Learn application security from the very start, with this comprehensive and approachable guide! Alice and Bob Learn Application Security is an accessible and thorough resource for anyone seeking to incorporate, from the beginning of the System Development Life Cycle, best security practices in software development. This book covers all the basic subjects such as threat modeling and security testing, but also dives deep into more complex and advanced topics for securing modern software systems and architectures. Throughout, the book offers analogies, stories of the characters Alice and Bob, real-life examples, technical explanations and diagrams to ensure maximum clarity of the many abstract and complicated subjects. Topics include: Secure requirements, design, coding, and deployment Security Testing (all forms) Common Pitfalls Application Security Programs Securing Modern Applications Software Developer Security Hygiene Alice and Bob Learn Application Security is perfect for aspiring application security engineers and practicing software developers, as well as software project managers, penetration testers, and chief information security officers who seek to build or improve their application security programs. Alice and Bob Learn Application Security illustrates all the included concepts with easy-to-understand examples and concrete practical applications, furthering the reader’s ability to grasp and retain the foundational and advanced topics contained within.

Appropriate for all graduate-level and upper-level courses in network or computer security. Widely regarded as the most comprehensive yet comprehensible guide to network security, the First Edition of Network Security received critical acclaim for its lucid and witty explanations of the inner workings of network security protocols. Now, in the 2nd Edition, this books exceptionally distinguished author team draws on its hard-won experience to illuminate every facet of information security, from the basics to advanced cryptography and authentication; secure Web and email services; and emerging security standards. Highlights of the books extensive coverage include Advanced Encryption Standard (AES), IPsec, SSL, X.509 and related PKI standards, and Web security. The authors go far beyond documenting standards and technology: they contrast competing schemes, explain strengths and weaknesses, and identify the crucial errors most likely to compromise secure systems.

This book contains the Proceedings of the 21st IFIP TC-11 International Information Security Conference (IFIPISEC 2006) on "Security and Privacy in Dynamic Envir- ments" held in May 22-24 2006 in Karlstad, Sweden. The first IFIPISEC conference was arranged in May 1983 in Stockholm, Sweden, one year before TC- 1 1 was founded, with the active participation of the Swedish IT Security Community. The IFIPISEC conferences have since then become the flagship events of TC-11. We are very pleased that we succeeded with our bid to after 23 years hold the IFIPISEC conference again in Sweden. The IT environment now includes novel, dynamic approaches such as mobility, wearability, ubiquity, ad hoc use, mindhody orientation, and businesslmarket ori- tation. This modem environment challenges the whole information security research community to focus on interdisciplinary and holistic approaches whilst retaining the benefit of previous research efforts. Papers offering research contributions focusing on dynamic environments in addition to other aspects of computer security and privacy were solicited for submission to IFIPISEC 2006. We received 141 submissions which were all reviewed by at least three members of the international program committee.