Review: Practical Vulnerability Management: A Strategic Approach to Managing Cyber Risk

review practical vulnerability management

Andrew Magnusson started his information security career 20 years ago and he decided to offer the knowledge he accumulated through this book, to help the reader eliminate security weaknesses and threats within their system.

As he points out in the introduction, bugs are everywhere, but there are actions and processes the reader can apply to eliminate or at least mitigate the associated risks.

The author starts off by explaining vulnerability management basics, the importance of knowing your network and the process of collecting and analyzing data.

He explains the importance of a vulnerability scanner and why it is essential to configure and deploy it correctly, since it gives valuable infromation to successfully complete a vulnerabilty management process.

The next step is to automate the processes, which prioritizes vulnerabilities and gives time to work on more severe issues, consequently boosting an organization’s security posture.

Finally, it is time to decide what to do with the vulnerabilities you have detected, which means choosing the appropriate security measures, whether it’s patching, mitigation or systemic measures. When the risk has a low impact, there’s also the option of accepting it, but this still needs to be documented and agreed upon.

The important part of this process, and perhaps also the hardest, is building relationships within the organization. The reader needs to respect office politics and make sure all the decisions and changes they make are approved by the superiors.

The second part of the book is practical, with the author guiding the reader through the process of building their own vulnerability management system with a detailed analysis of the open source tools they need to use such as Nmap, OpenVAS, and cve-search, everything supported by coding examples.

The reader will learn how to build an asset and vulnerability database and how to keep it accurate and up to date. This is especially important when generating reports, as those need to be based on recent vulnerability findings.

Who is it for?

Practical Vulnerability Management is aimed at security practitioners who are responsible for protecting their organization and tasked with boosting its security posture. It is assumed they are familiar with Linux and Python.

Despite the technical content, the book is an easy read and offers comprehensive solutions to keeping an organization secure and always prepared for possible attacks.

Review: Web Security for Developers: Real Threats, Practical Defense

Review Web Security

Malcolm McDonald, with his 20 years of experience in programming, poured his knowledge into this book to offer comprehensive information about everything a developer needs to know to do their job properly and thoroughly.

After a short lesson in internet history, the author puts the reader in the shoes of the attacker and explains how simple it is to hack a website, as well as how easy it is to obtain and apply hacking tools.

The author proceeds to offer basic knowledge about how the internet, browsers, web servers and programmers work.

Every following chapter explains major vulnerabilities and how to fix them, but also the various types of attacks, describing the damage they can cause. To help the reader better understand these processes, the author added coding examples.

Luckily, tools needed to help secure a website are also freely accessible and easily implemented.

As he points out, the goal is not only to protect a website but also to make it safe for the users. This means, besides preventing major system compromises, it is crucial to simultaneously protect users’ data by securely storing it, requesting authentication and implementing encryption.

Who is this book for?

Whether you’re just starting out in your career as a web developer or are a seasoned pro, Web Security for Developers: Real Threats, Practical Defense will provide all the necessary information about the possible and imminent threats you will face and how to prepare yourself and your team to avoid them.

Although the content is very technical and covers coding and programming topics, the book reads easily and provides essential knowledge to aspiring web developers.

Review: Cybersecurity – Attack and Defense Strategies

Cybersecurity Attack and Defense Strategies

Yuri Diogenes, a professor at EC-Council University and Senior Program Manager at Microsoft, and Dr. Erdal Ozkaya, a prominent cybersecurity professional, advisor, author, speaker and lecturer, published the second edition of their acclaimed book “Cybersecurity – Attack and Defense Strategies”.

Cybersecurity – Attack and Defense Strategies

The book emphasizes, first and foremost, the necessity of every enterprise being aware of its threat landscape and its weakest points, and thus implement the right methods to boost its security posture.

This book will teach you how to identify unusual behaviors within your organization and use incident response methods by applying blue team and read team strategies.

You will also learn about the importance of a good cybersecurity strategy and how to develop it.

The authors explain common hacker tactics, techniques and procedures and the processes of a cyber attack, with a detailed description of tools commonly used during a cyberattack.

The book contains a lot of practical examples that can be applied/tested in a virtual lab. You’ll learn how to avoid wireless attacks and credential theft, how to protect a network, how to avoid phishing incidents, how to protect operating systems, how to avoid mobile phone attacks, details about the most common cloud hacking tools, and so on.

The authors highlight the importance of a well constructed security policy, which should include clearly defined procedures, standards, guidelines and best practices. Of course, these rules are only effective if you educate your staff, but should minimize the likelihood of your organization falling victim to compromise.

To boost performance and improve security, they point out the correct planning and implementation of network segmentation, but also that of a variety of active sensors that monitor unusual activities and threats.

The final chapters cover the procedures of an incident investigation and a recovery process, which give you insights on how to maintain business continuity and implement disaster recovery best practices.

Who is it for?

This is clearly a book aimed at IT professionals who are familiar with penetration testing, Windows and Linux operating systems, and are acquainted with the concept of information security. The content is evidently technical, but the language is clear and comprehensible.

It’s an excellent read for those who want the have all the essential information about how to protect their organization, all in one place. Besides getting detailed practical examples, the book offers various links to web sites to further broaden your knowledge.

Review: Foundations of Information Security

Computers have become an essential part of everyday life, but this widespread usage comes with serious risks, especially for organizations. To address the issue, the author, Dr. Jason Andress, an experienced security professional and researcher who has been writing about security for more than 10 years, wrote this very detailed book that guides the reader through the essentials of information security. Foundations of Information Security The book contains a total of 14 chapters which, as … More

The post Review: Foundations of Information Security appeared first on Help Net Security.