and IDS sensor does not mean you aresecure; this book shows you why." --Lance Spitzner, Founder, The Honeynet Project Whether it's petty defacing or full-scale cyber robbery, hackers are moving to the Web along with everyone else. Organizations using Web-based business applications are increasingly at risk. Web Hacking: Attacks and Defense is a powerful guide to the latest information on Web attacks and defense. Security experts Stuart McClure (lead author of Hacking Exposed ), Saumil Shah, and Shreeraj Shah present a broad range of Web attacks and defense. Features include: Overview of the Web and what hackers go after Complete Web application security methodologies Detailed analysis of hack techniques Countermeasures What to do at development time to eliminate vulnerabilities New case studies and eye-opening attack scenarios Advanced Web hacking concepts, methodologies, and tools "How Do They Do It?" sections show how and why different attacks succeed, including: Cyber graffiti and Web site defacements e-Shoplifting Database access and Web applications Java™ application servers; how to harden your Java™ Web Server Impersonation and session hijacking Buffer overflows, the most wicked of attacks Automated attack tools and worms Appendices include a listing of Web and database ports, cheat sheets for remote command execution, and source code disclosure techniques. Web Hacking informs from the trenches. Experts show you how to connect the dots--how to put the stages of a Web hack together so you can best defend against them. Written for maximum brain absorption with unparalleled technical content and battle-tested analysis, Web Hacking will help you combat potentially costly security threats and attacks. 0201761769B07192002

Abstract: Java is now used with increasing frequency to develop mission-critical applications. Using Java Management Extensions (JMX) is the key to managing those applications. As JMX is increasingly accepted into the fields of embedded systems, enterprise systems, and telephony, it is clear that all Java developers will encounter JMX before long. Java™ and JMX: Building Manageable Systems is the definitive guide to JMX, combining an introduction to the technology with extensive coverage that will make this book a favorite reference. Much more than just an explanation of the JMX specifications, this book can drastically reduce a reader's JMX learning curve by explaining how to develop management requirements and apply JMX to them. The book's coverage includes: A management primer for Java programmers and architects A historical perspective on the evolution of JMX and its relation to other management standards, including SNMP, CIM/WBEM, TMN, and CMIP Development of JMX Manageable Resources with Standard and Dynamic MBeans Development with Model MBeans as customizable generic instrumentation using both the JMX APIs and XML files MBeanServer, including the MBean registry and object naming scheme, the generic MBean interface, and the query mechanism JMX Monitors and Notifications MBeanServer Services including the timer, relationship, and dynamic loading, along with custom services for XML services, HTTP adapters, RMI connectors, and security exposures and permissions JMX best practices, including deployment patterns, instrumentation patterns, federation patterns, and best practices JMX integration into J2EE and the JSR077 management models in J2EE 1.4 Using JMX to manage Web services from the perspective of service providers, registry providers, and users Written with an unparalleled degree of in-the-trenches familiarity and full of practical examples and working sample code, Java™ and JMX is a must-have introduction, technological guide, and reference for Java architects and developers. 0672324083B12052002

Abstract: How well a Web site performs while receiving heavy user traffic is an essential factor in an organization's overall success. How can you be sure your site will hold up under pressure? Performance Analysis for Java™ Web Sites is an information-packed guide to maximizing the performance of Java-based Web sites. It approaches these sites as systems, and considers how the various components involved, such as networks, Java™ Virtual Machines, and backend systems, potentially impact overall performance. This book provides detailed best practices for designing and developing high-performance Java Web applications, and instructions for building and executing relevant performance tests to gauge your site's ability to handle customer traffic. Also included is information on how to use the results of performance testing to generate accurate capacity plans. Readers will find easy-to-understand explanations of fundamental performance principles and terminology. The book runs through performance profiles for common types of Web sites, including e-commerce, B2B, financial, and information exchange. Numerous case studies illustrate important ideas and techniques. Practical throughout, the book also offers a discussion on selecting the right test tools and troubleshooting common bottlenecks frequently revealed by testing. Other specific topics include: Performance best practices for servlets, JavaServer Pages™, and Enterprise JavaBeans™ The impact of servlets, threads, and queuing on performance The frozen Web site danger Java™ Virtual Machine garbage collection and multithreading issues The performance impact of routers, firewalls, proxy servers, and NICs Test scenario and script building Test execution and monitoring, including potential pitfalls Tuning the Web site environment Component monitoring (servers, Java™ Virtual Machines, and networks) Symptoms and solutions of common bottleneck issues Analysis and review of performance test results Performance Analysis for Java™ Web Sites not only provides clear explanations and expert practical guidance, it also serves as a reference, with extensive appendixes that include worksheets for capacity planning, checklists to help you prepare for different stages of performance testing, and a list of performance-test tool vendors. 0201844540B08142002

Abstract: Two of the most significant technological development trends of the past few years have been the Java 2 Platform, Enterprise Edition (J2EE), a platform specifically geared to the needs of enterprise systems, and the Rational Unified Process (RUP), a comprehensive development methodology. Building J2EE™ Applications with the Rational Unified Process is the first book to bring these two key development concepts together. Featuring a non-trivial sample application, the book demonstrates a customized subset of RUP that is relevant and essential to J2EE development. The text guides readers through the entire development process, from initial requirements gathering through system implementation, illuminating real-world intricacies, complications, tradeoffs, and decision making. The book presents a review of the latest releases of J2EE and RUP, emphasizing the rationale behind their content. A developer roadmap helps readers navigate the development process successfully, and detailed discussions of each aspect of the process reveal practical strategies and techniques. Also provided is detailed coverage of the key aspects behind any successful software development effort: Requirements, including use-case modeling and the gathering of architecturally significant requirements Analysis, including the transformation of requirements into a first-cut design model and a user-experience model Design, including the refinement of a design model, introducing interfaces, framework components, design classes, and use-case realizations Implementation, including the creation of source code and executable code based on the design, and the production of J2EE modules necessary for deployment Architectural concerns, including the production of a Software Architecture Document, Deployment Model, and Data Model The use of patterns, in particular J2EE design patterns The use of UML to model J2EE technologies such as Enterprise JavaBeans™ Written for anyone working in J2EE or using RUP, this book is an comprehensive guide that reveals how J2EE and the Rational Unified Process come together to produce a powerful, efficient, and effective approach to enterprise application development. Forewords were prepared by John Crupi, Distinguished Engineer at Sun Microsystems (and coauthor of Core J2EE Patterns, Prentice Hall, 2001), and Philippe Kruchten, Director of RUP Development at Rational Software (and author of The Rational Unified Process, Addison-Wesley, 2000). 0201791668B072...

Abstract: Praise for Elliotte Rusty Harold's Processing XML with Java ™ "The sophistication and language are very appropriate for Java and XML application developers. You can tell by the way the author writes that he too is a developer. He delves very deeply into the topics and has really taken things apart and investigated how they work. I especially like his coverage of 'gotchas,' pitfalls, and limitations of the technologies." - John Wegis , Web Engineer, Sun Microsystems, Inc. "Elliotte has written an excellent book on XML that covers a lot of ground and introduces current and emerging technologies. He helps the novice programmer understand the concepts and principles of XML and related technologies, while covering the material at a level that's deep enough for the advanced developer. With a broad coverage of XML technologies, lots of little hints, and information I haven't seen in any other book on the topic, this work has become a valuable addition to my technical library." - Robert W. Husted , Member, Technical Staff, Requisite Technology, Inc. "The code examples are well structured and easy to follow. They provide real value for someone writing industrial-strength Java and XML applications. The time saved will repay the cost of this book a hundred times over. "The book also contains more of the pearls of wisdom we've come to expect from Elliotte Rusty Harold-the kind of pointers that will save developers weeks, if not months, of time." - Ron Weber , Independent Software Consultant Written for Java programmers who want to integrate XML into their systems, this practical, comprehensive guide and reference shows how to process XML documents with the Java programming language. It leads experienced Java developers beyond the basics of XML, allowing them to design sophisticated XML applications and parse complicated documents. Processing XML with Java™ provides a brief review of XML fundamentals, including XML syntax; DTDs, schemas, and validity; stylesheets; and the XML protocols XML-RPC, SOAP, and RSS. The core of the book comprises in-depth discussions on the key XML APIs Java programmers must use to create and manipulate XML files with Java. These include the Simple API for XML (SAX), the Document Object Model (DOM), and JDOM (a Java native API). In addition, the book covers many useful supplements to these core APIs, including XPath, XSLT, TrAX, and JAXP. Practical in focus, Processing XML with Java™ is filled with over two hundred examples that ...

Abstract: A new edition of this title is available, ISBN-10: 0321556054 ISBN-13: 9780321556059

Abstract: "This is an excellent text that should be read by every computer security professional and student." -Dick Kemmerer, University of California, Santa Barbara. "This is the most complete book on information security theory, technology, and practice that I have encountered anywhere!" -Marvin Schaefer, Former Chief Scientist, National Computer Security Center, NSA This highly anticipated book fully introduces the theory and practice of computer security. It is both a comprehensive text, explaining the most fundamental and pervasive aspects of the field, and a detailed reference filled with valuable information for even the most seasoned practitioner. In this one extraordinary volume the author incorporates concepts from computer systems, networks, human factors, and cryptography. In doing so, he effectively demonstrates that computer security is an art as well as a science. Computer Security: Art and Science includes detailed discussions on: The nature and challenges of computer security The relationship between policy and security The role and application of cryptography The mechanisms used to implement policies Methodologies and technologies for assurance Vulnerability analysis and intrusion detection Computer Security discusses different policy models, and presents mechanisms that can be used to enforce these policies. It concludes with examples that show how to apply the principles discussed in earlier sections, beginning with networks and moving on to systems, users, and programs. This important work is essential for anyone who needs to understand, implement, or maintain a secure network or computer system. 0201440997B10252002

Abstract: Building Scalable and High-Performance Java™ Web Applications Using J2EE™ Technology provides the concise roadmap Java developers and Web engineers need to build high-performance and scalable enterprise Web applications. It is unique in its focus on building efficient end-to-end solutions based on the widely adopted J2EE specification. Each of the relevant technologies is summarized and analyzed in terms of its scalability and performance implications. Special attention is also given to those parts of Web application design that extend beyond the J2EE specification, including strategies for efficient networking and database design. Packed with general system architecture tips and balanced with succinct examples for each technology, this book allows you to focus on practical strategies for effective application design without getting overwhelmed with useless detail. As a result, you will quickly and easily be able to understand how to use J2EE technologies to build application systems that deliver scalability and high performance. Coverage includes: Essentials of Web application architecture The J2EE standard General techniques for building scalable and high-performance systems The HTTP protocol, with special focus on features that maximize performance Java™ Servlets and JavaServer Pages™ (JSP) Enterprise JavaBeans™ (EJB) Java™ Message Service (JMS) Effective database design techniques Efficient database management with JDBC™ and SQL Essentials of Web Services, including XML, SOAP, WSDL, and UDDI A CD-ROM with relevant source code from various chapters accompanies this book. 0201729563B12172001

Abstract: Java™ Message Service API Tutorial and Reference provides a clear and complete introduction to the Java™ Message Service (JMS) API. This book illustrates how to use the JMS API to build applications that create, send, receive, and read messages. Beginning with comprehensive descriptions of fundamental JMS concepts and building blocks, the coverage extends to all aspects of running and creating JMS applications. Each topic area is supported by relevant and well-crafted JMS program examples that demonstrate how to put the technology to work. The JMS API is an integral part of the Java 2 Platform, Enterprise Edition (J2EE™ platform). Developed by Sun Microsystems in close cooperation with enterprise messaging partners, JMS works together with other technologies to provide reliable, asynchronous communication between components in a distributed computing environment. It delivers a new, powerful tool for enterprise messaging--the cornerstone of today's enterprise applications. You will find in-depth coverage on how to: Create and run JMS client programs Use the JMS API within the J2EE platform Consume messages asynchronously with a message-driven bean Produce messages from an application client and from a session bean Access an entity bean from a message-driven bean Create applications for the J2EE platform that use the JMS API to Consume messages Produce messages Access an entity bean From BytesMessage to TransactionRolledBackException, a useful alphabetical reference provides complete information on all facets of the JMS API. Additionally, the tutorial example programs are downloadable from the Sun Web site, so that you can adapt them to implementations of the JMS API and the J2EE platform. Written by an expert team, the book offers an unparalleled technical understanding of JMS and its integration into the J2EE platform. Its thorough and practical coverage of JMS makes it easy for developers working in a distributed Java technology environment, and those familiar with the J2EE platform, to efficiently integrate the JMS API. 0201784726B02212002

Abstract: Java™ is an object-oriented language, but it is also a component-oriented platform. Java's class-loading model and rich type information makes it possible to build flexible and reusable binary components. COMPONENT DEVELOPMENT FOR THE JAVA™ PLATFORM reveals both the potential and pitfalls of developing components using the Java platform. As a platform, Java defines the services needed to connect binary components at runtime safely and reliably. To truly take advantage of all that Java has to offer, you must consider not just development but also deployment, and not just objects but also components. COMPONENT DEVELOPMENT FOR THE JAVA™ PLATFORM delves into the component-oriented features of the Java platform, thoroughly discussing class loading, reflection, serialization, native interoperation, and code generation. KEY TOPICS INCLUDE HOW TO: Use and troubleshoot Class Loaders Build dynamic and generic services through reflection Control an object's serialized representation Load and use native code components Extend the Java class format to add custom services Automate development with code generation This is a cutting-edge approach to Java programming: An emphasis on deployment can be the best way to take advantage of some of the most valuable, yet less heralded, aspects of Java technology. 0201753065B11212001

Abstract: "The text is comprehensive, an honest survey of every honeypot technology I had ever heard of and a number I read about for the first time." --Stephen Northcutt, The SANS Institute "One of the great byproducts of Lance's work with honeypots and honeynets is that he's helped give us a much clearer picture of the hacker in action." --From the Foreword by Marcus J. Ranum "From the basics of shrink-wrapped honeypots that catch script kiddies to the detailed architectures of next-generation honeynets for trapping more sophisticated bad guys, this book covers it all....This book really delivers new information and insight about one of the most compelling information security technologies today." --Ed Skoudis, author of Counter Hack, SANS instructor, and Vice President of Security Strategy for Predictive Systems Honeypots are unique technological systems specifically designed to be probed, attacked, or compromised by an online attacker. Implementing a honeypot provides you with an unprecedented ability to take the offensive against hackers. Whether used as simple "burglar alarms," incident response systems, or tools for gathering information about hacker motives and tactics, honeypots can add serious firepower to your security arsenal. Honeypots: Tracking Hackers is the ultimate guide to this rapidly growing, cutting-edge technology. The book starts with a basic examination of honeypots and the different roles they can play, and then moves on to in-depth explorations of six specific kinds of real-world honeypots: BackOfficer Friendly, Specter™, Honeyd, Homemade honeypots, ManTrap®, and Honeynets. Honeypots also includes a chapter dedicated to legal issues surrounding honeypot use. Written with the guidance of three legal experts, this section explores issues of privacy, entrapment, and liability. The book also provides an overview of the Fourth Amendment, the Electronic Communications Privacy Act, the Wiretap Act, and the Pen/Trap Statute, with an emphasis on how each applies to honeypots. With this book you will gain an understanding of honeypot concepts and architecture, as well as the skills to deploy the best honeypot solutions for your environment. You will arm yourself with the expertise needed to track attackers and learn about them on your own. Security professionals, researchers, law enforcement agents, and members of the intelligence and military communities will find this book indispensable. 0321108957B08282002

Abstract: Praise for Design Patterns Java™ Workbook "An excellent book... I'm incredibly impressed with how readable it is. I understood every single chapter, and I think any reader with any Java familiarity would. This book is going to be required reading in a lot of places, including my office." - Joshua Engel "Provides a new, more Java-literate way to understand the 23 GoF patterns." - Bob Hanmer "This book translates Design Patterns into what Java programmers need to know. It is full of short, engaging programming and design problems with solutions-making it easy for programmers to work through solutions and really make patterns 'stick.'" - Rebecca Wirfs-Brock "This is one exciting book. It's approachable, readable, interesting, instructive, and just plain valuable. It'll eclipse all other books purporting to teach people the GoF patterns in Java-and perhaps any other language." - John Vlissides Java programmers, you now have the resource you need to harness the considerable power of design patterns. This unique book presents examples, exercises, and challenges that will help you apply design pattern theory to real-world problems. Steve Metsker's learn-by-doing approach helps you enhance your practical skills and build the confidence you need to use design patterns effectively in mission-critical applications. Design Patterns Java™ Workbook features the twenty-three foundational design patterns introduced in the classic book Design Patterns (Addison-Wesley, 1995). In this new, hands-on workbook, the patterns are organized into five major categories: interfaces, responsibility, construction, operations, and extensions. Each category begins with a chapter that reviews and challenges your ability to apply facilities built into Java. These introductory sections are followed by chapters that explain a particular pattern in detail, demonstrate the pattern in use with UML diagrams and Java code, and provide programming problems for you to solve. With this book you will build expertise in important areas such as: Adapting domain data to Swing components Creating a FACADE for Swing Handling recursion in composites Understanding the role of BRIDGE in Java database connectivity Making the connection between Model/View/Controller and OBSERVER Maintaining relational integrity with a mediator Using proxies to communicate between computers Letting a service provider decide which class to instantiate Supporting undo operations with MEMENTO Prototyping with clones U...

Abstract: The Java Embedded Server™ from Sun Microsystems, Inc., is a solution for linking consumer devices with services over the Internet. It is based on the Open Services Gateway Initiative (OSGi) Service Gateway Specification 1.0. Written by authors who are intimately involved with the development and implementation of the specification, Programming Open Service Gateways with Java Embedded Server™ Technology reveals the concepts and inner workings of the Java Embedded Server framework and explains how to program and develop services for open gateways using the Java™ programming language. With an emphasis on actual coding, this definitive guide begins by explaining the backdrop in which the residential gateway market emerged. Next, the book discusses the history and mission of the Java Embedded Server product and the OSGi consortium. Throughout the book, the Java Embedded Server technical architecture and the OSGi Service Gateway API are presented with examples and detailed implementations. The book's practical, how-to format shows you how to write code for residential gateway applications that is correct, robust, and efficient while avoiding common traps and pitfalls. Highlights include: Overview of OSGi architecture, including basic concepts and features How to install Java Embedded Server and develop service bundles Design patterns and pitfalls How to use the OSGi standard services: log service and HTTP service OSGi Device Access (DA) service Permission-based security and administration The future undertakings of the OSGi consortium The OSGi Service Gateway Specification 1.0 Programming Open Service Gateways with Java Embedded Server™ Technology gives you an insider's perspective on the development process of new applications and services for the residential gateway environment. 0201711028B09102001

Abstract: "This book covers not just the glamorous aspects such as the intrusion act itself, but all of the pitfalls, contracts, clauses, and other gotchas that can occur. The authors have taken their years of trial and error, as well as experience, and documented a previously unknown black art." --From the Foreword by Simple Nomad, Senior Security Analyst, BindView RAZOR Team Penetration testing--in which professional, "white hat" hackers attempt to break through an organization's security defenses--has become a key defense weapon in today's information systems security arsenal. Through penetration testing, I.T. and security professionals can take action to prevent true "black hat" hackers from compromising systems and exploiting proprietary information. Hack I.T. introduces penetration testing and its vital role in an overall network security plan. You will learn about the roles and responsibilities of a penetration testing professional, the motivation and strategies of the underground hacking community, and potential system vulnerabilities, along with corresponding avenues of attack. Most importantly, the book provides a framework for performing penetration testing and offers step-by-step descriptions of each stage in the process. The latest information on the necessary hardware for performing penetration testing, as well as an extensive reference on the available security tools, is included. Comprehensive in scope Hack I.T. provides in one convenient resource the background, strategies, techniques, and tools you need to test and protect your system--before the real hackers attack. Specific topics covered in this book include: Hacking myths Potential drawbacks of penetration testing Announced versus unannounced testing Application-level holes and defenses Penetration through the Internet, including zone transfer, sniffing, and port scanning War dialing Enumerating NT systems to expose security holes Social engineering methods Unix-specific vulnerabilities, such as RPC and buffer overflow attacks The Windows NT Resource kit Port scanners and discovery tools Sniffers and password crackers Web testing tools Remote control tools Firewalls and intrusion detection systems Numerous DoS attacks and tools 0201719568B01042002

Abstract: Micro Java Games Development explains game development for devices that support J2ME MIDP. The six parts cover a full range of topics, from a tour of all available micro-devices (Palms, cell phones and pagers), a discussion of software standards apart from J2ME (cell phones, messaging, I-mode and wireless enhancements such as Bluetooth), and available J2ME extensions (Siemans, Ericcson, Nokia), development tools and restrictions, to the creation of a meaty J2ME game!

Abstract: In 1997, Microsoft embarked on a "bet the company" strategy that was to reinvent the way the company did business. Even before its release, .NET made major strides in reinventing the way that software developers viewed the software they wrote. Now that it is released, .NET and the .NET Framework will change the software development process for good. .NET Framework Security provides the ultimate high-end comprehensive reference to all of the new security features available in .NET. Through extensive code samples and step-by-step walkthroughs of configuration techniques, the reader is taken deep into the world of secure applications. Demonstrations of creating custom procedures and a full explanation of each aspect separate this book from many other "lecture books." Many of the concepts expressed in this book are not only viable in .NET, but on the Internet in general. These factors combined make this the one reference that every developer and system administrator should have. .NET Framework Security provides An extensive introduction to explanation of Code Access Security, the powerful new security system shipping in the .NET Framework Information on how to write and test safe applications using the .NET Framework Extensive coverage on how to effectively administer .NET Framework security In-depth introduction to the cryptography library shipping in the .NET Framework, including an introduction to XML digital signatures An overview of all of the new security features available in .NET Code samples that can be used to implement security on your own Web site or application Step-by-step guidelines for modifying the various configuration files associated with .NET, and an explanation of the elements involved Instructions for all of the aspects of security in the CLR and what it means How to use ASP.NET to create a secure application Explanations for using the CryptoAPI libraries to create your own custom functionality Guidelines on how to create secure network applications as well as applications that exist on the Internet Detailed examples of how to establish security parameters in IIS that relate to ASP.NET Instructions for administering .NET applications hosted in IE 067232184XB04232002

Abstract: "Building Secure Software cuts to the heart of computer security to help you get security right the first time. If you are serious about computer security, you need to read this book, which includes essential lessons for both security professionals who have come to realize that software is the problem, and software developers who intend to make their code behave. Written for anyone involved in software development and use--from managers to coders--this book is your first step toward building more secure software. Building Secure Software provides expert perspectives and techniques to help you ensure the security of essential software. If you consider threats and vulnerabilities early in the development cycle you can build security into your system. With this book you will learn how to determine an acceptable level of risk, develop security tests, and plug security holes before software is even shipped"--Resource description page.

Abstract: The Java 2 Platform Enterprise Edition (J2EE TM ) offers great promise for dramatically improving the way that enterprise applications are built, and organizations that have adopted the J2EE are gaining a competitive advantage. The industry-standard Unified Modeling Language (UML) has helped countless organizations achieve software success through visual modeling. Together, the UML and J2EE form a powerful set of tools, but the intricacies involved with using them in tandem are considerable. While UML is highly effective for specifying, designing, constructing, visualizing, and documenting software systems, J2EE offers enterprise developers a simplified, component-based approach to application development. However, when using the two technologies together, developers must first consider--and attempt to reconcile--the different characteristics of each. Developing Enterprise Java Applications with J2EE TM and UML examines the best ways to jointly leverage these technologies. Exploring concrete methods for completing a successful development project, the authors cover the use of UML and J2EE in detail. Using practical examples and a case study, they illustrate the pros and cons of specific design approaches, show how personal experience can affect design decisions, and demonstrate proven approaches for building better, software faster. With this book as a guide, developers will be able to overcome the challenges in using UML and J2EE together, and be on their way to building robust, scalable, and complex applications. 0201738295B09042001

Abstract: Written by a world-renowned expert on programming methodology, and the winner of the 2008 Turing Award, this book shows how to build production-quality programs--programs that are reliable, easy to maintain, and quick to modify. Its emphasis is on modular program construction: how to get the modules right and how to organize a program as a collection of modules. The book presents a methodology effective for either an individual programmer, who may be writing a small program or a single module in a larger one; or a software engineer, who may be part of a team developing a complex program comprised of many modules. Both audiences will acquire a solid foundation for object-oriented program design and component-based software development from this methodology. Because each module in a program corresponds to an abstraction, such as a collection of documents or a routine to search the collection for documents of interest, the book first explains the kinds of abstractions most useful to programmers: procedures; iteration abstractions; and, most critically, data abstractions. Indeed, the author treats data abstraction as the central paradigm in object-oriented program design and implementation. The author also shows, with numerous examples, how to develop informal specifications that define these abstractions--specifications that describe what the modules do--and then discusses how to implement the modules so that they do what they are supposed to do with acceptable performance. Other topics discussed include: Encapsulation and the need for an implementation to provide the behavior defined by the specification Tradeoffs between simplicity and performance Techniques to help readers of code understand and reason about it, focusing on such properties as rep invariants and abstraction functions Type hierarchy and its use in defining families of related data abstractions Debugging, testing, and requirements analysis Program design as a top-down, iterative process, and design patterns The Java programming language is used for the book's examples. However, the techniques presented are language independent, and an introduction to key Java concepts is included for programmers who may not be familiar with the language.

Abstract: Parser building is a powerful programming technique that opens a world of opportunity for designing how users interact with applications. By creating mini-languages, you can precisely address the requirements of your application development domain. Writing your own parsers empowers you to access a database more effectively than SQL to efficiently control the movement of an order through its workflow, to command the actions of a robot, and to control access privileges to transactions in a system. The repertoire of today's professional programmer should include the know-how to create custom languages. Building Parsers with Java ™ shows how to create parsers that recognize custom programming languages. This book and its accompanying CD provide an in-depth explanation and clearly written tutorial on writing parsers, following the Interpreter Design Pattern. An easy-to-follow demonstration on how to apply parsers to vital development tasks is included, using more than a hundred short examples, numerous UML diagrams, and a pure Java parser toolkit to illustrate key points. You will learn How to design, code, and test a working parser How to create a parser to read a data language, and how to create new computer languages with XML How to translate the design of a language into code How to accept an arithmetic formula and compute its result How to accept and apply matching expressions like th* one How to use tokenizers to define a parser in terms of logical nuggets instead of individual characters How to build parsers for a custom logic language like Prolog How to build parsers for a custom query language that goes beyond SQL How to construct an imperative language that translates text into commands that direct a sequence of actions 0201719622B04062001

Abstract: Since its introduction, The Java 2 Platform, Enterprise Edition (J2EE) has achieved remarkable success among application server providers and their customers. More than a dozen leading application server companies have announced J2EE compatible products, and over one million developers have downloaded the J2EE SDK from Sun's J2EE Web site (http://java.sun.com/j2ee). Today, numerous enterprises face the challenge of developing distributed applications. IT professionals deal with a variety of issues: connecting dispersed users with centralized applications, building applications quickly and efficiently, and connecting heterogeneous clients and servers. J2EE in Practice provides ten examples of ways that J2EE technology has helped leading corporations, educational institutions, and government organizations face these challenges and reap significant rewards. Chapters in this book explore how: JCrew enhanced its traditional catalog sales operation using J2EE technology from Art Technology Group (ATG). One of the country's largest mortgage companies, HomeSide Lending, produced innovative online lending services using the BEA WebLogic server. The Borland Application Server enabled AT&T Unisource to respond quickly to demand in long-distance voice traffic routing. Codexa Corporation used Brokat's GemStone/J platform to deliver information for widely dispersed financial services professionals. eTapestry.com delivers applications to assist nonprofits in their fundraising using GemStone/J and Sun Microsystem's Forte for Java development environment. Altura International used the HP BlueStone J2EE platform to implement the Web's first online catalog shopping portal, catalogcity.com. IBM customers Honeywell and Bekins use Java technology to improve processes on the manufacturing floor and in the warehousing and delivery of large consumer products. International Data Post (IDP), a service owned by seven European postal operators, brought snail mail to the Internet age using iPlanet's J2EE technology. Physics research institute CERN worked with Oracle to provide electronic document handling services to over 5000 users worldwide. J2EE technology helps the US Military Traffic Management Command, Freight Systems Office (FSO) manage and control costs of small package shipping. 0201746220B01172002

Abstract: A new edition of this title is available, ISBN-10: 0321356683 ISBN-13: 9780321356680

Abstract: Java Card™ technology provides a secure, vendor-independent, ubiquitous Java™ platform for smart cards and other memory constrained devices. It opens the smart card marketplace to third-party application development and enables programmers to develop smart card applications for a wide variety of vendors' products. This book is the comprehensive guide to developing applications with Java Card technology. It introduces you to the Java Card platform and features detailed discussions of programming concepts. It also provides a step-by-step Java Card applet development guide to get you up and running. Specific topics covered include: Smart card basics Java Card virtual machine Persistent and transient objects Atomicity and transactions Handling APDUs Applet firewall and object sharing Java Card platform security A step-by-step applet development guide Applet optimization guidelines A comprehensive reference to Java Card APIs With Java Card technology, smart card programming will finally enter the mainstream of application development. This book provides the authoritative and practical information you need to enter this rapidly growing arena. 0201703297B04062001