Author(s): Joel, Scambray, Mike Shema
Publisher: MCGraw-Hill
Year: 2002
ISBN: 0-07-222438-X
Language: English
File type: PDF
Pages: 415
Size (for download): 4.04 MB

Defend against the latest Web-based attacks by looking at your Web applications through the eyes of a malicious intruder. Fully revised and updated to cover the latest Web exploitation techniques, Hacking Exposed Web Applications, Second Edition shows you, step-by-step, how cyber-criminals target vulnerable sites, gain access, steal critical data, and execute devastating attacks. All of the cutting-edge threats and vulnerabilities are covered in full detail alongside real-world examples, case studies, and battle-tested countermeasures from the authors’ experiences as gray hat security professionals.
- Find out how hackers use infrastructure and application profiling to perform reconnaissance and enter vulnerable systems
- Get details on exploits, evasion techniques, and countermeasures for the most popular Web platforms, including IIS, Apache, PHP, and ASP.NET
- Learn the strengths and weaknesses of common Web authentication mechanisms, including password-based, multifactor, and single sign-on mechanisms like Passport
- See how to excise the heart of any Web application’s access controls through advanced session analysis, hijacking, and fixation techniques
- Find and fix input validation flaws, including cross-site scripting (XSS), SQL injection, HTTP response splitting, encoding, and special character abuse
- Get an in-depth presentation of the newest SQL injection techniques, including blind attacks, advanced exploitation through subqueries, Oracle exploits, and improved countermeasures
- Learn about the latest XML Web Services hacks, Web management attacks, and DDoS attacks, including click fraud
- Tour Firefox and IE exploits, as well as the newest socially-driven client attacks like phishing and adware

This concise, high-end guide shows experienced administrators how to customize and extend popular open source security tools such as Nikto, Ettercap, and Nessus. It also addresses port scanners, packet injectors, network sniffers, and web assessment tools. Network Security Tools is the one resource you want at your side when locking down your network.If you’re an advanced security professional, then you know that the battle to protect online privacy continues to rage on. Security chat rooms, especially, are resounding with calls for vendors to take more responsibility to release products that are more secure. In fact, with all the information and code that is passed on a daily basis, it’s a fight that may never end.

Fortunately, there are a number of open source security tools that give you a leg up in the battle. Often a security tool does exactly what you want, right out of the box. More frequently, you need to customize the tool to fit the needs of your network structure. Network Security Tools shows experienced administrators how to modify, customize, and extend popular open source security tools such as Nikto, Ettercap, and Nessus. This concise, high-end guide discusses the common customizations and extensions for these tools, then shows you how to write even more specialized attack and penetration reviews that are suited to your unique network environment. It also explains how tools like port scanners, packet injectors, network sniffers, and web assessment tools function. Some of the topics covered include:
- Writing your own network sniffers and packet injection tools
- Writing plugins for Nessus, Ettercap, and Nikto
- Developing exploits for Metasploit
- Code analysis for web applications
- Writing kernel modules for security applications, and understanding rootkits

Security 5 is an entry level program for anyone interested in learning computer security fundamentals. The Security 5 program gives individuals basic security literacy skills to protect themselves from the daily threats of the Internet. It is an ideal program for knowledge workers and anyone wanting to gain working knowledge of networking and computer security.

Experience Level: Beginner Through Advanced
Running Time: 24 Hrs, 3 DVD (ROM)
Project Files: Included
This training series produced in HD includes over 24 hours of indexed tutorials on the industry’s most advanced authoring environment for creating interactive web sites. You will dramatically expand your knowledge of Flash and its extensive capabilities.

A good defense starts with a thorough understanding of your opponent’s offense. Hackers Beware teaches you how hackers think, what tools they use, and the techniques they utilize to compromise a machine. Eric Cole, a leading expert in information security, shows you not only how to detect these attacks, but what you can do to protect yourself against them. When it comes to securing your site, knowledge is power. This book gives you the knowledge to build a proper defense against attackers.With so much going on in regard to network security (or the lack thereof), a book on this topic almost needs no introduction. Less than 10 years ago, most people didn’t even know what the Internet or email was. To take a further step back, most people did not even have computers at work or home, and some even questioned their usefulness. Things have really changed. As I am writing this, the Carousel of Progress ride at Disney World goes through my mind. Things that we considered science fiction a decade ago are not only a reality, but an engrained part of our life. Heck, if the dedicated line at my house goes down for more than 30 minutes, my wife is screaming at me to fix it. This is truly the age of computers.

Bignum math is the backbone of modern computer security algorithms. It is the ability to work with hundred-digit numbers efficiently using techniques that are both elegant and occasionally bizarre. This book introduces the reader to the concept of bignum algorithms and proceeds to build an entire library of functionality from the ground up. Through the use of theory, pseudo-code and actual fielded C source code the book explains each and every algorithm that goes into a modern bignum library. Excellent for the student as a learning tool and practitioner as a reference alike BigNum Math is for anyone with a background in computer science who has taken introductory level mathematic courses. The text is for students learning mathematics and cryptography as well as the practioner who needs a reference for any of the algorithms documented within.

Wireless connectivity is now a reality in most businesses. Yet by its nature, wireless networks are the most difficult to secure and are often the favorite target of intruders. Some of the primary threats are the result of the following factors:

• Denial of service (DoS) and other network layer attacks
• Unauthorized access across the perimeter and within the organization Application layer intrusions and attacks, both from within and outside the network Extended connectivity through remote access and extranets
• An increase in unmanaged or ill-managed endpoint devices
• New applications like VoIP, instant messaging, and peer-to-peer

This book provides the busy network administrator with best-practice solutions address these threats and to maintain a secure and accessible wireless network. The book endorses the principle that the best strategy is to deploy multiple layers of security, each reinforcing the other. Yet it never strays from its emphasis on the practical; that any tool or methodology that is deployed must work reliably, allow sufficient access, and require a minimal amount of maintenance.

Reposted due to requests

Scott Kelby, the best-selling Photoshop author in the world today, once again takes this book to a whole new level as he uncovers the latest, most important and most exciting new Adobe Photoshop CS2 techniques for digital photographers.This major update to this award-winning, record-breaking book does something for digital photographers that’s never been done beforeit cuts through the bull and shows you exactly “how to do it.” It’s not a bunch of theory; it doesn’t challenge you to come up with your own settings or figure it out on your own. Instead, Scott shows you step-by-step the exact techniques used by today’s cutting-edge digital photographers and, best of all, he shows you, flat-out, exactly which settings to use, when to use them, and why. That’s why the previous version of this book took the digital photography world by storm.But now, his new CS2, version is even bigger, even better, and exposes even more of the pros most closely guarded secrets, including a special chapter which shows, for the first time ever, step-by-step how to how to set-up Photoshop’s color management. He does it by throwing out all the theory, all the techno-babble, and all the confusing charts and graphs and instead just shows you exactly what you need to do (and nothing more).LEARN HOW THE PROS DO ITEach year Scott trains thousands of professional photographers how to use Photoshop, and almost without exception they have the same questions, the same problems, and the same challengesand that’s exactly what he covers in this book. You’ll learn: The sharpening techniques the pros really use (there’s an entire chapter on just this!) The pros tricks for fixing the most common digital photo problems fast! The step-by-step set-up for getting what comes out of your printer to match exactly what you saw on screen The retouching secrets of how the pros retouch portraits How to process raw digital camera images (plus how to take advantage of all the new Camera Raw features of CS2!) How to color correct any photo without breaking a sweat (you’ll be amazed at how easy it isonce you know the secret) A whole chapter on the latest, most requested Photoshop special effects How to reduce noise, deal with lens problems, avoid halos, and more How to show your work like a pro! Plus a host of shortcuts, workarounds, and slick “insider” tricks to send your productivity through the roof!If you’re a digital photographer and you’re ready to learn the “tricks of the trade”the same ones that today’s leading pros use to correct, edit, sharpen, retouch, and present their work, then this is the book for you.

Maximum Security, Third Edition provides comprehensive, platform-by-platform coverage of security issues and includes clear, to the point descriptions of the most common techniques hackers use to penetrate systems. In one book, security managers and others interested in computer and network security can learn everything the hackers already know, and then take steps to protect their systems.

Penetration testing is one of those odd jobs you typically hear little about—it is like a black art, and can come with not only smoke and mirrors but, for the pen tester, any number of trap doors and blind alleys. Bits and pieces of penetration testing have made it into the mainstream media, culminating in the classic hacker-fave film Sneakers, starring Robert Redford, Sidney Poitier, and a host of other stars. And while plenty seems to be written about hacking and gaining access to systems, there has been nothing written that really speaks to the art of penetration testing.

Like most other high tech jobs portrayed in the movies, pen testing is not as glamorous as most people think. Oh sure, there are exciting moments, such as when the first system belonging to the target is penetrated, but it is actually hard work. Comparatively, a typical intruder’s job is easy.

A regular electronic intruder has to find only one hole into an organization’s computers, but a pen tester has to find them all. This is not only somewhat tedious and even boring at times, it is very important. The intruder probably does not care about such things as accidentally damaging systems, or wiping log files to hide his presence. The pen tester is trying to keep from disrupting normal business, preserve records and logs, yet still trying to move about unnoticed. In other words, to be a pen tester you have to have not only all of the intruder techniques possible, but also understand system administration as well as corporate life in general. Not an easy task.