Email the Author
You can use this page to email Mohammadreza Rashidi and Saeedeh Zeinali about Practical Application Security.
About the Book
A Book About more +15 Vulnerability Type Attack & Defence and Tutorial About Software Security Tools and Appliance.
Security is essential.
We use a little bit of cryptography, add some firewalls and passwords – done! In theory… When we started work in the field of security , We met many people who thought they could easily secure their applications. They used certain ingredients of security measures and applied them to whatever problem they had. Even worse: sometimes they didn’t use existing ingredients, but build their own – making the same errors made in hundreds of previous projects.
And practice proved them wrong: security was never simple – there’s always at least one loophole. There’s always an unexpected side-effect. There’s always something that you miss if you are not an expert. Front page news regularly proves that we obviously never learn.
Key reasons for insecure applications are:
Lack of time( due to aggressive deadlines )
Lack of knowledge ( IT experts are usually not security experts Lack of priorities )
functionality and performance usually come top That’s why we are literally doomed to failure.
Hackers can attack a system, steal or change data and leave without a trace. Sometimes the victim doesn’t even know that something really bad happened until his new designs are somehow copied by a competitor, or supposedly protected customer data is published on public web sites or a journalist gets a hint of a fantastic new story. Even worse, modern applications are becoming more and more complex – think of recent trends like mobility and cloud computing. Borders disappear and the means of protecting known areas is difficult. In traditional engineering we have hundreds of years of knowledge that has evolved over time. We know how to build bridges that survive rain, wind and earthquakes. We know how to build solid cars that give you a good chance of surviving a crash. We know of proven solutions to problems in specific contexts. Written down, these are called a patterns, paradigms that have also been applied to software engineering for quite some time. Towards the end of the 1990s we saw work on patterns that were dedicated to security problems. The pattern community came together and collected the work in progress, resulting in one of the first comprehensive security pattern collections, which captured security expertise for getting it done the right way. It was obvious that the work was not completed by the publication of a few books. Besides mining additional knowledge and writing more patterns, an interesting question is how to apply them effectively. Both of these issues are answered with this book ,The most up-to-date guide for software engineers who want to understand how to build reliable applications. It provides guidance for applying the captured expertise of security pattern in your day-to-day work.
Security is still not easy, but it is much easier when you understand the benefits, liabilities and dependencies of specific solutions.
