ebook img

Hackable: How to Do Application Security Right PDF

288 Pages·2020·3.6 MB·english
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Hackable: How to Do Application Security Right

HACKABLE HOW TO DO APPLICATION SECURITY RIGHT TED HARRINGTON ��������� © 2020 ��� ���������� All rights reserved. �������� How to Do Application Security Right ���� 978-1-5445-1767-4 Hardcover ���� 978-1-5445-1766-7 Paperback ���� 978-1-5445-1765-0 Ebook To Mom and Dad, for inspiring me to serve others. This book is a result of that ethos. CONTENTS Introduction: Why Secure Your App? Why you need security and how this book will help you do it right. 1. Start with the Right Mindset and the Right Partner Why you should constantly seek improvement. How to think like a hacker. How to multiply impact by combining in-house personnel with external experts. 2. Choose the Right Assessment Methodology How to choose between white-box and black-box. Why to share information rather than limit it. 3. Get the Right Security Testing How to tell the difference between penetration testing, vulnerability scanning, vulnerability assessments, and bug bounty programs (and pick what’s best for you). 4. Hack Your System How to break your system, including what it means to abuse functionality, chain exploits, and seek the unknown unknowns. 5. Fix Your Vulnerabilities How to fix your vulnerabilities in three phases: prioritize, remediate, and verify. 6. Hack It Again How to keep your application secure over time (and how to ensure reassessments are less expensive and more effective, too). 7. Spend Wisely How to determine how much money (and effort) to spend on security. 8. Establish Your Threat Model How to determine what to protect, whom to defend against, and where you’ll be attacked. 9. Build Security In How to do security sooner, better, and more cost-effectively without slowing down development. 10. Win Sales How to gain a competitive advantage and turn it all into sales. Conclusion: Go Win How to take action. Acknowledgments About the Author Glossary Bibliography Notes To those who seek excellence: this book is for you. You are not alone. INTRODUCTION WHY SECURE YOUR APP? LIE Security is a headache. TRUTH Security is a competitive advantage. You’re at the beach. You pick up a grain of sand and then toss it back. Later, your friend goes to the same beach and picks up a grain of sand. What are the chances that it’s the same one you picked up? Pretty unlikely, right? Now multiply that by every beach on earth. And multiply that by a gazillion earths. That’s what cryptographers might call “statistical improbability.” It gives you a sense of how unlikely it is that anyone— human or machine—could guess the private key that secures a cryptocurrency wallet.1 Keys simply can’t be predicted. Or can they? Well, we did. A bunch of times, in fact. We published security research on Ethereum wallets that discovered a flaw in how the software provisions private keys. The flaw enabled us to successfully predict 732 of them.2 That’s like picking up your exact grain of sand 732 times! It shouldn’t be possible once, let alone hundreds of times! A crucial component of what keeps cryptocurrency wallets secure is the statistical improbability that anyone could guess the private key. Weak keys mean that wallets—and all the currency in them—are vulnerable. If

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.