Our Books

Security Innovation takes a unique approach to Education and offers foundational training to build core skills, and reinforcement assets to provide knowledge at the time of need.

Books


How To Break Software Security

How to Break Software SecurityThis book describes 19 focused testing attacks that can be mounted against various applications that will expose security vulnerabilities caused by software dependencies, data-dependent weaknesses in software, application design flaws, and implementation-related vulnerabilities It asks and answers questions such as: How do you find security bugs in software?  Why does testing routinely miss security bugs? What software testing tools will help me?   

Purchase 

 


How to Break Web Software

How to Break Web SoftwareTwo renowned experts address every category of Web software exploit: attacks on clients, servers, state, user inputs, and more. You’ll master powerful attack tools and techniques as you uncover dozens of crucial, widely exploited flaws in Web architecture and coding. The authors reveal where to look for potential threats and attack vectors, how to rigorously test for each of them, and how to mitigate the problems you find.  
 
Purchase  |  eLearning based on book   


The Software Vulnerability Guide

The Software Vulnerability GuideMany developers are not familiar with the techniques needed to write secure code or detect existing vulnerabilities.This book focuses on the origin of most software vulnerabilities, including the bugs in the underlying software used to develop IT infrastructures and the Internet. Most of these security bugs  started out as programmer mistakes. With this easy-to-use guide, programmers and testers will learn how to recognize and prevent these vulnerabilities before their software reaches the market.   

Purchase  |  eLearning based on Book


How To Break Software

How To Break SoftwareThis book is a practical tutorial on how to actually do testing by presenting numerous 'attacks' you can perform to test your software for bugs and includes a 17-step methodology to effectively and efficiently test software. It asks and answers questions such as: What models exist to guide my testing? How do I develop an insight for where bugs are hiding? What software testing tools will help me?

Purchase | Training based on book


Handbook of Intelligent Vehicles

Handbook of Intelligent Vehicles The Handbook of Intelligent Vehicles provides a complete coverage of the fundamentals, new technologies, and sub-areas essential to the development of intelligent vehicles; it also includes advances made to date, challenges, and future trends. Significant strides in the field have been made to date; however, so far there has been no single book or volume which captures these advances in a comprehensive format, addressing all essential components and subspecialties of intelligent vehicles, as this book does.

The book includes a 50-page chapter by William Whyte, Chief Scientist at Security Innovation, providing one of the most comprehensive publicly available reviews of all aspects of communications and platform security for communications between intelligent vehicles.

Purchase | Our products related to this book


Securing Critical Infrastructures and Critical Control Systems: Approaches for Threat Protection

Securing Critical Infrastructures and Critical Control Systems The increased use of technology is necessary in order for industrial control systems to maintain and monitor industrial, infrastructural, or environmental processes. The need to secure and identify threats to the system is equally critical. This book provides a full and detailed understanding of the vulnerabilities and security threats that exist within an industrial control system. This collection of research defines and analyzes the technical, procedural, and managerial responses to securing these systems.

Purchase | Purchase ICS Software Protection Chapter


Security Testing Handbook for Banking Applications

Security Testing Handbook for Banking Applications Attackers are increasingly focusing their attention on the application layer; visionary banks have responded by proactively testing their entire suite of applications. It is not enough any more to test only the public facing Internet banking application. The ease with which many attacks can be carried out now requires that all applications, including internal applications, be tested. "Security Testing Handbook for Banking Applications" is a specialized guide to testing a wide range of banking applications. The book is intended as a companion to security professionals, software developers and QA professionals who work with banking applications.

Purchase


Guides

 

Team Development with Visual Studio Team Foundation Server

Team Development with Visual Studio Team Foundation Server Shows you how to make the most of Team Foundation Server. It starts with the end in mind, but shows you how to incrementally adopt TFS for your organization. It's a collaborative effort between patterns & practices, Team System team members, and industry experts. 

Download





Improving Web Services Security

Improving Web Services SecurityThis guide shows you how to make the most of Microsoft® Windows Communication Foundation (WCF). It contains proven practices, end-to-end applications scenarios, guidelines, a Q&A, and task-based “how-to” articles. It is a collaborative effort between Microsoft patterns & practices and industry experts including Security Innovation's  CTO, Jason Taylor.

Download

 


Application Architecture Guide 2.0

Application Architecture Guide 2.0Provides design-level guidance for the architecture and design of applications built on the .NET Framework. It focuses on the most common types of applications and walks through their key design characteristics. This guide is a collaborative effort between Microsoft patterns & practices and industry experts including Security Innovation's  CTO, Jason Taylor.

Download  |  eLearning based on Book

 


Security Engineering Explained

Engineering ExplainedThis guide describes specific security activities for improved software engineering, including applying secure design guidelines, creating threat models, conducting architecture and design reviews for security, performing security code reviews, testing for security, and conducting deployment reviews. This guide is a collaborative effort between Microsoft patterns & practices and industry experts including Security Innovation's  CTO, Jason Taylor.

Download  |  eLearning Based on Guide


Web Architecture Pocket Guide

Web Application Architecture GuideThe purpose of the Web Application Architecture Pocket Guide is to improve your effectiveness when building Web applications on the Microsoft platform. The primary audience is solution architects and development leads. The guide provides design-level guidance for the architecture and design of Web applications built on the .NET Platform. It focuses on partitioning application functionality into layers, components, and services, and walks through their key design characteristics. This guide is a collaborative effort between Microsoft patterns & practices and industry experts including Security Innovation's CTO, Jason Taylor.

Download


Service Architecture Pocket Guide

Service Architecture Pocket GuideThe purpose of the Service Architecture Pocket Guide is to improve your effectiveness when building services on the Microsoft platform. The primary audience is solution architects and development leads. The guide provides design-level guidance for the architecture and design of services built on the .NET Platform. This guide is a collaborative effort between Microsoft patterns & practices and industry experts including Security Innovation's CTO, Jason Taylor.

Download


Mobile Architecture Pocket Guide

Mobile Architecture Pocket GuideThe purpose of the Mobile Application Architecture Pocket Guide is to improve your effectiveness when building mobile applications on the Microsoft platform. The primary audience is solution architects and development leads. The guide provides design-level guidance for the architecture and design of mobile applications built on the .NET Platform. It focuses on partitioning application functionality into layers, components, and services, and walks through their key design characteristics. This guide is a collaborative effort between Microsoft patterns & practices and industry experts including Security Innovation's CTO, Jason Taylor.

Download


Microsoft Application Architecture Guide

Microsoft Application Architecture GuideThe guide is intended to help developers and solution architects design and build effective, high quality applications using the Microsoft platform and the .NET Framework more quickly and with less risk; it provides guidance for using architecture principles, design principles, and patterns that are tried and trusted. The guidance is presented in sections that correspond to major architecture and design focus points. It is designed to be used as a reference resource or to be read from beginning to end. This guide is a collaborative effort between Microsoft patterns & practices and industry experts including Security Innovation's CTO, Jason Taylor.

View | Buy


Windows Azure Security Notes

Windows Azure Security NotesThis is a compilation of the learnings from this project in notes form. This is not an official Microsoft patterns & practices release, this is a hand-off document containing findings from the research invested in this project. This guide is a collaborative effort between Microsoft patterns & practices and industry experts including Security Innovation's CTO, Jason Taylor.

Download



How To: Perform a Security Code Review for Managed Code (.NET Framework 2.0)

This How To shows you how to perform security code reviews. This module presents the steps involved in the activity, and techniques for analyzing your results. Use this How To with Security Question List: Managed Code (.NET Framework 2.0) and Security Question List: ASP.NET 2.0. These companion question lists help you ask the right questions when performing a security code review. This guide is a collaborative effort between Microsoft patterns & practices and industry experts including Security Innovation's CTO, Jason Taylor.

View


Regulatory Compliance Demystified: An Introduction to Compliance for Developersde

For a developer, understanding the issues around regulatory compliance can be a difficult and frustrating endeavor. This article makes sense of regulatory compliance from a developer's point of view. It examines Sarbanes-Oxley, HIPAA, and other regulations, and covers the most important best practices that are common across multiple pieces of legislation. This guide is a collaborative effort between Microsoft patterns & practices and industry experts including Security Innovation's CTO, Jason Taylor.

View