Authors: Andres Andreu.
Paperback, 522 pages
Publisher: Wrox
Publication Date: 2006-07-05


Reviews :

    There is no such thing as "perfect security" when it comes to keeping all systems intact and functioning properly. Good penetration (pen) testing creates a balance that allows a system to be secure while simultaneously being fully functional. With this book, you'll learn how to become an effective penetrator (i.e., a white hat or ethical hacker) in order to circumvent the security features of a Web application so that those features can be accurately evaluated and adequate security precautions can be put in place.

After a review of the basics of web applications, you'll be introduced to web application hacking concepts and techniques such as vulnerability analysis, attack simulation, results analysis, manuals, source code, and circuit diagrams. These web application hacking concepts and techniques will prove useful information for ultimately securing the resources that need your protection.

What you will learn from this book
* Surveillance techniques that an attacker uses when targeting a system for a strike
* Various types of issues that exist within the modern day web application space
* How to audit web services in order to assess areas of risk and exposure
* How to analyze your results and translate them into documentation that is useful for remediation
* Techniques for pen-testing trials to practice before a live project

Who this book is for

This book is for programmers, developers, and information security professionals who want to become familiar with web application security and how to audit it.

Wrox Professional guides are planned and written by working programmers to meet the real-world needs of programmers, developers, and IT professionals. Focused and relevant, they address the issues technology professionals face every day. They provide examples, practical solutions, and expert education in new technologies, all designed to help programmers do a better job....

Authors: Arup Nanda. Donald Burleson.
Paperback, 655 pages
Publisher: Rampant Techpress
Publication Date: 2003-12-01


Reviews :

    ...

Authors:
Paperback, 260 pages
Publisher: Syngress
Publication Date: 2008-02-15


Reviews :

    Originally released in 1996, Netcat is a netowrking program designed to read and write data across both Transmission Control Protocol TCP and User Datagram Protocol (UDP) connections using the TCP/Internet Protocol (IP) protocol suite. Netcat is often referred to as a "Swiss Army knife" utility, and for good reason. Just like the multi-function usefullness of the venerable Swiss Army pocket knife, Netcat's functionality is helpful as both a standalone program and a backe-end tool in a wide range of applications. Some of the many uses of Netcat include port scanning, transferring files, grabbing banners, port listening and redirection, and more nefariously, a backdoor. This is the only book dedicated to comprehensive coverage of the tool's many features, and by the end of this book, you'll discover how Netcat can be one of the most valuable tools in your arsenal.

* Get Up and Running with Netcat Simple yet powerful...Don't let the trouble-free installation and the easy command line belie the fact that Netcat is indeed a potent and powerful program.

* Go PenTesting with Netcat Master Netcat's port scanning and service identification capabilities as well as obtaining Web server application information. Test and verify outbound firewall rules and avoid detection by using antivirus software and the Window Firewall. Also, create a backdoor using Netcat.

* Conduct Enumeration and Scanning with Netcat, Nmap, and More! Netcat's not the only game in town...Learn the process of network of enumeration and scanning, and see how Netcat along with other tools such as Nmap and Scanrand can be used to thoroughly identify all of the assets on your network.

* Banner Grabbing with Netcat Banner grabbing is a simple yet highly effective method of gathering information about a remote target, and can be performed with relative ease with the Netcat utility.

* Explore the Dark Side of Netcat See the various ways Netcat has been used to provide malicious, unauthorized access to their targets. By walking through these methods used to set up backdoor access and circumvent protection mechanisms through the use of Netcat, we can understand how malicious hackers obtain and maintain illegal access. Embrace the dark side of Netcat, so that you may do good deeds later.

* Transfer Files Using Netcat The flexability and simple operation allows Netcat to fill a niche when it comes to moving a file or files in a quick and easy fashion. Encryption is provided via several different avenues including integrated support on some of the more modern Netcat variants, tunneling via third-party tools, or operating system integrated IPsec policies.

* Troubleshoot Your Network with Netcat Examine remote systems using Netat's scanning ability. Test open ports to see if they really are active and see what protocls are on those ports. Communicate with different applications to determine what problems might exist, and gain insight into how to solve these problems.

* Sniff Traffic within a System Use Netcat as a sniffer within a system to collect incoming and outgoing data. Set up Netcat to listen at ports higher than 1023 (the well-known ports), so you can use Netcat even as a normal user.

* Comprehensive introduction to the #4 most popular open source security tool
available
* Tips and tricks on the legitimate uses of Netcat
* Detailed information on its nefarious purposes
* Demystifies security issues surrounding Netcat
* Case studies featuring dozens of ways to use Netcat in daily tasks...

Authors: Eric Larson. Brian Stephens.
Paperback, 567 pages
Publisher: Prentice Hall PTR
Publication Date: 2000-01-09


Reviews :

    Designed as an instruction guide toward building a new Web site, mastering Networks, Web servers, and Web clients, configuration and maintenance of your site, CGI security, and secure online transactions. Softcover. ...

Authors: Rachel Andrew.
Paperback, 376 pages
Publisher: SitePoint
Publication Date: 2004-11-01


Reviews :

    Note: A new edition of this book has been released. Please look for "The CSS Anthology, 2nd Edition" (ISBN: 097584198X)

A practical guide on CSS (Cascading Style Sheets) for professionals and novices, that can be used both as a tutorial and read cover-to-cover or as a handy and practical reference book to common problems, solutions and effects.

The Question and Answer format makes it easy for readers to solve their problems and learn more about common pitfalls and workarounds.

CSS has been growing steadily in its adoption as a technology. CSS gives the developer complete control over how an HTML page looks without using cumbersome HTML tags- truly separating content from presentation. Many major organizations have been adopting CSS technology e.g. www.wired.com....

Authors: Jack Wiles.
Paperback, 448 pages
Publisher: Syngress
Publication Date: 2008-07-18


Reviews :

    Around the world, SCADA (supervisory control and data acquisition) systems and other real-time process control networks run mission-critical infrastructure--everything from the power grid to water treatment, chemical manufacturing to transportation. These networks are at increasing risk due to the move from proprietary systems to more standard platforms and protocols and the interconnection to other networks. Because there has been limited attention paid to security, these systems are seen as largely unsecured and very vulnerable to attack.

This book addresses currently undocumented security issues affecting SCADA systems and overall critical infrastructure protection. The respective co-authors are among the leading experts in the world capable of addressing these related-but-independent concerns of SCADA security. Headline-making threats and countermeasures like malware, sidejacking, biometric applications, emergency communications, security awareness llanning, personnel & workplace preparedness and bomb threat planning will be addressed in detail in this one of a kind book-of-books dealing with the threats to critical infrastructure protection. They collectivly have over a century of expertise in their respective fields of infrastructure protection. Included among the contributing authors are Paul Henry, VP of Technology Evangelism, Secure Computing, Chet Hosmer, CEO and Chief Scientist at Wetstone Technologies, Phil Drake, Telecommunications Director, The Charlotte Observer, Patrice Bourgeois, Tenable Network Security, Sean Lowther, President, Stealth Awareness and Jim Windle, Bomb Squad Commander, CMPD.

* Internationally known experts provide a detailed discussion of the complexities of SCADA security and its impact on critical infrastructure
* Highly technical chapters on the latest vulnerabilities to SCADA and critical infrastructure and countermeasures
* Bonus chapters on security awareness training, bomb threat planning, emergency communications, employee safety and much more
* Companion Website featuring video interviews with subject matter experts offer a "sit-down" with the leaders in the field...

Authors: Stuart McClure. Saumil Shah. Shreeraj Shah.
Paperback, 528 pages
Publisher: Addison-Wesley Professional
Publication Date: 2002-08-18


Reviews :

    In the evolution of hacking, firewalls are a mere speed bump. Hacking continues to develop, becoming ever more sophisticated, adapting and growing in ingenuity as well as in the damage that results. Web attacks running over web ports strike with enormous impact. Stuart McClure's new book focuses on Web hacking, an area where organizations are particularly vulnerable. The material covers the web commerce "playground', describing web languages and protocols, web and database servers, and payment systems. The authors bring unparalleled insight to both well- known and lesser known web vulnerabilities. They show the dangerous range of the many different attacks web hackers harbor in their bag of tricks -- including buffer overflows, the most wicked of attacks, plus other advanced attacks. The book features complete methodologies, including techniques and attacks, countermeasures, tools, plus case studies and web attack scenarios showing how different attacks work and why they work....

Authors: Jesse Liberty. Dan Hurwitz.
Paperback, 1004 pages
Publisher: O'Reilly Media, Inc.
Publication Date: 2003-09-19
Edition: 2

Reviews :

    ASP.NET, successor to Microsoft's Active Server Pages (ASP), is so complete and flexible that a web developer's main difficulty may lie simply in weaving the pieces together for maximum efficiency. The new edition of Programming ASP.NET shows developers how to do just that. Updated for Version 1.1 of the NET framework and Visual Studio .NET 2003, the second edition of this bestselling .NET title will show you how to create dynamic, data-driven web sites and services using both C# and Visual Basic .NET. In Programming ASP.NET, Second Edition authors Jesse Liberty and Dan Hurwitz cover everything you need to know to be effective with ASP.NET. The book includes a comprehensive tutorial on Web Forms, which, in conjunction with Visual Studio .NET 2003, allow you to apply Rapid Application Development techniques (including drag-and-drop control placement) to web development. Programming ASP.NET includes extensive coverage of each type of server control, including Web server controls, HTML server controls, and custom controls. New material covers creating ASP.NET pages for mobile devices. Since most web applications and web services involve retrieving data and returning it to a client browser, Programming ASP.NET Second Edition also offers extensive coverage of data access issues. These include topics such as using ASP.NET's list-bound controls; accessing data using the ADO.NET object model, and updating data with or without transaction support. Programming ASP.NET also discusses such advanced topics as:

• Caching and performance
• Security
• Configuration and deployment

If you're already familiar with Active Server Pages technology, you'll appreciate the in-depth focus and straightforward, easy-to-read approach for developing web pages and web services. Succinct, direct, and loaded with examples, Programming ASP.NET, Second Edition will help users at every level master ASP.NET without getting bogged down in the complexity of its features....

    Suitable for most any programmer who wants to master ASP.NET with an eye toward real-world development, Programming ASP.NET is an excellent resource that mixes good coverage of APIs with actual programming techniques and advice using Visual Basic .NET and C#. The combination places it in the forefront of currently available titles on ASP.NET.

Written in part by veteran computer author Jesse Liberty, this book offers an excellent mix of coverage of important ASP.NET features that you will absolutely need to use for real-world programming. Readers with previous ASP experience will appreciate early sections that compare an older ASP sample with the new ASP.NET to highlight what's new and improved, with good explanation of the ASP.NET event model. The pace of this book is just excellent. The authors first move through the essentials, like basic ASP Web controls and data binding, before delving into data-driven applications using the (slightly complicated) ASP.NET database APIs. It also helps that the authors let you use Notepad (or another text editor) to create your ASP.NET programs first. (Later, they cover the details of Visual Studio .NET, pointing out how this tool can sometimes make it difficult to see where your code is generated.) There's also coverage of debugging and tracing techniques.

Standout sections on the calendar, Repeater, DataList, and DataGrid controls (all presented in good detail) will help you master these important controls. Coverage of techniques and support for validating user input in Web pages will also help you use these essential features.

The author's well-measured tutorial on Web services (much touted by Microsoft) is as good as any. Their demos (using a well-traveled example of a stock ticker server) will show you what all the fuss is about. They cut through the hype here and manage to show why Web services are a potentially better way toward distributed computing. Later sections look at deployment, configuration, and performance (as well as caching) options that you'll need to deploy and run your ASP.NET programs successfully. Coverage of security options in .NET rounds out the tour of what you'll need to create real applications.

Illustrated throughout with samples from VB .NET and C#, Programming ASP.NET is a worthy addition to the O'Reilly lineup and one of the best available titles for learning ASP.NET. The authors have achieved an excellent balance of practical, hands-on examples and essential programming techniques with the most important APIs and features, all without getting bogged down in the richness and complexity of .NET itself. --Richard Dragan

Topics covered: Introduction to the .NET platform and ASP.NET; basic programs in HTML; ASP and ASP.NET compared; events in ASP.NET (application, session, page, and control events); HTML and ASP controls compared; basic ASP controls APIs (including in-depth coverage of calendar support); code behind forms; using the Visual Studio .NET IDE; tracing, debugging, and error handling; validation controls in ASP.NET (including built-in and custom validators, plus regular expression support); basic data-binding techniques; list and DataGrid controls; ADO.NET tutorial (basic APIs and programming techniques); calling stored procedures; updating database records; Repeater and DataList controls used with ADO.NET; custom ASP.NET controls (including derived, composite, and full custom controls); overview of Web services (including SOAP, WSDL, and other standards); creating and consuming a sample Web service for a stock ticker; ASP.NET caching techniques explained (including fragment and object caching); security options in ASP.NET for authentication, authorization, and impersonation; configuration and deployment options in ASP.NET (including XCOPY deployment); and an appendix with a quick tutorial on database design....

Authors: Corey Schou. Daniel Shoemaker.
Paperback, 504 pages
Publisher: Career Education
Publication Date: 2006-09-13
Edition: 1

Reviews :

   

Going beyond the technical coverage of computer and systems security measures, Information Assurance for the Enterprise provides readers an overarching model for information assurance for businesses, government agencies, and other enterprises needing to establish a comprehensive plan. All the components of security and how they relate are featured, and readers will also be shown how an effective security policy can be developed. Topics like asset identification, human factors, compliance with regulations, personnel security, risk assessment and ethical considerations are covered, as well as computer and network security tools and methods.

. .

This is one of the only texts on the market that provides an up-to-date look at the whole range of security and IA topics. In post-9/11 times, managers and IT professionals need to address a wide range of security-related issues, and develop security systems that take all these diverse factors into account. As someone who has worked extensively with the U.S. State Department and other governmental agencies, Corey Schou is uniquely positioned to write the definitive book on the subject; and Daniel Shoemaker is a professor and consultant to the Department of Homeland Security in matters of Information Assurance policy.

....

Authors: Edward J. Coyne. John M. Davis.
Hardcover, 224 pages
Publisher: Artech House Publishers
Publication Date: 2007-11-30
Edition: 1

Reviews :

    Whether you are a manager, engineer, or IT security specialist, this authoritative resource shows you how to define and deploy roles for securing enterprise systems. Written by leading authorities in the field, the book explains how you can build a business case, identify risks, determine project costs, and fully plan and staff a role engineering effort. You find practical techniques that meaningfully define roles and ensure proper assignment of permissions and roles to users.

The book presents tools that enable you to capture permissions and user assignments from existing systems, and analyze user and permission data in scenarios simulating actual system use. Moreover, this practical reference helps you evaluate these tools and decide which ones are right for your own role engineering program. The book also shows how to verify that role structures comply with security policies. You find tips and insights from real-world projects that guarantee you engineer roles strategically and securely....