small medium large xlarge

Practical Security: Simple Practices for Defending Your Systems


Cover image for Practical Security

Practical Security

Simple Practices for Defending Your Systems


Most security professionals don’t have the words “security” or “hacker” in their job title. Instead, as a developer or admin you often have to fit in security alongside your official responsibilities — building and maintaining computer systems. Implement the basics of good security now, and you’ll have a solid foundation if you bring in a dedicated security staff later. Identify the weaknesses in your system, and defend against the attacks most likely to compromise your organization, without needing to become a trained security professional.

Customer Reviews

Figuring out where to begin securing systems can seem like an insurmountable
task. Practical Security lays out the basics of how to handle high-risk areas so
that small organizations and developers can start their security journey.

- Michael C. Brown

Senior Security Engineer

This book has the most down-to-earth, actionable advice for anyone who connects
their valuables to the internet, from very small companies to the largest. While
it’s pretty tough to make anything connected to your organization totally safe,
following the practices in this book will significantly raise the cost to attackers.

- William Lederer

President, CIEX, Inc.

A lot of security resources are targeted toward people who already know a lot
about security, leaving a big gap for others who want to know how to keep their
computers and networks safe. Roman provides accessible and practical advice
that anyone can follow to get started.

- Cade Cairns

Security Engineer

A good overview of important topics when getting started with security in a small
organization, complete with in-depth explanations of common issues and pointers
to additional resources.

- aschmitz

Principal Security Consultant

This book is an excellent introduction to some of the topics you need to be a secure
software engineer. It is pleasurable to read and well written.

- Adam Ringwood

Threat Research Engineer

See All Reviews

Choose Your Format(s)

  • $18.95 In Stock
  • Ebooks are DRM free.

  • Ebook delivery options.

About this Title

Pages: 132
Published: 2019-02-13
Release: P1.0 (2019-02-13)
ISBN: 978-1-68050-634-1

Computer security is a complex issue. But you don’t have to be an expert in all the esoteric details to prevent many common attacks. Attackers are opportunistic and won’t use a complex attack when a simple one will do. You can get a lot of benefit without too much complexity, by putting systems and processes in place that ensure you aren’t making the obvious mistakes. Secure your systems better, with simple (though not always easy) practices.

Plan to patch often to improve your security posture. Identify the most common software vulnerabilities, so you can avoid them when writing software. Discover cryptography — how it works, how easy it is to get wrong, and how to get it right. Configure your Windows computers securely. Defend your organization against phishing attacks with training and technical defenses.

Make simple changes to harden your system against attackers.

What You Need

You don’t need any particular software to follow along with this book. Examples in the book describe security vulnerabilities and how to look for them. These examples will be more interesting if you have access to a code base you’ve worked on. Similarly, some examples describe network vulnerabilities and how to detect them. These will be more interesting with access to a network you support.

Contents & Extracts

  • Acknowledgments
  • Introduction
    • Who Is This Book For?
    • What’s in This Book
    • Online Resources
  • Patching excerpt
    • Upgrading Third-Party Libraries and Software
    • Library Inventory
    • Network Inventory
    • Patching Windows
    • Finding Published Vulnerabilities
    • Testing Your Patches
    • If Patching Hurts, Do It More Often
    • A Practical Application of Fear
    • What’s Next?
  • Vulnerabilities
    • SQL Injection
    • Cross-Site Scripting (XSS)
    • Cross-Site Request Forgery (XSRF)
    • Misconfiguration
    • Suggested Reading
    • What’s Next?
  • Cryptography excerpt
    • Don’t Roll Your Own Crypto
    • Don’t Use Low-Level Crypto Libraries
    • Evaluating Crypto Libraries Without Being a Crypto Expert
    • Password Storage
    • Storing Passwords When You’re the Client
    • Minimizing the Cost of Credential Loss
    • Keeping Passwords Hard to Predict
    • TLS Configuration
    • What’s Next?
  • Windows
    • Windows Users
    • Login and Mimikatz
    • Password Policy
    • Active Directory: What Else Is It Good For?
    • BitLocker
    • What’s Next?
  • Phishing
    • Types of Phishing Attacks
    • Social Defense
    • Don’t DIY
    • DNS-Based Defense
    • Authentication-Based Defense
    • In-Application Defense
    • Got Phished. Now What?
    • Wrapping Up


Roman Zabicki works at Stripe as a member of the application security team. He has a BA in computer science from the University of Chicago. He’s a lifelong Chicagoan and lives in Chicago with his wife, Marnie, and their children.