Building Computer Security (Building Computer Security discount)
Building Computer Security
About the Book
The hands on guide to get your software project more secure.
Contains wisdom for engineers, software designers, managers and testers. It is written for the skill level from basic to experienced (yellow to brown belt) with a learning curve that will not leave you stranded. Most of the tips in here can be directly used in your project.
This book is focused on the big picture and hands on things - but will also guide you to sources of specific in depth knowledge for specific fields.
Table of Contents
-
Preface
-
This book
- Goals
- Release early, release often
- 80/20 or Pareto Principle
- Form follows function
- All this said…
-
Structure of this book
- Project phases and audience
-
Content
- Background
- Planning
- Programming
- Testing
- Tools
- Bolt-on security
- Offense
- Appendix
-
This book
-
Background
- Intro
-
Basics: Know your enemies
- Hackers
- University researchers
- Script kiddies
- Organized Crime
- Nation state actors (NSA)
- In house attackers
-
Attacker’s goals
- Ransomware
- Mining
- Credential stealing
- Injecting advertising
- Banking
- Wiping
- Sending SPAM
- DDOS for hire
- Proxy for further attacks
- Persistence
- A trick: Living off the land
- A common requirement: C&C server
- Selecting victims
-
Principles
- Bolt-on-security vs security-by-design
- Threat modelling
- Reduce Attack Surface
- Compartmentalisation / Segmentation
- Principle of “Least privilege”
- Updates
- Flexibility
- Do not make mistakes
- De-centralisation
- Fail gracefully
- Monitor / Incident Response
- Educate users
- Defense in Depth
- Filter at the endpoint
- Tripwires
- Slow down the attacker
- Security by Obscurity
- Security Theater
- Hollywood threats
- Further reading
-
Planning
- Intro
-
Software Design
- Infrastructure aka “Establish a Standard Incident Response Process in SDL”
- Complexity
- System architecture
- Set up a reliable build system
- Further reading
-
Threat Modelling
- Security cards
- STRIDE
- Attack tree
- Persona non Grata
- CVSS
- Thorsten Style
- MITRE attack checklist
- OWASP (Open Web Application Security Project)
-
Vulnerabilities
- Vulnerability knowledge pools
- Building bugs and flaws
- CVSS Score
- OWASP Risk Rating
- Security process
- Search engines for exploits and vulnerabilities
- Fixing Bugs - tasks for management
-
Security process
- Basics
- Good and bad ways to find vulnerabilities
- The three steps
- Further Reading
-
Software Design Checklist
- My secret source
- Checklist
- Further reading
-
User interfaces
- Things to do
- Dangerous things - please avoid
- Attacks
- Details for “Things to do”
- Secure setting is default
- Details list of dangerous things
-
Updates
- Things that a good update strategy covers
- Things to avoid
- Response Time
- Update strategy details
- Verify version - only upgrade
- Track distribution
- Be able to stop updates
- Distributing the updates
- Compress updates
- Diff updates
- Incentives
- Plan for several channels
- Automatic updates
- Control the update infrastructure
- Details for things to avoid
- Break the update chain
-
Passwords
- PINs
- Passwords
- Passphrases
- Entropy matters
- Password hints
- Preventing copy & paste
- Forgot password
- TTL for passwords
- Autofill trap
- Stolen passwords
- Cracking passwords
- Keyloggers
- IoT: Initial passwords
- Salting
- Pepper
- Beyond passwords: “Two-factor authentication”
-
Browser security
- Choosing the right browser
- Harden your browser
- Basic browser security philosophy
- Ads/Malvertizing
- Privacy
- Exploit Kits
- Cookies
- Fingerprinting
- TLS/SSL/HTTPS
- BeEF
- Burp Suite
- Attack on Routers
- Phishing
- Pseudonymity
- Crypto mining
- Pony / Fareit
- URL block lists
- Browser god modes
- Further reading
-
Censorship
- Mapping censorship
- Censorship countermeasures
- Further reading
-
IoT security
- Class break
- Interfaces (UART, JTAG)
-
CAN Bus
- can-utils
- Python
- Fuzzing the CAN bus with python
- Further reading
-
Bluetooth LE
- Basics
- Potential attacks
- BLE Security
- Nordic Semiconductor: nRF Connect
- Basic OS tools
- Bleah - Bluetooth LE hacking
- Bluepy - python library for Bluetooth le
- BlueZ
- Adafruit Bluetooth LE sniffer
- Training: BLE CTF (Capture the Flag)
- Further reading
-
TLS aka SSL aka HTTPS
- TLS handshake
- What to encrypt (for web pages)
- Mozilla server side TLS config guide
- Certificates
- Certificate content and structure
- Revocation (OCSP = Online Certificate Status Protocol)
- OCSP Stapling
- Key/Certificate lifetime
- Testing TLS
- HSTS - HTTP Strict Transport Security
- HPKP - HTTP Public Key Pinning
- Certificate Transparency
- UDP: DTLS
- Weaknesses and catastrophes
- Testing SSL
- Further reading
-
Crypto algorithms
- Hash functions
- HMAC or MAC
- Password hash functions
- Stream Ciphers
- Block Ciphers
- Authenticated Encryption
- Asymmetric Ciphers
- Key exchange
- Elliptic Curve Cryptography (ECC)
- Key length
- Further reading
-
Programming
- Intro
-
Requirements for code analysis tools
- Some background
-
Defensive programming
- Short abstract
- TODO
- Typical attacks on programs
- Details todo list
- Basic pattern for C coding
- Memsad rabbit hole
- Further reading
-
Asserts
- Asserts in C
- Assert for python
- JavaScript
- Positive side effects of asserts
-
Compiling
- Build system
- Use Docker
- Use Vagrant
- Compile for Linux
- Reproducible builds
- Static code analysis
- Mitigation and hardening
-
Clang
- Warnings and hardening
- Static analysis
- Dynamic code analysis
- ASAN (Address Sanitizer)
- LSAN (Leak Sanitizer)
- UBSan (Undefined Behaviour Sanitizer)
- Memory Sanitizer
- Thread Sanitizer
- Code coverage
- Fuzzing
-
JavaScript
- Retire.js
- Use a linter: ESLint
- Strict
- The JS eco system
-
Secure python programming
- Virtualenv build environment
- Unit tests
- Code Coverage
- Flake8 coding style verification
- Safety
- Bandit, static code analysis
- Pylint, stricter than flake8
- Packaging with setup.py
- Tox
- Nox
- Dependencies
- Documentation
-
Testing
- Intro
-
Testing compiled binaries
- Linux
- Windows
- Attached info
-
Flawfinder
- Finding issues
- Finding inputs
-
Cppcheck
- The Makefile
- Feature: Library verification
- Further reading
-
Testing practice
- Have testers
- What to test
- Unit tests
- Verification tests
- Performance tests
- Destructive testing
- External reviews
- Bug bounties
- Further Reading
-
Code Coverage
- GCC
-
Fuzzing
- Training project
- Fuzzing hardware
- DIY fuzzer
- Radamsa
- Dharma
- AFL American fuzzy lop
- libFuzzer
- More fuzzing tricks
- Further reading
-
Secret scanning
- Do not commit credentials and secrets
- Secret scanners
- Secret stores
-
Tools
- Intro
-
SSH
- Reasons for SSH
- Background
- Key generation
- Show (managed) keys
- Deploying keys
- Get a shell
- Execute commands
- File transfer (scp)
- SSHFS
- GIT
- SSH Tunneling
- Logs
- Telnet
- Further reading
-
GIT hardening
- Pure Git
- Github
- Getting it done
-
Thug
- Basics
- Data available in json file
-
Bolt on
- Intro
-
Anti Virus tests
- Abstract
- Methods
- Eicar
- Windows Defender
-
Antivirus Integration
- What to scan
- AMSI
- Google Safe Browsing
-
Sharing malware samples
- The reason why your software is detected as a false positive (all the time)
- Where to submit to AV companies
- Submission by Mail
- Security without borders
- Citizen Lab
- CCC
- Sucker punch
-
VirusTotal
- DIY AV testing using VirusTotal: Does not work
- Getting a feeling for a file
- Submitting samples
- Not to do: Uploading APT samples
-
Antivirus detection
- Pro detection technology
- Con detection technology
- Tips
- Choosing technology
- DIY detection
- DIY classification
-
Behaviour based classification
- Container, Virtual Machines or Bare Metal
- Networking
- Pafish
- Al-Khaser
- VMCloak
- CAPEv2 Sandbox
- Small print
- Something different: Inserting virtual machine traces into the system
-
CAPEv2
- Features
- Installation
- Links
-
Features (reporting/processing)
- Reporting modules:
- Processing modules
-
Malware Sources
- Sources for IOCs
- Exploit kits
- C&C
- Malware
- Malicious URLs
- Malicious SSL Certificates
- Phishing
- Data breaches
-
Offense
- Intro
-
Kill chain
- Basics
- OSINT (Open Source Intelligence)
- Initial access
- Persistence
- Privilege Escalation
- Sandbox Escape
- Defense Evasion
- Lateral Movement
- Collection
- Command and Control
- Exfiltration
- Recon-NG
-
Google Dork
- Basics
- SEO expertise
- Vulnerability indicators
- Defense
- Further reading
-
Beef
- Basics
- Features
- Defense
- Further reading
-
Burp suite
- Basics
- Defense
- Further reading
-
ZAP
- Basics
- Docker installation
- Experimenting
- Authentication
- Scan modes
- As a proxy
- Scripting
- CLI
- Get ZAP results
- ZAP as proxy
- Selenium
- Python requests
-
Mitmproxy
- Basics
- Local usage
- Usage with a forwarding PC (transparent proxy)
- Intercepting
- Scripting
- Certificates
- Further reading
-
Nmap
- Excluding IPs
- Finding hosts
- Finding ports
- OS detection
- Finding services
- Being noisy
- Being silent
- Scripts
- Sources
-
Appendix
-
External references and resources
- Books
- Conferences
- Blogs
- News
- Podcasts
- Magazines
- Videos
- Workshops and Training
- CTF
- Lists and bookmarks
- Glossary
-
The author
- The origin story: External brain
- Authors
- Credits
-
Changelog
- April 2023
- December 2022
- November 2022
- July 2022
- October 2021
- June 2021
- April 2021
- February 2021
- October 2020
- August 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November
- August/September/October 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- December 2018
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018, initial release
- License
-
External references and resources
- Notes
The Leanpub 60 Day 100% Happiness Guarantee
Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.
You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!
So, there's no reason not to click the Add to Cart button, is there?
See full terms...
Earn $8 on a $10 Purchase, and $16 on a $20 Purchase
We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.
(Yes, some authors have already earned much more than that on Leanpub.)
In fact, authors have earnedover $13 millionwriting, publishing and selling on Leanpub.
Learn more about writing on Leanpub
Free Updates. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.
Learn more about Leanpub's ebook formats and where to read them