Do you like buying things on the Internet with your credit card? Think other people wouldn't like buying things with your credit card, too? Have you given out personal information to register for "contests" and "events?" Beware. Sometimes the wizard making the promises is only a little man sitting behind a curtain pulling levers and talking through microphones. The Complete Idiot's Guide to Protecting Yourself Online makes sure that you take the necessary steps and precautions when registering, ordering, or even just conversing on the Internet. Keep people out of your personal life by creating hacker-proof passwords, removing your name from databases, and eliminating a third party's ability to accumulate information about you–such as address, Social Security number, credit card numbers, and more.

Prevent catastrophic network attacks by exposing security flaws, fixing them, and ethically reporting them to the software author. Fully expanded to cover the hacker's latest devious methods, Gray Hat Hacking: The Ethical Hacker's Handbook, Second Edition lays out each exploit alongside line-by-line code samples, detailed countermeasures, and moral disclosure procedures. Find out how to execute effective penetration tests, use fuzzers and sniffers, perform reverse engineering, and find security holes in Windows and Linux applications. You'll also learn how to trap and autopsy stealth worms, viruses, rootkits, adware, and malware.

Beginning where the best-selling book Building Secure Software left off, Software Security teaches you how to put software security into practice.The software security best practices, or touchpoints, described in this book have their basis in good software engineering and involve explicitly pondering security throughout the software development lifecycle. This means knowing and understanding common risks (including implementation bugsand architectural flaws), designing for security, and subjecting all software artifacts to thorough, objective risk analyses and testing.

Apache can be hacked. As companies have improved perimeter security, hackers have increasingly focused on attacking Apache Web servers and Web applications. Firewalls and SSL won’t protect you: you must systematically harden your Web application environment. Preventing Web Attacks with Apache brings together all the information you’ll need to do that: step-by-step guidance, hands-on examples, and tested configuration files.

Building on his groundbreaking SANS presentations on Apache security, Ryan C. Barnett reveals why your Web servers represent such a compelling target, how significant exploits are performed, and how they can be defended against. Exploits discussed include: buffer overflows, denial of service, attacks on vulnerable scripts and programs, credential sniffing and spoofing, client parameter manipulation, brute force attacks, web defacements, and more.

Master One of Today’s Most Powerful Techniques for Revealing Security Flaws!

Fuzzing has evolved into one of today’s most effective approaches to test software security. To “fuzz,” you attach a program’s inputs to a source of random data, and then systematically identify the failures that arise. Hackers have

relied on fuzzing for years: Now, it’s your turn. In this book, renowned fuzzing experts show you how to use fuzzing to reveal weaknesses in your software before someone else does.

Fuzzing is the first and only book to cover fuzzing from start to finish, bringing disciplined best practices to a technique that has traditionally been implemented informally. The authors begin by reviewing how fuzzing works and outlining its crucial advantages over other security testing methods. Next, they introduce state-of-the-art fuzzing techniques for finding vulnerabilities in network protocols, file formats, and web applications; demonstrate the use of automated fuzzing tools; and present several insightful case histories showing fuzzing at work.

For a long time, there has been a need for a practical, down-to-earth developers book for the Java Cryptography Extension. I am very happy to see there is now a book that can answer many of the technical questions that developers, managers, and researchers have about such a critical topic. I am sure that this book will contribute greatly to the success of securing Java applications and deployments for e-business. –Anthony Nadalin, Java Security Lead Architect, IBM

For many Java developers and software engineers, cryptography is an "on-demand" programming exercise, where cryptographic concepts are shelved until the next project requires renewed focus. But considerations for cryptography must be made early on in the design process and its imperative that developers know what kinds of solutions exist.

One of Javas solutions to help bridge the gap between academic research and real-world problem solving comes in the form of a well-defined architecture for implementing cryptographic solutions. However, to use the architecture and its extensions, it is important to recognize the pros and cons of different cryptographic algorithms and to know how to implement various devices like key agreements, digital signatures, and message digests, to name a few.

Ensuring secure transmission and good quality of service (QoS) in ad hoc wireless networks are key commercial concerns. Focusing on practical potential solutions, this text covers security and QoS in these networks. Starting with a review of the basic principles of ad hoc wireless networking, coverage progresses to vulnerabilities, and the requirements and solutions necessary to tackle them. QoS in relation to ad hoc networks is covered in detail, with specific attention to routing, QoS support in unicast communication, and recent developments in the area. Secure routing, intrusion detection, security in WiMax networks and trust management are also covered, the latter being based on principles and practice of key management and authentication in distributed networks. Representing the state-of-the-art in ad hoc wireless network security, this book is a valuable resource for researchers in electrical and computer engineering, as well as practitioners in the wireless communications industry.