Corporate Cybersecurity: Identifying Risks and the Bug Bounty Program
暫譯: 企業網路安全:識別風險與漏洞獎勵計畫
Jackson, John
商品描述
An insider's guide showing companies how to spot and remedy vulnerabilities in their security programs
A bug bounty program is offered by organizations for people to receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities. Corporate Cybersecurity gives cyber and application security engineers (who may have little or no experience with a bounty program) a hands-on guide for creating or managing an effective bug bounty program. Written by a cyber security expert, the book is filled with the information, guidelines, and tools that engineers can adopt to sharpen their skills and become knowledgeable in researching, configuring, and managing bug bounty programs.
This book addresses the technical aspect of tooling and managing a bug bounty program and discusses common issues that engineers may run into on a daily basis. The author includes information on the often-overlooked communication and follow-through approaches of effective management. Corporate Cybersecurity provides a much-needed resource on how companies identify and solve weaknesses in their security program. This important book:
- Contains a much-needed guide aimed at cyber and application security engineers
- Presents a unique defensive guide for understanding and resolving security vulnerabilities
- Encourages research, configuring, and managing programs from the corporate perspective
- Topics covered include bug bounty overview; program set-up; vulnerability reports and disclosure; development and application Security Collaboration; understanding safe harbor and SLA
Written for professionals working in the application and cyber security arena, Corporate Cybersecurity offers a comprehensive resource for building and maintaining an effective bug bounty program.
商品描述(中文翻譯)
內部指南,幫助企業識別並修補其安全計劃中的漏洞
漏洞獎勵計劃是由組織提供的,讓人們因報告漏洞而獲得認可和補償,特別是與安全漏洞和弱點相關的漏洞。企業網路安全 為網路和應用安全工程師(可能對獎勵計劃幾乎沒有經驗)提供了一本實用指南,幫助他們創建或管理有效的漏洞獎勵計劃。這本書由一位網路安全專家撰寫,內容充實,提供了工程師可以採用的信息、指導方針和工具,以提升他們的技能,並在研究、配置和管理漏洞獎勵計劃方面變得更加專業。
本書針對漏洞獎勵計劃的工具和管理的技術層面進行探討,並討論工程師在日常工作中可能遇到的常見問題。作者還包括了經常被忽視的有效管理的溝通和後續跟進方法的信息。企業網路安全 提供了一個急需的資源,幫助企業識別和解決其安全計劃中的弱點。這本重要的書籍:
- 包含針對網路和應用安全工程師的急需指南
- 提供獨特的防禦指南,以理解和解決安全漏洞
- 鼓勵從企業的角度進行研究、配置和管理計劃
- 涵蓋的主題包括漏洞獎勵概述;計劃設置;漏洞報告和披露;開發和應用安全協作;理解安全港和服務水平協議(SLA)
本書是為在應用和網路安全領域工作的專業人士撰寫的,企業網路安全 提供了一個全面的資源,用於建立和維護有效的漏洞獎勵計劃。
作者簡介
John Jackson is a Cyber Security Professional, Hacker, and the founder of the Hacking Group: Sakura Samurai 桜の侍. He is skilled in the art of configuring, managing, and utilizing Application Security Tools and programs, and an effective leader in the Cyber Security space. His unique perspective as both an Engineer and a Security Researcher provides hands-on experience towards configuring programs in a way that both organizations and researchers can benefit.
作者簡介(中文翻譯)
約翰·傑克森是一位網路安全專業人士、駭客,以及駭客團體「櫻花武士」的創始人。他擅長配置、管理和使用應用程式安全工具和程式,並且在網路安全領域中是一位有效的領導者。他作為工程師和安全研究員的獨特視角,提供了實際經驗,使得組織和研究人員都能從中受益。
