See: Web Security for Developers: Real Threats, Practical Defense Illustrated Edition
See also: Microsoft Certification Exams
Direct from Microsoft, this Exam Ref is the official study guide for the new Microsoft MS-500 Microsoft 365 Security Administration certification exam.
Exam Ref MS-500 Microsoft 365 Security Administration offers professional-level preparation that helps candidates maximize their exam performance and sharpen their skills on the job. It focuses on the specific areas of expertise modern IT professionals need to implement and administer security in any Microsoft 365 environment. Coverage includes:
- Implementing and managing identity and access
- Implementing and managing threat protection
- Implementing and managing information protection
- Managing governance and compliance features in Microsoft 365
Microsoft Exam Ref publications stand apart from third-party study guides because they:
- Provide guidance from Microsoft, the creator of Microsoft certification exams
- Target IT professional-level exam candidates with content focused on their needs, not “one-size-fits-all” content
- Streamline study by organizing material according to the exam’s objective domain (OD), covering one functional group and its objectives in each chapter
- Feature Thought Experiments to guide candidates through a set of “what if?” scenarios, and prepare them more effectively for Pro-level style exam questions
- Explore big picture thinking around the planning and design aspects of the IT pro’s job role
For more information on Exam MS-500 and the Microsoft 365 Certified: Security Administrator Associate, visit microsoft.com/learning.
See also: Microsoft Certification Exams
The Exam Ref is the official study guide for Microsoft certification exams. Featuring concise coverage of the skills measured by the exam, challenging Thought Experiments, and pointers to more in-depth material for the candidate needing additional study, exam candidates get professional-level preparation for the exam. The Exam Ref helps candidates determine their readiness for the exam, and provides Exam Tips to help maximize their performance on the exam. The organization of the material mirrors the skills measured by the exam as presented on the certification exam webpage.
“An integrated development environment (IDE) is a software application that provides comprehensive facilities to computer programmers for software development. An IDE normally consists of at least a source code editor, build automation tools and a debugger. Some IDEs, such as Visual Studio, NetBeans and Eclipse, contain the necessary compiler, interpreter, or both; others, such as SharpDevelop and Lazarus, do not.” (WP)
“The boundary between an IDE and other parts of the broader software development environment is not well-defined; sometimes a version control system or various tools to simplify the construction of a graphical user interface (GUI) are integrated. Many modern IDEs also have a class browser, an object browser, and a class hierarchy diagram for use in object-oriented software development.” (WP)
The Amnesic Incognito Live System
Tails, or The Amnesic Incognito Live System, is a security-focused Debian-based Linux distribution aimed at preserving privacy and anonymity. All its incoming and outgoing connections are forced to go through Tor, and any non-anonymous connections are blocked. The system is designed to be booted as a live DVD or live USB, and will leave no digital footprint on the machine unless explicitly told to do so. The Tor Project provided financial support for its development in the beginnings of the project. Tails comes with UEFI Secure Boot.
Tails was first released on 23 June 2009. It is the next iteration of development on Incognito, a discontinued Gentoo-based Linux distribution. The Tor Project provided financial support for its development in the beginnings of the project. Tails also received funding from the Open Technology Fund, Mozilla, and the Freedom of the Press Foundation.
- GNOME desktop
- Tor (anonymity network) with Stream isolation, regular, obfs3 and obfs4 bridges support.
- NetworkManager for easy network configuration
- Tor Browser, a web browser based on Mozilla Firefox and modified to protect anonymity with:
- HTTPS Everywhere transparently enables SSL-encrypted connections to a great number of major websites
- uBlock Origin to remove advertisements.
Note: Due to the fact that Tails includes uBlock Origin (compared to the normal Tor Browser Bundle), it could be subject to an attack to determine if the user is using Tails (since the userbase for Tails is less than the Tor Browser Bundle) by checking if the website is blocking advertising. Although this can be avoided by disabling uBlock Origin.
- Pidgin preconfigured with OTR for end-to-end encrypted instant messaging
- OnionShare for anonymous File sharing
- Thunderbird email client with Enigmail for OpenPGP support
- Liferea feed aggregator
- Aircrack-ng for Wi-Fi networks auditing
- Electrum, an easy-to-use bitcoin client
Kali Linux has around 600 pre-installed penetration-testing programs(tools), including Armitage (a graphical cyber attack management tool), Nmap (a port scanner), Wireshark (a packet analyzer), metasploit (penetration testing framework, awarded as the best penetration testing software), John the Ripper (a password cracker), sqlmap (automatic SQL injection and database takeover tool), Aircrack-ng (a software suite for penetration-testing wireless LANs), Burp suite and OWASP ZAP web application security scanners, etc.
It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, their previous information security testing Linux distribution based on Knoppix. Originally, it was designed with a focus on kernel auditing, from which it got its name Kernel Auditing Linux. The name is sometimes incorrectly assumed to come from Kali the Hindu goddess. The third core developer, Raphaël Hertzog, joined them as a Debian expert.
Kali Linux’s popularity grew when it was featured in multiple episodes of the TV series Mr. Robot. Tools highlighted in the show and provided by Kali Linux include Bluesniff, Bluetooth Scanner (btscanner), John the Ripper, Metasploit Framework, Nmap, Shellshock, and Wget.“
“DevOps is the buzzword these days in both software and business circles. Why? Because it has revolutionized the way modern businesses do business and, in the process, achieved milestones that weren’t possible before.” On this site, “you’ll learn what DevOps is, how it evolved, how your business can benefit from implementing it, and success stories of some of the world’s biggest and most popular companies that have embraced DevOps as part of their business.” (DMH)
“DevOps – or Development and Operations – is a term used in enterprise software development that refers to a kind of agile relationship between information technologies (IT) operations and development. The primary objective of DevOps is to optimize this relationship through fostering better collaboration and communication between development and IT operations. In particular, it seeks to integrate and activate important modifications into an enterprise’s production processes as well as to strictly monitor problems and issues as they occur so these can be addressed as soon as possible without having to disrupt other aspects of the enterprise’s operations. By doing so, DevOps can help enterprises register faster turnaround times, increase frequency of deployment of crucial new software or programs, achieve faster average recovery times, increase success rate for newly released programs, and minimize the lead time needed in between modifications or fixes to programs.” (DMH)
“DevOps is crucial for the success of any enterprise because, by nature, enterprises need to segregate business units as individually operating entities for a more efficient system of operations. However, part of such segregation is the tendency to tightly control and guard access to information, processes and management. And this can be a challenge, particularly for the IT operations unit that needs access to key information from all business units in order to provide the best IT service possible for the whole enterprise. Simply put, part of the challenge in segregating business units into individually operating ones that are independent of each other is the relatively slow flow of information to and from such units because of bureaucracy.” (DMH)
“Moving towards an organizational culture based on DevOps – one where the enterprise’s operations units and IT developers are considered as “partners” instead of unrelated units – is an effective way to break down the barriers between them. This is because an enterprise whose culture is based on DevOps is one that can help IT personnel provide organization with the best possible software with the least risk for glitches, hitches, or problems. Therefore, a DevOps-based organizational culture is one that can foster an environment where segregated business units can remain independent but, at the same time, work very well with others in order to optimize the organization’s efficiency and productivity.” (DMH)
“ACID (Atomicity, Consistency, Isolation, Durability) – These are the essential qualities of a *transaction in database processing: either all or none of the subtasks composing the transaction must be performed (atomicity); the database satisfy all its *constraints both at the beginning and at the end of the transaction (consistency); no other database user can access the data being manipulated by the transaction while it is an intermediate, and possibly inconsistent, state (isolation); and, once completed, the effect of the transaction will not be reversed, for example by a system crash and subsequent recovery (durability). See also BASE, CAP theorem.” (ODCS)
A Dictionary of Computer Science (Oxford Quick Reference) 7th Edition, by Editors Andrew Butterfield, Gerard Ngondi, Anne Kerr
Previously named A Dictionary of Computing, this bestselling dictionary has been renamed A Dictionary of Computer Science, and fully revised by a team of computer specialists, making it the most up-to-date and authoritative guide to computing available. Containing over 6,500 entries and with expanded coverage of multimedia, computer applications, networking, and personal computer science, it is a comprehensive reference work encompassing all aspects of the subject and is as valuable for home and office users as it is indispensable for students of computer science.
Terms are defined in a jargon-free and concise manner with helpful examples where relevant. The dictionary contains approximately 150 new entries including cloud computing, cross-site scripting, iPad, semantic attack, smartphone, and virtual learning environment. Recommended web links for many entries, accessible via the Dictionary of Computer Science companion website, provide valuable further information and the appendices include useful resources such as generic domain names, file extensions, and the Greek alphabet.
This dictionary is suitable for anyone who uses computers, and is ideal for students of computer science and the related fields of IT, maths, physics, media communications, electronic engineering, and natural sciences.
- ASIN : B019GXM8X8
- Publisher : OUP Oxford; 7th edition (January 28, 2016)
- Publication date : January 28, 2016
- Print length : 641 pages
- First edition 1983, Second edition 1986, Third edition 1990, Fourth edition 1996, Fifth edition 2004, Sixth edition 2008, Seventh edition 2016
- ISBN 978–0–19–968897–5, ebook ISBN 978–0–19–100288–5
“The first edition of this dictionary was published in 1983 as a specialist reference work for computer professionals and for people interested in the underlying concepts and theories of computer science. Over successive editions, the work has been expanded and changed to reflect the technological and social changes that have occurred, especially the enormous growth in home computing and the Internet. In particular, the fourth edition (1996) included an additional 1700 entries catering for a wider readership. At the same time, the editors have retained the basic principles of the original book.”
“In the seventh edition of the dictionary we have followed the same line. The existing entries have been updated and over 120 new entries have been added. In particular, coverage of areas such as database management and social networking has been increased to reflect the growing importance of these areas. Some obsolete terms have been deleted, although some have been kept for their historical interest. Links to useful websites have been updated and more added. There are also six special feature spreads, giving information on selected topics.”
JL, ASK, 2015
Guide to the Dictionary
“Synonyms and generally used abbreviations are given either in brackets immediately after the relevant entry title, or occasionally in the text of the entry with some additional information or qualification.”
“A distinction is made between an acronym and an abbreviation: an acronym can be pronounced while an abbreviation cannot. The entry for an acronym usually appears at the acronym itself, whereas the entry for an abbreviation may appear either at the unabbreviated form or at the abbreviation—depending on which form is most commonly used. When a term is defined under an abbreviation, the entry for the unabbreviated form simply cross-refers the reader to the abbreviation.”
“Some terms listed in the dictionary are used both as nouns and verbs. This is usually indicated in the text of an entry if both forms are in common use. In many cases a noun is also used in an adjectival form to qualify another noun. This occurs too often to be noted.”