LibCat » Книги » Приключения » unrecognised » John Jackson - Corporate Cybersecurity

John Jackson - Corporate Cybersecurity

Здесь есть возможность читать онлайн «John Jackson - Corporate Cybersecurity» — ознакомительный отрывок электронной книги совершенно бесплатно, а после прочтения отрывка купить полную версию. В некоторых случаях можно слушать аудио, скачать через торрент в формате fb2 и присутствует краткое содержание. Жанр: unrecognised, на английском языке. Описание произведения, (предисловие) а так же отзывы посетителей доступны на портале библиотеки ЛибКат.

Читать книгу

Название:
Corporate Cybersecurity
Автор:
John Jackson
Жанр:
unrecognised / на английском языке
Год:
неизвестен
ISBN:
нет данных
Рейтинг книги:
4 / 5. Голосов: 1
Избранное:

Добавить в избранное
Отзывы:
Написать комментарий
Ваша оценка:
- 80
- 1
- 2
- 3
- 4
- 5

Corporate Cybersecurity: краткое содержание, описание и аннотация

Предлагаем к чтению аннотацию, описание, краткое содержание или предисловие (зависит от того, что написал сам автор книги «Corporate Cybersecurity»). Если вы не нашли необходимую информацию о книге — напишите в комментариях, мы постараемся отыскать её.

An insider’s guide showing companies how to spot and remedy vulnerabilities in their security programs A bug bounty program is offered by organizations for people to receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.
gives cyber and application security engineers (who may have little or no experience with a bounty program) a hands-on guide for creating or managing an effective bug bounty program. Written by a cyber security expert, the book is filled with the information, guidelines, and tools that engineers can adopt to sharpen their skills and become knowledgeable in researching, configuring, and managing bug bounty programs.
This book addresses the technical aspect of tooling and managing a bug bounty program and discusses common issues that engineers may run into on a daily basis. The author includes information on the often-overlooked communication and follow-through approaches of effective management.
provides a much-needed resource on how companies identify and solve weaknesses in their security program. This important book:
Contains a much-needed guide aimed at cyber and application security engineers Presents a unique defensive guide for understanding and resolving security vulnerabilities Encourages research, configuring, and managing programs from the corporate perspective Topics covered include bug bounty overview; program set-up; vulnerability reports and disclosure; development and application Security Collaboration; understanding safe harbor and SLA Written for professionals working in the application and cyber security arena,
offers a comprehensive resource for building and maintaining an effective bug bounty program.

Corporate Cybersecurity — читать онлайн ознакомительный отрывок

Ниже представлен текст книги, разбитый по страницам. Система сохранения места последней прочитанной страницы, позволяет с удобством читать онлайн бесплатно книгу «Corporate Cybersecurity», без необходимости каждый раз заново искать на чём Вы остановились. Поставьте закладку, и сможете в любой момент перейти на страницу, на которой закончили чтение.

Тёмная тема

Шрифт:

↓

↑

Сбросить

Интервал:

↓

↑

Закладка:

Сделать

2 Chapter 11Figure 11.1 Shodan Browser Search.Figure 11.2 Shodan Search Bar.Figure 11.3 Generating Results.Figure 11.4 Shodan Asset Analysis.Figure 11.5 Shodan Services Analysis.Figure 11.6 Google Search Results.Figure 11.7 Amass Scanning for Subdomains.Figure 11.8 Subdomains in Nano.Figure 11.9 Subdomain Enumeration with crt.sh.Figure 11.10 nmapAutomator Scanning Information.Figure 11.11 nmapAutomator Performing Full Scan of Asset.Figure 11.12 nmapAutomator Results.Figure 11.13 Sn1per Running Metasploit Modules.Figure 11.14 Sn1per Running Nmap Scripts.Figure 11.15 Setting up an Automated Scan in OWASP ZAP.Figure 11.16 OWASP ZAP Scan Results.Figure 11.17 OWASP ZAP Potential Vulnerability Result.Figure 11.18 XSS Attack Performed.Figure 11.19 Dalfox Available Command.Figure 11.20 Dalfox Identifying an XSS Instance.Figure 11.21 XSS Attack.Figure 11.22 Dirsearch Finding Folders.

Guide

1 Cover

2 Title page Corporate Cybersecurity Identifying Risks and the Bug Bounty Program John Jackson

3 Copyright

4 Table of Contents

5 Foreword

6 Acknowledgments

7 Begin Reading

8 Index

9 End User License Agreement

Pages

1 i

2 ii

3 iii

4 iv

5 v

6 vi

7 vii

8 viii

9 ix

10 x

11 xi

12 xii

13 xiii

14 xiv

15 xv

16 1

17 2

18 3

19 4

20 5

21 6

22 7

23 8

24 9

25 10

26 11

27 12

28 13

29 14

30 15

31 16

32 17

33 18

34 19

35 20

36 21

37 22

38 23

39 24

40 25

41 26

42 27

43 28

44 29

45 30

46 31

47 32

48 33

49 34

50 35

51 36

52 37

53 38

54 39

55 40

56 41

57 42

58 43

59 44

60 45

61 46

62 47

63 48

64 49

65 50

66 51

67 52

68 53

69 54

70 55

71 56

72 57

73 58

74 59

75 60

76 61

77 62

78 63

79 64

80 65

81 66

82 67

83 68

84 69

85 70

86 71

87 72

88 73

89 74

90 75

91 76

92 77

93 78

94 79

95 80

96 81

97 82

98 83

99 84

100 85

101 86

102 87

103 88

104 89

105 90

106 91

107 92

108 93

109 94

110 95

111 96

112 97

113 98

114 99

115 100

116 101

117 102

118 103

119 104

120 105

121 106

122 107

123 108

124 109

125 110

126 111

127 112

128 113

129 114

130 115

131 116

132 117

133 118

134 119

135 120

136 121

137 122

138 123

139 124

140 125

141 126

142 127

143 128

144 129

145 130

146 131

147 132

148 133

149 134

150 135

151 136

152 137

153 138

154 139

155 140

156 141

157 142

158 143

159 144

160 145

161 146

162 147

163 148

164 149

165 150

166 151

167 152

168 153

169 154

170 155

171 156

172 157

173 158

174 159

175 160

176 161

177 162

178 163

179 164

180 165

181 166

182 167

183 168

184 169

185 170

186 171

187 172

188 173

189 174

190 175

191 176

192 177

193 178

194 179

195 180

196 181

197 182

198 183

199 184

200 185

201 186

202 187

203 188

204 189

205 190

206 191

207 192

208 193

209 194

210 195

211 196

212 197

213 198

214 199

215 200

Foreword

It’s safe to say that information security and the industry surrounding it has exploded into a massive, constantly growing sector around the world. Like many other professions within technology, the main attribute which has secured many organizations success (or failure) in maintaining their relevance has been their ability to adapt. In the case of security, we are constantly adapting to methods used by malicious actors with the hopes of becoming as secure as possible – with the goal of identifying (and remediating) vulnerabilities prior to an attack.

As security professionals we understand that it isn’t a matter of if an event happens, but when . Although nothing can be completely secure, it’s our job to work towards obtaining a level of maturity within our security programs that are proactive against potential threats. Although zero days will always exist, it’s our job to stay up to date and as protected as possible, which can be very costly, especially for many organizations that don’t fully understand security and (in many situations) are hesitant to move forward with a proper budget for what is needed to enable adequate professionally accepted levels of protection.

Information security, or cybersecurity, is still in its infancy. This may be a shocking statement to someone who doesn’t work within the industry; it is, however, accurate. Only recently have many universities begun offering degrees in the field of cybersecurity. Many pieces of software that would be considered a “must have” for a company’s defense in depth weren’t in existence just a couple of short years ago.

Many professionals in the industry have moved to their positions as security specialists after previously working in general information technology. I have worked with many organizations, in both the private and the public sectors, and at this point in time, from what I’ve witnessed, a very small fraction of security professionals have been formally educated in security, and rely heavily on certifications to prove their understanding of the field. This is a blessing for those who need to obtain credentials quickly without the slow drag of the many years of college, but also is a curse for those with certifications but little real world experience. An overwhelming number of professionals are learning on the job, which can be daunting given the fact that many organizations are looking to increase their maturity as quickly as possible.

There are many gears turning in a proper security program. There’s an overall lack of understanding of security by those outside of the security team, so one of the most prominent procedures by security professionals is to understand how to assign tasks to thelimited resources they have while properly managing a security program that grows in maturity on a constant basis. All in a world where new vulnerabilities can be found daily.

It’s no secret that software security and web application security are fast-growing segments within the field of cybersecurity. Every organization has a web presence. Every organization uses software. Individuals also use software and web applications in their daily lives, assets which hold personally identifiable information, and whose contents can greatly range in sensitivity.

Although identifying vulnerabilities through continuous testing is a powerful activity, many organizations don’t have the resources or budget to consider it as an option. In search for a remedy to this situation, I have seen many explore the option of creating or joining a bug bounty program, albeit reasons for considering such a program are not limited to such issues. This can clearly be seen in large organizations’ involvement with their own bug bounty programs. It’s quickly becoming a standard for many large companies to have a bug bounty program, either in house or through a third party.