Enjoy fast, free delivery, exclusive deals, and award-winning movies & TV shows with Prime
Try Prime and start saving today with fast, free delivery

List Price: $39.99 Details

Save: $17.56 (44%)

Get Fast, Free Shipping with Amazon Prime FREE Returns

FREE delivery Saturday, December 16 on orders shipped by Amazon over $35. Order within 7 hrs 2 mins

Arrives before Christmas

Select delivery location

In Stock

$$22.43 () Includes selected options. Includes initial monthly payment and selected options. Details

Ships from

Amazon.com

Ships from

Amazon.com

Sold by

Amazon.com

Sold by

Amazon.com

Returns

Returnable until Jan 31, 2024

Returns

Returnable until Jan 31, 2024

For the 2023 holiday season, eligible items purchased between November 1 and December 31, 2023 can be returned until January 31, 2024

Read full return policy

Payment

Secure transaction

Payment

Secure transaction

We work hard to protect your security and privacy. Our payment security system encrypts your information during transmission. We don’t share your credit card details with third-party sellers, and we don’t sell your information to others. Learn more

Details

Add a gift receipt for easy returns

Get Fast, Free Shipping with Amazon Prime

FREE delivery Monday, December 18 on orders shipped by Amazon over $35

Arrives before Christmas

Select delivery location

Used: Very Good | Details

Sold by BILL'S BUYS

Fulfilled by Amazon

Access codes and supplements are not guaranteed with used items.

Image Unavailable

Image not available for
Color:

To view this video download Flash Player

Follow the authors

Beautiful Security: Leading Security Experts Explain How They Think 1st Edition

by Andy Oram (Editor), John Viega (Editor)

4.5 11 ratings

See all formats and editions

Price

New from

Used from

Kindle

"Please retry"

$23.99

—

Paperback, Illustrated

"Please retry"

$22.43

$21.91

$1.30

Kindle
$23.99 Read with our free app
Paperback
$15.22 - $22.43

26 Used from $1.30 15 New from $21.91 1 Collectible from $18.95

{"desktop_buybox_group_1":[{"displayPrice":"$22.43","priceAmount":22.43,"currencySymbol":"$","integerValue":"22","decimalSeparator":".","fractionalValue":"43","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"p7QFbIJzmcvzGZ3CO%2BlsjQIvASSTNqzEICD9RFd7QBKAgZBYrVMor%2BZlyTUlcbgzPbYfC2OwbcyuSm01HWSpADA0xVs1%2Bt%2BJXYSFY9WZ2umdVFY9oKEI7MzTQRP1ayX4GLu1OMlQ23s%3D","locale":"en-US","buyingOptionType":"NEW","aapiBuyingOptionIndex":0}, {"displayPrice":"$15.22","priceAmount":15.22,"currencySymbol":"$","integerValue":"15","decimalSeparator":".","fractionalValue":"22","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"p7QFbIJzmcvzGZ3CO%2BlsjQIvASSTNqzE%2BMrIod%2FhLCgOgT4y0H2%2FLWx1JPAULHkeIxsxzQ%2B6ZiPsYFI6gQuy2%2FG%2BjVgAs0irkI8pxFOBNuNe%2FToZGkzkgglEskq4uKpVtzJvieSqm414tVNZycamftDTVJx5uZ4KUPcLfVKE0NiYIltWy%2BDwxMDlbXG7yxu2","locale":"en-US","buyingOptionType":"USED","aapiBuyingOptionIndex":1}]}

Purchase options and add-ons

In this thought-provoking anthology, today's security experts describe bold and extraordinary methods used to secure computer systems in the face of ever-increasing threats. Beautiful Security features a collection of essays and insightful analyses by leaders such as Ben Edelman, Grant Geyer, John McManus, and a dozen others who have found unusual solutions for writing secure code, designing secure applications, addressing modern challenges such as wireless security and Internet vulnerabilities, and much more. Among the book's wide-ranging topics, you'll learn how new and more aggressive security measures work--and where they will lead us. Topics include:

Rewiring the expectations and assumptions of organizations regarding security
Security as a design requirement
Evolution and new projects in Web of Trust
Legal sanctions to enforce security precautions
An encryption/hash system for protecting user data
The criminal economy for stolen information
Detecting attacks through context

Go beyond the headlines, hype, and hearsay. With Beautiful Security, you'll delve into the techniques, technology, ethics, and laws at the center of the biggest revolution in the history of network security. It's a useful and far-reaching discussion you can't afford to miss.

ISBN-10

0596527489
ISBN-13

978-0596527488
Edition

1st
Publisher

O'Reilly Media
Publication date

2009
June 2
Language

EN
English
Dimensions

7.0 x 0.8 x 9.2
inches
Length

300
Pages
See all details

Frequently bought together

Beautiful Security: Leading Security Experts Explain How They Think

$22.43

Get it as soon as Saturday, Dec 16

In Stock

Ships from and sold by Amazon.com.

+

The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage

$13.49

Get it as soon as Saturday, Dec 16

In Stock

Ships from and sold by Amazon.com.

Total price:

To see our price, add these items to your cart.

Try again!

Details

Added to Cart

Choose items to buy together.

Colby A Clark
20
Paperback
9 offers from $54.00
Colby A Clark
32
Paperback
10 offers from $40.41
Richard T. Sylves
148
Paperback
28 offers from $50.00

Editorial Reviews

About the Author

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in free software and open source technologies. His work for O'Reilly includes the first books ever published commercially in the United States on Linux, and the 2001 title Peer-to-Peer. His modest programming and system administration skills are mostly self-taught.

John is CTO of the SaaS Business Unit at McAfee, his second stint at McAfee. Previously, he was their Chief Security Architect, after which he founded and served as CEO of Stonewall Software, which focused on making anti-virus technology faster, better and cheaper. John was also the founder of Secure Software (now part of Fortify).

John is author of many security books, including Building Secure Software (Addison-Wesley), Network Security with OpenSSL (O'Reilly), and the forthcoming Myths of Security (O'Reilly). He is responsible for numerous software security tools and is the original author of Mailman, the GNU mailing list manager. He has done extensive standards work in the IEEE and IETF and co-invented GCM, a cryptographic algorithm that NIST has standardized. John is also an active advisor to several security companies, including Fortify and Bit9. He holds a MS and BA from the University of Virginia.

Product details

Publisher ‏ : ‎ O'Reilly Media; 1st edition (June 2, 2009)
Language ‏ : ‎ English
Paperback ‏ : ‎ 300 pages
ISBN-10 ‏ : ‎ 0596527489
ISBN-13 ‏ : ‎ 978-0596527488
Item Weight ‏ : ‎ 1.23 pounds
Dimensions ‏ : ‎ 7 x 0.8 x 9.19 inches

Best Sellers Rank: #2,843,905 in Books (See Top 100 in Books)
- #313 in CompTIA Certification Guides
- #675 in Computing Industry History
- #1,029 in Computer Networking (Books)

Customer Reviews:
4.5 11 ratings

Brief content visible, double tap to read full content.

Full content visible, double tap to read brief content.

Videos

Help others learn more about this product by uploading a video!

Upload your video

Important information

To report an issue with this product, click here.

About the authors

Follow authors to get new release updates, plus improved recommendations.

Anton Chuvakin
Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.
Dr. Anton Chuvakin (http://www.chuvakin.org/) is a Research Director at Gartner's Gartner for Technical Professionals (GTP) Security and Risk Management Strategies team.
Anton is a recognized security expert in the field of log management, SIEM and PCI DSS compliance. He is an author of books "Security Warrior", "Logging and Log Management" and "PCI Compliance" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and others. Anton has published dozens of papers on log management, SIEM, correlation, security data analysis, PCI DSS, security management. His blog "Security Warrior" was one of the most popular in the industry.
In addition, Anton taught classes and presents at many security conferences across the world; he recently addressed audiences in United States, UK, Singapore, Spain, Russia and other countries. He worked on emerging security standards and served on advisory boards of several security start-ups.
Most recently, Anton was running his own security consulting practice, focusing on logging, SIEM and PCI DSS compliance for security vendors and Fortune 500 organizations. Dr. Anton Chuvakin was formerly a Director of PCI Compliance Solutions at Qualys. Previously, Anton worked at LogLogic as a Chief Logging Evangelist, tasked with educating the world about the importance of logging for security, compliance and operations. Before LogLogic, Anton was employed by a security vendor in a strategic product management role. Anton earned his Ph.D. degree from Stony Brook University.
See more on the author's page
John Viega
Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.
John is Executive Vice President at SilverSky, the leader in cloud security solutions. John is the former editor-in-chief for IEEE Security and Privacy Magazine, and his technical work in cryptography has been standardized by NIST, the IEEE and IETF. Prior to SilverSky, John was CTO for Software-as-a-Service at McAfee.
John started out writing fiction in high school and college, but Randy Pausch (of Last Lecture Fame) convinced him to make a career in technology.
See more on the author's page
Andrew Oram
Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.
Andy Oram is an editor at O'Reilly Media, a highly respected book
publisher and technology information provider. An employee of the
company since 1992, Andy currently specializes in open source,
networking, and software engineering, but his editorial output has
ranged from a legal guide covering intellectual property to a graphic
novel about teenage hackers. His work for O'Reilly includes the
influential 2001 title Peer-to-Peer, the 2005 ground-breaking book
Running Linux, and the 2007 best-seller Beautiful Code.
Andy also writes often for O'Reilly's Radar site
(http://radar.oreilly.com/) and other publications on policy issues
related to the Internet and on trends affecting technical innovation
and its effects on society. Print publications where his work has
appeared include The Economist, Communications of the ACM, Copyright
World, and Internet Law and Business. His web site is
http://www.praxagora.com/andyo/.
See more on the author's page

Customer reviews

4.5 out of 5

11 global ratings

3 star

0%

2 star

0%

1 star

0%

How customer reviews and ratings work

Sort reviews by

Top reviews from the United States

There was a problem filtering reviews right now. Please try again later.

Daniel D. Lohin

Great book to give someone interested in getting in the security field

Reviewed in the United States on April 9, 2010

Verified Purchase

Recently I have been asked by a lot of people how do you get in the security field? I used to say a lot of hard work and a lot of luck. My new answer is going to be to read this book and see if you are interested in the field. The book covers a wide variety of subjects across all of information security that are really quite useful. Some of these areas you won't learn a lot if you are in that particular field, but even if you are in security I am sure you will learn a lot. I learned quite a bit on the sections on metrics and software security. This is a great book to have to be able to lend to people with an interest in entering the field.

2 people found this helpful

Helpful

David W. Rooker

Content is "Timeless"

Reviewed in the United States on February 20, 2017

Verified Purchase

Excellent book, I have bought a couple dozen of these to hand out to my team and peers. Even though it is several years old ... its content is timeless!

2 people found this helpful

Helpful

Ronda G

Great insight from security minds

Reviewed in the United States on December 3, 2012

Verified Purchase

I am about half way through the book and I am impressed at the content. The experts all provide knowledge from their experience in infosec to make a great combination. I reccomend this book to those who are interested in a career in IT security as well as those who are already established in IT. Security is an unavoidable part of our lives and work.

2 people found this helpful

Helpful

Ben Rothke

An eye-opening book that will challenge you

Reviewed in the United States on July 6, 2009

Books that collect chapters from numerous expert authors often fail to do more than be a collection of disjointed ideas. Simply combining expert essays does not always make for an interesting, cohesive read. Beautiful Security: Leading Security Experts Explain How They Think is an exception to that and is definitely worth a read. The books 16 chapters provide an interesting overview to the current and future states of security, risk and privacy. Each chapter is written by an established expert in the field and each author brings their own unique insights and approach to information security.

A premise of the book is that most people don't give security much attention until their personal or business systems are attacked or breached. The book notes that criminals often succeed by exercising enormous creativity when devising their attacks. They think outside of the box which the security people built to keep them out. Those who create defenses around digital assets must similarly use creativity when designing an information security solution.

Unfortunately, far too few organizations spend enough time thinking creatively about security. More often than not, it is simply about deploying a firewall and hoping the understaffed security team can deal with the rest of the risks.

The 16 essays, arranged in no particular theme are meant to show how fascinating information security can be. This is in defense to how security is often perceived, as an endless series of dialogue boxes and warnings, or some other block to keep a user from the web site or device they want to access. Each of the 16 essays is well-written, organized and well-argued. The following 4 chapter are particularly noteworthy.

Chapter 3 is titled Beautiful Security Metrics and details how security metrics can be effectively used, rather than simply being a vehicle for creating random statistics for management. Security metrics are a critical prerequisite for turning IT security into a science, instead of an art. With that, author Elizabeth Nichols notes that the security profession needs to change in ways that emulate the medical professional when it comes to metrics. She notes specifically that security must develop a system of vital signs and generally accepted metrics in the same way in which physicians work. The chapter also provides excellent insights on how to use metrics and how metrics, in addition to high-level questions that can be used to determine how effective security is within an organization.

Chapter 6 deals with online-advertising and the myriad problems in keeping it honest. Author Benjamin Edelman observed a problem with the online supply chain world, as opposed to brick and mortar (BAM) world, in that BAM companies have long-established procurement departments with robust internal controls, and carefully trained staff who evaluate prospective vendors to confirm legitimacy. In the online world, predominantly around Google AdSense, most advertisers and advertising networks lack any comparable rigor for evaluating their vendors. That has created a significant avenue for online advertising fraud, of which the on-line advertising is a victim to.

Edelman writes that he has uncovered hundreds of online advertising scams defrauding hundreds of thousands of users, in addition to the merchants themselves. The chapter details many of the deceptive advertisements that he has found, and shows how often web ads that tout something for free, is most often far from it.

Chapter 7 is about the PGP and the evolution of the PGP web of trust scheme. The chapter is written by PGP creator Phil Zimmerman, and current PGP CTO Jon Callas. It has been a long while since Zimmerman has written anything authoritative about PGP, so the chapter is a welcome one. Zimmerman and Callas note that while a lot has been written about PGP, much of it though containing substantial inaccuracies. The chapter provides invaluable insights into PGP and the history and use of cryptography. It also gives a thorough overview of the original PGP web of trust model, and recent enhancements bring PGP's web of trust up to date.

Chapter 9 is one of the standout chapters in the book. Mark Curphrey writes about the need to get people, processes and technology to work together so that the humans involved in information security can make better decisions. In the chapter, Curphrey deals with topical issues such as cloud computing, social networks, security economics and more. Curphrey notes that when he starts giving a presentation, he does it with the following quotation from Upton Sinclair -- "it's difficult to get a man to understand something when his salary depends on him not understanding it". He uses the quote to challenge listeners (and readers in this case) to question the reason why they are being presented the specific ideas, which serves as a reminder of common, subtle biases for thoughts and ideas presented as fact.

In its 250 pages, Beautiful Security is both a fascinating an enjoyable read. There are numerous security books that weight a few pounds a use reams of paper, that don't have a fraction of the real content that Beautiful Security has. With other chapters from industry luminaries such as Jim Routh, Randy Sabett, Anton Chuvakin and others, Beautiful Security is a required read.

For those that have an interest in information security or those that are frustrated by it, Beautiful Security is an eye-opening book that will challenge you, and change the way you think about information security. It is a good book for those whose who think information security is simply about deploying hardware, and an even better book for those who truly get information security.

8 people found this helpful

Helpful

Bruno Vernay

This is what computer's security looks like

Reviewed in the United States on May 30, 2011

I like computer security: it is always entertaining and insightful. This book is no exception. It offers a large panorama on Security, as seen from many point of view since this is a collective work.

Advantages:
- You see the subject from different angles
- One or two author maybe boring, the overall content still has value
- It is more like reading many little books on security.
On the other hand:
- You get many introduction and conclusions, that doesn't add much.
- There is no real continuity nor overall aim or message. It is more a collection of essays arranged and formated to look like a "one story".

Some essays are really insightful:
- "Psychological security trap": Is certainly something that you want to be aware of! How developers may think that security isn't a real requirement. It is somehow also the point in "security by design" and "Forcing firms to focus", but with an emphasis on project management and process.
- Security Metrics is also interesting. It resurfaces in many others essays, mostly to warn about the wrong usage of metrics or the usage of wrong metrics.
- The evolution of PGP is nice. It shows how far they have gone with PKI. Now it really looks like a good solution. But as with the Semantic Web, I would say that it is still waiting wide adoption to be useful.
- "Oh no, here comes the Lawyer" should have been even more developed. This is where I feel I lack the most insight.
- Incident detection: This is well known today. But always good to repeat. This is concrete stuff and where we can expect improvement soon.
- "Doing real work without real data" exposes a nice idea. Worth to implement if it fits your use case. There are good references to balance pro and cons.
- Casting spells also exposes a vendor solution. It uses a combination of technics (virtualization, signature + AI) to secure the user's workstation. Again, it may fit some use case.
- Log handling is also certainly a crucial part of the puzzle.
- ... others essays exposes security breaches, Honeyclient, adventures in wireless land ...

The essays target an average reader. It doesn't require any knowledge in programming, cryptography or Network protocols. Still, it will certainly help to have some culture in software development. It raises awarness in many differents aspect related to security.

At first, I really liked the introduction in the book: The idea that too often security is seen from the point of view of the failures, like you look for a car race only waiting to see car crashes. The promise here was to focus on how a good design is as beautiful and enjoyable as a car crash. Well the content shows that it isn't that easy. I guess that it would have been a book on protocol design and application architecture. Subjects much harder to enjoy. Still the intent was good.
To conclude, I would say that this book is what computer's security looks like after all: there is no coherent story. But if you have to write your own security story, you will be better of knowing 16 different essays than a single one.

One person found this helpful

Helpful

Amazon Prime includes:

Buy new: $22.43$22.43 FREE delivery: Saturday, Dec 16 on orders over $35.00 shipped by Amazon. Ships from: Amazon.com Sold by: Amazon.com

Buy used: $15.22

Follow the authors

Beautiful Security: Leading Security Experts Explain How They Think 1st Edition

Purchase options and add-ons

Frequently bought together

Customers who bought this item also bought

Editorial Reviews

About the Author

Product details

Videos

Important information

About the authors

Anton Chuvakin

John Viega

Andrew Oram

Customer reviews

Top reviews from the United States

There was a problem filtering reviews right now. Please try again later.

Buy new:

$22.43

FREE delivery: Saturday, Dec 16 on orders over $35.00 shipped by Amazon.

Ships from: Amazon.com

Sold by: Amazon.com

Buy used:

$15.22