cpp13的博客

本资源为《软件安全技术》一书的PPT课件，共14章 机械工业出版社，2018年8月出版 第1章 软件安全概述 1．1 软件安全的重要性 【案例1】零日攻击、网络战与软件安全 【案例1思考与分析】 1．2 软件面临的安全威胁 1．2．1 软件漏洞 1．2．2 恶意代码 1．2．3 软件侵权 1．3 软件安全的概念 1．3．1 软件安全的一些定义 1．3．2 用信息安全的基本属性理解软件安全 1．3．3 软件安全相关概念辨析 1．4 软件安全的研究内容 1．4．1 软件安全是信息安全保障的重要内容 1．4．2 软件安全的主要方法和技术 1．5 思考与实践 1．6 学习目标检验 第2章 软件漏洞概述 2．1 软件漏洞的概念 2．1．1 信息安全漏洞 2．1．2 软件漏洞 2．1．3 软件漏洞成因分析 2．2 软件漏洞标准化管理 2．2．1 软件漏洞的分类 2．2．2 软件漏洞的分级 2．2．3 软件漏洞管理国际标准 2．2．4 软件漏洞管理国内标准 2．3 漏洞管控的思考 【案例2-1】白帽黑客的罪与罚 【案例2-2】阿里巴巴月饼门 【案例2-1和案例2-2思考与分析】 2．4 思考与实践 2．5 学习目标检验 第3章 Windows系统典型漏洞分析 3．1 内存漏洞 3．1．1 内存结构及缓冲区溢出 3．1．2 栈溢出漏洞及利用分析 3．1．3 堆溢出漏洞及利用分析 3．1．4 格式化字符串漏洞及利用分析 3．2 Windows安全漏洞保护分析 3．2．1 栈溢出检测选项/GS 3．2．2 数据执行保护DEP 3．2．3 地址空间布局随机化ASLR 3．2．4 安全结构化异常处理SafeSEH 3．2．5 增强缓解体验工具包EMET 【案例3】Windows安全漏洞保护技术应用 【案例3思考与分析】 3．3 思考与实践 3．4 学习目标检验 第4章 Web漏洞分析 4．1 Web基础 4．1．1 Web基本架构 4．1．2 一次Web访问过程分析 4．2 Web漏洞概述 4．3 SQL注入漏洞 4．3．1 漏洞原理及利用 4．3．2 漏洞防护的基本措施 【案例4-1】SQL注入漏洞源代码层分析 【案例4-1思考与分析】 4．4 XSS跨站脚本漏洞 …… 第5章 软件安全开发模型 第6章 软件安全需求分析 第7章 软件安全设计 第8章 软件安全编码 第9章 软件安全测试 第10章 软件安全部署 第11章 恶意代码分析基础 第12章 恶意代码防治 第13章 开源软件及其安全性 第14章 软件知识产权保护 参考文献

C编码标准：开发安全、可靠系统的规则; pdf格式；英文；CERT2016年发布

《信息安全案例教程：技术与应用》最新PPT课件（2016年8月更新） 该书由机械工业出版社2015年出版

pdf电子书 出版社: Auerbach Publications (2013年12月9日) 语种： 英语 ISBN: 1466560959 目录 Introduction The Importance and Relevance of Software Security Software Security and the Software Development Lifecycle Quality Versus Secure Code The Three Most Important SDL Security Goals Threat Modeling and Attack Surface Validation Chapter Summary―What to Expect from This Book References The Secure Development Lifecycle Overcoming Challenges in Making Software Secure Software Security Maturity Models ISO/IEC 27034―Information Technology―Security Techniques―Application Security Other Resources for SDL Best Practices SAFECode U.S. Department of Homeland Security Software Assurance Program National Institute of Standards and Technology MITRE Corporation Common Computer Vulnerabilities and Exposures SANS Institute Top Cyber Security Risks U.S. Department of Defense Cyber Security and Information Systems Information Analysis Center (CSIAC) CERT, Bugtraq, and SecurityFocus Critical Tools and Talent The Tools The Talent Principles of Least Privilege Privacy The Importance of Metrics Mapping the Security Development Lifecycle to the Software Development Lifecycle Software Development Methodologies Waterfall Development Agile Development Chapter Summary References Security Assessment (A1): SDL Activities and Best Practices Software Security Team Is Looped in Early Software Security Hosts a Discovery Meeting Software Security Team Creates an SDL Project Plan Privacy Impact Assessment (PIA) Plan Initiated Security Assessment (A1) Key Success Factors and Metrics Key Success Factors Deliverables Metrics Chapter Summary References Architecture (A2): SDL Activities and Best Practices A2 Policy Compliance Analysis SDL Policy Assessment and Scoping Threat Modeling/Architecture Security Analysis Threat Modeling Data Flow Diagrams Architectural Threat Analysis and Ranking of Threats Risk Mitigation Open-Source Selection Privacy Information Gathering and Analysis Key Success Factors and Metrics Key Success Factors Deliverables Metrics Chapter Summary References Design and Development (A3): SDL Activities and Best Practices A3 Policy Compliance Analysis Security Test Plan Composition Threat Model Updating Design Security Analysis and Review Privacy Implementation Assessment Key Success Factors and Metrics Key Success Factors Deliverables Metrics Chapter Summary References Design and Development (A4): SDL Activities and Best Practices A4 Policy Compliance Analysis Security Test Case Execution Code Review in the SDLC/SDL Process Security Analysis Tools Static Analysis Dynamic Analysis Fuzz Testing Manual Code Review Key Success Factors Deliverables Metrics Chapter Summary References Ship (A5): SDL Activities and Best Practices A5 Policy Compliance Analysis Vulnerability Scan Penetration Testing Open-Source Licensing Review Final Security Review Final Privacy Review Key Success Factors Deliverables Metrics Chapter Summary References Post-Release Support (PRSA1–5) Right-Sizing Your Software Security Group The Right Organizational Location The Right People The Right Process PRSA1: External Vulnerability Disclosure Response Post-Release PSIRT Response Post-Release Privacy Response Optimizing Post-Release Third-Party Response PRSA2: Third-Party Reviews PRSA3: Post-Release Certifications PRSA4: Internal Review for New Product Combinations or Cloud Deployments PRSA5: Security Architectural Reviews and Tool-Based Assessments of Current, Legacy, and M&A Products and Solutions Legacy Code Mergers and Acquisitions (M&As) Key Success Factors Deliverables Metrics Chapter Summary References Applying the SDL Framework to the Real World Introduction Build Software Securely Produce Secure Code Manual Code Review Static Analysis Determining the Right Activities for Each Project The Seven Determining Questions Architecture and Design Testing Functional Testing Dynamic Testing Attack and Penetration Testing Independent Testing Agile: Sprints Key Success Factors and Metrics Secure Coding Training Program Secure Coding Frameworks (APIs) Manual Code Review Independent Code Review and Testing (by Experts or Third Parties) Static Analysis Risk Assessment Methodology Integration of SDL with SDLC Development of Architecture Talent Metrics Chapter Summary References Pulling It All Together: Using the SDL to Prevent Real-World Threats Strategic, Tactical, and User-Specific Software Attacks Strategic Attacks Tactical Attacks User-Specific Attacks Overcoming Organizational and Business Challenges with a Properly Designed, Managed, and Focused SDL Software Security Organizational Realities and Leverage Overcoming SDL Audit and Regulatory Challenges with Proper Governance Management Future Predications for Software Security The Bad News The Good News Conclusion References Appendix Index

《信息安全案例教程》一书PPT课件 机械工业出版社 2015年4月出版

Managing an Information Security and Privacy Awareness and Training Program, 第2版 英文电子书 pdf格式 544页 媒体推荐 The first edition was outstanding. The new second edition is even better - an excellent textbook packed with sound advice and loads of tips to make your security awareness program pull its weight... engaging and stimulating, easy to read yet at the same time thought-provoking. ... chock-full of good ideas, not just theoretical concepts but solid practical advice that can be put to use immediately. A side effect is that there are lots of lists, tables and bullet points but they are well structured and succinctly summarize the key points. ...an excellent reference text. Extensive appendices (130 pages) include sample awareness materials and plans, a security glossary, various checklist/questionnaires and references. This is the definitive and indispensable guide for information security and privacy awareness and training professionals, worth every cent. As with the first edition, we recommend it unreservedly. -NoticeBored.com This book is remarkable because it covers in detail all the facets of providing effective security awareness training...I can, without reservation, recommend use of this book to any organization faced with the need to develop a successful training and awareness program. It surely provides everything you need to know to create a real winner. -Hal Tipton, from the Foreword Rebecca Herold has the answers in her definitive book on everything everybody needs to know about how to impart security awareness, training, and motivation. Motivation had been missing from the information security lexicon until Herold put it there in most thorough and effective ways ... She demonstrates that security must become a part of job performance rather than being in conflict with job performance... The power of this book also lies in applying real education theory, methods, and practice to teaching security awareness and training ... After reading this book, there is no question about the necessary and important roles of security awareness, training, and motivation. -Donn B. Parker, CISSP, from the Preface Rebecca Herold, an independent computer security advisor, knows privacy. Not all security consultants do. In her latest book, Managing an Information Security and Privacy Awareness and Training Program, Herold has collected her best advice. -Privacy Journal ... perfect for lay and professional audiences, this is a guide not for implementing technical necessities but for getting everybody in an organization on board. -Journal of Productive Innovation 作者简介 Rebecca Herold, LLC, Van Meter, Iowa, USA

本资源为Network Forensics: Tracking Hackers through Cyberspace 英文电子书 pdf格式 576 pages Publisher: Prentice Hall; 1 edition (June 23, 2012) Language: English 中译本《黑客大追踪：网络取证核心原理与实践》已于2014年12月电子工业出版社出版

Software Similarity and Classification 软件相似性与分类 pdf文档 96页 Springer出版，2012年

Web Application Defender's Cookbook: Battling Hackers and Protecting Users 格式：英文版pdf 页数：554 作者： (美)Ryan Barnett 《网站安全攻防秘笈：防御黑客和保护用户的100条超级策略》 目前该书的中译本已于2014-9出版 译者： 许鑫城 出版社：机械工业出版社 ISBN：9787111478034 上架时间：2014-9-26 中文目录等信息可访问http://product.china-pub.com/3804118

书名：CYBERDETERRENCE AND CYBERWAR 作者：MARTIN C. LIBICKI 中译本：兰德报告-美国如何打赢网络战争 2013年8月东方出版社出版中译本 此处资源为英文pdf，240页 序言 概述 缩略语列表 第一章 引言 目的 基本观点与内容组织 第二章 概念模型 网络空间机制 外部威胁 内部威胁 定义网络攻击 定义网络威慑 第三章 为什么网络威慑是不同的 我们知道攻击方是谁吗？ 我们有能力破坏他们的资产吗？ 我们可以重复攻击对手吗？ 如果报复未能成功威慑，那它能否至少解除对方武装？ 会有第三方加入战斗吗？ 报复会向我们自己一方传达正确的信息吗？ 我们有一个忍耐极限吗？ .我们能阻止冲突升级吗？ 如果攻击方没有什么值得攻击的资产怎么办？ 不过网络空间中报复的意愿更可信 优秀的防御能力能够进一步增强威慑的可信性 第四章 为什么初始网络攻击的目的很重要 错误 施压 武力 其他 启示 第五章 反应策略 目标放应该曝光网络攻击事件吗？ 应该何时公布溯源的结果？ 网络报复应该是显而易见的吗？ 报复行动是“迟做总比不做好”吗？ 对别国政府容忍的自由黑客进行报复 对cne进行的报复情况如何？ 威慑政策可以扩展到盟国吗？ 网络威慑政策应该挑明吗？ 漠视策略能够挫败攻击方的战略吗？ 报复之外的应对方法 攻击方视角 发出停火信号 第六章 战略网络战 网络战的目的 网络战的合理性 网络战的局限性 网络战的管理 以战防战 保留二次进攻的能力 秘密网络战？ 政府在防御网络战时的角色 管理网络战的效果 结束网络战 结论 第七章 战术网络战 把网络战用作晴天霹雳 向网络中心站泼冷水 袭击民用目标 对战争中网络战的组织 结论 第八章 网络防御 网络防御的目标 体系结构 政策 策略 操作 总结 第九章 情况复杂 附录a 网络空间内战争行为由何组成？ 附录b 明示型威慑与默示型威慑之间的对比计算 附录c 网络军备控制的暗淡前景 致谢

电子书pdf格式 Many networked computer systems are far too vulnerable to cyber attacks that can inhibit their functioning, corrupt important data, or expose private information. Not surprisingly, the field of cyber-based systems is a fertile ground where many tasks can be formulated as learning problems and approached in terms of machine learning algorithms. This book contains original materials by leading researchers in the area and covers applications of different machine learning methods in the reliability, security, performance, and privacy issues of cyber space. It enables readers to discover what types of learning methods are at their disposal, summarizing the state-of-the-practice in this significant area, and giving a classification of existing work.Those working in the field of cyber-based systems, including industrial managers, researchers, engineers, and graduate and senior undergraduate students will find this an indispensable guide in creating systems resistant to and tolerant of cyber attacks.

英文pdf，645页, 22M 中文名: 深入解析Windows操作系统 (第6版, Part 2) 原名: Windows Internals: Covering Windows Server 2008 R2 and Windows 7, 6th Edition 作者: Mark E. Russinovich David A. Solomon Alex Ionescu 图书分类: 软件 资源格式: PDF

iOS Forensic Analysis: for iPhone, iPad and iPod Touch 本资源为英文pdf；372 pages Publisher: Apress; 1 edition (December 27, 2010) 中译本《iOS取证分析》2012-8由 电子工业出版社出版 主要内容： How to respond to security incidents involving iOS devices How to acquire and analyze data on iOS devices such as iPhone and iPad How to analyze media exploitation on iOS devices

英文pdf，730页, 25M Windows Internals: Covering Windows Server 2008 R2 and Windows 7, Part 1, 6th Edition 深入解析Windows操作系统 (第6版, Part 1) 第6版分两卷出版，第1卷2012-3出版 作者: Mark E. Russinovich，David A. Solomon，Alex Ionescu 第1卷内容： CHAPTER 1 Concepts and Tools 1 CHAPTER 2 System Architecture 33 CHAPTER 3 System Mechanisms 79 CHAPTER 4 Management Mechanisms 277 CHAPTER 5 Processes, Threads, and Jobs 359 CHAPTER 6 Security 487 CHAPTER 7 Networking 591

计算机网络安全概论 作　　者：(美)Joseph Migga Kizza（约瑟夫 米伽 克扎） 译　　者：陈向阳;胡征兵;王海晖 出版日期：2012-6-1 出 版 社：电子工业出版社 ISBN：9787121152207 定 价：￥45.00

Jonathan Zdziarski作品 Hacking and Securing Ios Applications电子书

本电子资源是《Professional Iphone and Ipad Application Development》英文pdf 2011年Wrox出版 该书中译本《iPhone & iPad高级编程》2012年1月出版 译者： 岳红 凌冲 出版社：清华大学出版社 ISBN：9787302274452

Security Engineering: A Guide to Building Dependable Distributed Systems, Second Edition 出版社： Wiley 总页数：1082页 作者： (英)Ross Anderson 2012年1月清华大学出版社 中译本 译者： 齐宁 韩智文 刘国萍 试读前三章下载：http://product.china-pub.com/194722#xgzy

CISSP认证考试指南（第4版）中文电子书 科学出版社，2009年出版

感谢觉先，大家经常去其博客看看http://www.cnblogs.com/forfuture1978/archive/2010/06/13/1757479.html

精通正则表达式（第3版）中文pdf版.(美)Jeffrey.E.F.Friedl.part3

[精通正则表达式（第3版）]中文pdf版.(美)Jeffrey.E.F.Friedl.part2

精通正则表达式（第3版）]中文pdf版.(美)Jeffrey.E.F.Friedl.part1

图书《WINDOWS VISTA官方攻略》电子版1-10章 介绍了Vista的基本使用技巧

《计算机系统安全原理与技术(第2版)》 机械工业出版社 2009年出版