The book discusses the security and privacy issues detected during penetration testing, security assessments, configuration reviews, malware analysis, and independent research of the cloud infrastructure and Software-as-a-Service (SaaS) applications. The book highlights hands-on technical approaches on how to detect the security issues based on the intelligence gathered from the real world case studies and also discusses the recommendations to fix the security issues effectively. This book is not about general theoretical discussion rather emphasis is laid on the cloud security concepts and how to assess and fix them practically.

The second edition of the book has been updated with the latest research and developments in the field of cloud security. The content has been refined and streamlined to make it more accessible and engaging for readers. The book is designed for security and risk assessment professionals, DevOps engineers, penetration testers, cloud security engineers, and cloud software developers who are interested in learning practical approaches to cloud security. It covers practical strategies for assessing the security and privacy of your cloud infrastructure and applications and shows how to make your cloud infrastructure secure to combat threats, attacks, and prevent data breaches. The chapters are designed with a granular framework, starting with the security concepts, followed by hands-on assessment techniques based on real-world studies, and concluding with recommendations including best practices. FEATURES: Updated with the latest research and developments in the field of cloud security Includes practical strategies for assessing the security and privacy of your cloud infrastructure and applications Covers topics such as cloud architecture and security fundamentals, database and storage security, data privacy, security and risk assessments, controls related to continuous monitoring, and more Presents new case studies revealing how threat actors abuse and exploit cloud environments to spread malware and includes preventative measures

Cyber-crime increasingly impacts both the online and offline world, and targeted attacks play a significant role in disrupting services in both. Targeted attacks are those that are aimed at a particular individual, group, or type of site or service. Unlike worms and viruses that usually attack indiscriminately, targeted attacks involve intelligence-gathering and planning to a degree that drastically changes its profile. Individuals, corporations, and even governments are facing new threats from targeted attacks. Targeted Cyber Attacks examines real-world examples of directed attacks and provides insight into what techniques and resources are used to stage these attacks so that you can counter them more effectively. - A well-structured introduction into the world of targeted cyber-attacks - Includes analysis of real-world attacks - Written by cyber-security researchers and experts

See how privileges, insecure passwords, administrative rights, and remote access can be combined as an attack vector to breach any organization. Cyber attacks continue to increase in volume and sophistication. It is not a matter of if, but when, your organization will be breached. Threat actors target the path of least resistance: users and their privileges. In decades past, an entire enterprise might be sufficiently managed through just a handful of credentials. Today’s environmental complexity has seen an explosion of privileged credentials for many different account types such as domain and local administrators, operating systems (Windows, Unix, Linux, macOS, etc.), directory services, databases, applications, cloud instances, networking hardware, Internet of Things (IoT), social media, and so many more. When unmanaged, these privileged credentials pose a significant threat from external hackers and insider threats. We are experiencing an expanding universe of privileged accounts almost everywhere. There is no one solution or strategy to provide the protection you need against all vectors and stages of an attack. And while some new and innovative products will help protect against or detect against a privilege attack, they are not guaranteed to stop 100% of malicious activity. The volume and frequency of privilege-based attacks continues to increase and test the limits of existing security controls and solution implementations. Privileged Attack Vectors details the risks associated with poor privilege management, the techniques that threat actors leverage, and the defensive measures that organizations should adopt to protect against an incident, protect against lateral movement, and improve the ability to detect malicious activity due to the inappropriate usage of privileged credentials. This revised and expanded second edition covers new attack vectors, has updated definitions for privileged access management (PAM), new strategies for defense, tested empirical steps for a successful implementation, and includes new disciplines for least privilege endpoint management and privileged remote access. What You Will Learn Know how identities, accounts, credentials, passwords, and exploits can be leveraged to escalate privileges during an attack Implement defensive and monitoring strategies to mitigate privilege threats and risk Understand a 10-step universal privilege management implementation plan to guide you through a successful privilege access management journeyDevelop a comprehensive model for documenting risk, compliance, and reporting based on privilege session activity Who This Book Is For Security management professionals, new security professionals, and auditors looking to understand and solve privilege access management problems

With the immense amount of data that is now available online, security concerns have been an issue from the start, and have grown as new technologies are increasingly integrated in data collection, storage, and transmission. Online cyber threats, cyber terrorism, hacking, and other cybercrimes have begun to take advantage of this information that can be easily accessed if not properly handled. New privacy and security measures have been developed to address this cause for concern and have become an essential area of research within the past few years and into the foreseeable future. The ways in which data is secured and privatized should be discussed in terms of the technologies being used, the methods and models for security that have been developed, and the ways in which risks can be detected, analyzed, and mitigated. The Research Anthology on Privatizing and Securing Data reveals the latest tools and technologies for privatizing and securing data across different technologies and industries. It takes a deeper dive into both risk detection and mitigation, including an analysis of cybercrimes and cyber threats, along with a sharper focus on the technologies and methods being actively implemented and utilized to secure data online. Highlighted topics include information governance and privacy, cybersecurity, data protection, challenges in big data, security threats, and more. This book is essential for data analysts, cybersecurity professionals, data scientists, security analysts, IT specialists, practitioners, researchers, academicians, and students interested in the latest trends and technologies for privatizing and securing data.

This book is an exploration of the best strategies for implementation of IoT security. As IoT is a new technology, not much has been done to determine the best and final solution to IoT security challenges. However, this book guides you on the best mechanisms for ensuring that your IoT systems are kept secure. The threats to IoT security in most organizations are discussed. You are then guided on how to deal with each of these challenges. You will also learn the constraints which you have to adhere to whenever you are implementing IoT security. API management is one of the key approaches to implementation and ensuring that there is IoT security. This book guides you on the best strategies for management of APIs so as to ensure that the IoT systems are well secured. Authentication of the electronic devices used in IoT is also a good mechanism for the implementation of IoT security. This is explored in detail. Secure boot, which forms the root of trust in IoT security is also examined in this book. Public key cryptography, which is good for encryption of data in transit, is also discussed. The following topics are explored in this book: - A Brief Overview of IoT Security - Threats, Challenges, and Constraints in IoT Security - APIs in IoT - Authentication in IOT - Best Strategy for Securing IoT - Secure Boot - Public Key Cryptography

A top-level security guru for both eBay and PayPal and a best-selling information systems security author show how to design and develop secure Web commerce systems. Whether it's online banking or ordering merchandise using your cell phone, the world of online commerce requires a high degree of security to protect you during transactions. This book not only explores all critical security issues associated with both e-commerce and mobile commerce (m-commerce), it is also a technical manual for how to create a secure system. Covering all the technical bases, this book provides the detail that developers, system architects, and system integrators need to design and implement secure, user-friendly, online commerce systems. Co-authored by Hadi Nahari, one of the world’s most renowned experts in Web commerce security; he is currently the Principal Security, Mobile and DevicesArchitect at eBay, focusing on the architecture and implementation of eBay and PayPal mobile Co-authored by Dr. Ronald Krutz; information system security lecturer and co-author of the best-selling Wiley CISSP Prep Guide Series Shows how to architect and implement user-friendly security for e-commerce and especially, mobile commerce Covers the fundamentals of designing infrastructures with high availability, large transactional capacity, and scalability Includes topics such as understanding payment technologies and how to identify weak security, and how to augment it. Get the essential information you need on Web commerce security—as well as actual design techniques—in this expert guide.