Human factors and usability issues have traditionally played a limited role in security research and secure systems development. Security experts have largely ignored usability issues--both because they often failed to recognize the importance of human factors and because they lacked the expertise to address them. But there is a growing recognition that today's security problems can be solved only by addressing issues of usability and human factors. Increasingly, well-publicized security breaches are attributed to human errors that might have been prevented through more usable software. Indeed, the world's future cyber-security depends upon the deployment of security technology that can be broadly used by untrained computer users. Still, many people believe there is an inherent tradeoff between computer security and usability. It's true that a computer without passwords is usable, but not very secure. A computer that makes you authenticate every five minutes with a password and a fresh drop of blood might be very secure, but nobody would use it. Clearly, people need computers, and if they can't use one that's secure, they'll use one that isn't. Unfortunately, unsecured systems aren't usable for long, either. They get hacked, compromised, and otherwise rendered useless. There is increasing agreement that we need to design secure systems that people can actually use, but less agreement about how to reach this goal. Security & Usability is the first book-length work describing the current state of the art in this emerging field. Edited by security experts Dr. Lorrie Faith Cranor and Dr. Simson Garfinkel, and authored by cutting-edge security and human-computer interaction (HCI) researchers world-wide, this volume is expected to become both a classic reference and an inspiration for future research. Security & Usability groups 34 essays into six parts: Realigning Usability and Security---with careful attention to user-centered design principles, security and usability can be synergistic. Authentication Mechanisms-- techniques for identifying and authenticating computer users. Secure Systems--how system software can deliver or destroy a secure user experience. Privacy and Anonymity Systems--methods for allowing people to control the release of personal information. Commercializing Usability: The Vendor Perspective--specific experiences of security and software vendors (e.g., IBM, Microsoft, Lotus, Firefox, and Zone Labs) in addressing usability. The Classics--groundbreaking papers that sparked the field of security and usability. This book is expected to start an avalanche of discussion, new ideas, and further advances in this important field.
35.95 USD

This is the eBook version of the printed book. The First Expert Guide to Static Analysis for Software Security!   Creating secure code requires more than just good intentions. Programmers need to know that their code will be safe in an almost infinite number of scenarios and configurations. Static source code analysis gives users the ability to review their work with a fine-toothed comb and uncover the kinds of errors that lead directly to security vulnerabilities. Now, there’s a complete guide to static analysis: how it works, how to integrate it into the software development processes, and how to make the most of it during security code review. Static analysis experts Brian Chess and Jacob West look at the most common types of security defects that occur today. They illustrate main points using Java and C code examples taken from real-world security incidents, showing how coding errors are exploited, how they could have been prevented, and how static analysis can rapidly uncover similar mistakes. This book is for everyone concerned with building more secure software: developers, security engineers, analysts, and testers.   Coverage includes:   Why conventional bug-catching often misses security problems How static analysis can help programmers get security right The critical attributes and algorithms that make or break a static analysis tool 36 techniques for making static analysis more effective on your code More than 70 types of serious security vulnerabilities, with specific solutions Example vulnerabilities from Firefox, OpenSSH, MySpace, eTrade, Apache httpd, and many more Techniques for handling untrusted input Eliminating buffer overflows: tactical and strategic approaches Avoiding errors specific to Web applications, Web services, and Ajax Security-aware logging, debugging, and error/exception handling Creating, maintaining, and sharing secrets and confidential information Detailed tutorials that walk you through the static analysis process   “We designed Java so that it could be analyzed statically. This book shows you how to apply advanced static analysis techniques to create more secure, more reliable software.” – Bill Joy, Co-founder of Sun Microsystems, co-inventor of the Java programming language   “'Secure Programming with Static Analysis' is a great primer on static analysis for security-minded developers and security practitioners. Well-written, easy to read, tells you what you need to know.” – David Wagner, Associate Professor, University of California Berkeley   “Software developers are the first and best line of defense for the security of their code. This book gives them the security development knowledge and the tools they need in order to eliminate vulnerabilities before they move into the final products that can be exploited.&rdq
47.99 USD

Human factors and usability issues have traditionally played a limited role in security research and secure systems development. Security experts have largely ignored usability issues--both because they often failed to recognize the importance of human factors and because they lacked the expertise to address them. But there is a growing recognition that today's security problems can be solved only by addressing issues of usability and human factors. Increasingly, well-publicized security breaches are attributed to human errors that might have been prevented through more usable software. Indeed, the world's future cyber-security depends upon the deployment of security technology that can be broadly used by untrained computer users. Still, many people believe there is an inherent tradeoff between computer security and usability. It's true that a computer without passwords is usable, but not very secure. A computer that makes you authenticate every five minutes with a password and a fresh drop of blood might be very secure, but nobody would use it. Clearly, people need computers, and if they can't use one that's secure, they'll use one that isn't. Unfortunately, unsecured systems aren't usable for long, either. They get hacked, compromised, and otherwise rendered useless. There is increasing agreement that we need to design secure systems that people can actually use, but less agreement about how to reach this goal. Security & Usability is the first book-length work describing the current state of the art in this emerging field. Edited by security experts Dr. Lorrie Faith Cranor and Dr. Simson Garfinkel, and authored by cutting-edge security and human-computer interaction (HCI) researchers world-wide, this volume is expected to become both a classic reference and an inspiration for future research. Security & Usability groups 34 essays into six parts: Realigning Usability and Security---with careful attention to user-centered design principles, security and usability can be synergistic. Authentication Mechanisms-- techniques for identifying and authenticating computer users. Secure Systems--how system software can deliver or destroy a secure user experience. Privacy and Anonymity Systems--methods for allowing people to control the release of personal information. Commercializing Usability: The Vendor Perspective--specific experiences of security and software vendors (e.g., IBM, Microsoft, Lotus, Firefox, and Zone Labs) in addressing usability. The Classics--groundbreaking papers that sparked the field of security and usability. This book is expected to start an avalanche of discussion, new ideas, and further advances in this important field.
24.99 USD

Thoroughly updated to reflect the most current developments in language design and implementation, the second edition *Addresses key developments in programming language design: + Finalized C99 standard + Java 5 + C# 2.0 + Java concurrency package (JSR 166) and comparable mechanisms in C# + Java and C# generics *Introduces and discusses scripting languages throughout the book and in an entire new chapter that covers: + Application domains: shell languages, text processing and report generation, mathematics and statistics, glue languages and general purpose scripting, extension languages, scripting the World Wide Web + Design concepts: names and scopes, string and pattern manipulation, high level data types, object orientation + Major languages: Perl, PHP, Tcl/Tk, Python, Ruby, JavaScript, XLST *Updates many sections and topics: + iterators + exceptions + polymorphism + templates/generics + scope rules and declaration ordering + separate compilation + garbage collection + threads and synchronization New pedagogical features Design & Implementation boxes + Highlight the interplay between language design and language implementation Test Your Understanding review questions + Help students assess their understanding of key points of a section In More Depth CD supplements + Present more advanced or peripheral material for students who would like to extend their knowledge Explorations + Provide students with additional exercises that are open-ended, research-type activities New reference features + Over 900 numbered and titled examples help the student to quickly cross-reference and access content for initial study and later review. + Indices (in the printed text) for both the Design and Implementation boxes and the numbered examples. + CD search engine for both the printed text and the supplemental sections. + Live links on the CD to Web-based language tutorials, reference manuals, and compilers and interpreters. On the CD + In More Depth sections and sub-sections that are introduced in the book and presented on the CD + In More Depth Exercises and Explorations for students wanting additional challenges + Links to Web-based language reference manuals and tutorials + Links to Web-based compilers and interpreters + Text files containing the code fragments featured as examples in the book + Search engine to search both the main text and the CD-only content CD System Requirements PDF Viewer The CD material includes PDF documents that you can read with a PDF viewer such as Adobe, Acrobat or Adobe Reader. Recent versions of Adobe Reader for some platforms are included on the CD. HTML Browser The navigation framework on this CD is delivered in HTML and JavaScript. It is recommended that you install the latest version of your favorite HTML browser to view this CD. The content has been verified under Windows XP with the following browsers: Internet Explorer 6.0, Firefox 1.5; under Mac OS X (Panther) with the
74.95 USD

This is the eBook version of the printed book. Supercharge Your Sites with Ajax Right Now...No Scripting Expertise Needed! You’ve heard how great Ajax is--how it can help make your Web sites more usable, more interactive, more responsive, more successful. Ajax Construction Kit lets you put Ajax to work right now, even if you’ve never written a script! Just learn a few essentials, check out a few examples, then run the live CD and discover all the plug-and-play code you need to hit the ground running. Ajax Construction Kit ’s built-in applications work right out of the box. And with easy guidance from Michael Morrison, you’ll gradually deepen your understanding--learn how to customize, extend, and reuse these applications---and even build skills for creating new ones. Walk away an expert.   Use Ajax Construction Kit ’s ten complete applications to Dynamically load Web data Dynamically populate lists Tap into RSS news feeds Use AutoComplete to reduce input errors Create more responsive GUIs with real-time validation Build a killer interface for viewing images Present information or advertising with slick pop-ups Provide an up-to-the-minute weather forecast Build an e-commerce product shipping calculator Add ratings tools to your site And more...   CD-ROM Includes Your complete Ajax projects: Run the Ajax projects (HTML, JavaScript, and PHP source code) that are included on the CD from your Windows, Mac OS X, or Linux system. Your complete Ajax environment: Boot the CD as an Ubuntu Linux live CD to immediately begin working with the Ajax projects (no setup required). Ready-to-run tools on the CD include the XAMPP Web server, Firefox Web browser, and Bluefish HTML editor. System Requirements: Platform: Windows, Linux, Mac (OS X or higher) Processor: Intel-based processor (Pentium or higher) Memory: 128 MB RAM or more Disk space: None required; USB thumb drive optional to store data Optical drive: CD reader Negus Live Linux Series Your Practical, Hands-On Guides to Getting Real Results with Free Software Add the free software and examples from the book’s CD to your Windows, Mac OS X, or Linux system to follow along with the projects described in the book. Or boot the CD directly to use a complete, prepackaged set of free software tools to play, display, and modify those projects. Start as a novice, by trying out examples...and finish with professional Ajax-enabled Web content!   SERIES EDITOR CHRISTOPHER NEGUS is the bestselling author of the Red Hat Linux Bible series, Linux Toys series, and this series’ flagship title, Linux Live CDs .  
31.99 USD