Authors: Brad Ediger.
Paperback, 357 pages
Publisher: O'Reilly Media, Inc.
Publication Date: 2008-01-11


Reviews :

    Ready to go to the next level with Rails? From examining the parts of Ruby that make this framework possible to deploying large Rails applications, Advanced Rails offers you an in-depth look at techniques for dealing with databases, security, performance, web services and much more. Chapters in this book help you understand not only the tricks and techniques used within the Rails framework itself, but also how to make use of ideas borrowed from other programming paradigms. Advanced Rails pays particular attention to building applications that scale -- whether "scale" means handling more users, or working with a bigger and more complex database. You'll find plenty of examples and code samples that explain: Aspects of Ruby that are often confusing or misunderstood Metaprogramming How to develop Rails plug-ins Different database management systems Advanced database features, including triggers, rules, and stored procedures How to connect to multiple databases When to use the Active Support library for generic, reusable functions Security principles for web application design, and security issues endemic to the Web When and when not to optimize performance Why version control and issue tracking systems are essential to any large or long-lived Rails project Advanced Rails also gives you a look at REST for developing web services, ways to incorporate and extend Rails, how to use internationalization, and many other topics. If you're just starting out with rails, or merely experimenting with the framework, this book is not for you. But if you want to improve your skills with Rails through advanced techniques, this book is essential....

Authors: Chris Davis. Mike Schiller. Kevin Wheeler.
Paperback, 387 pages
Publisher: McGraw-Hill Osborne Media
Publication Date: 2006-12-22
Edition: 1

Reviews :

    Protect Your Systems with Proven IT Auditing Strategies

 "A must-have for auditors and IT professionals."  -Doug Dexter, CISSP-ISSMP, CISA, Audit Team Lead, Cisco Systems, Inc.

Plan for and manage an effective IT audit program using the in-depth information contained in this comprehensive resource. Written by experienced IT audit and security professionals, IT Auditing: Using Controls to Protect Information Assets covers the latest auditing tools alongside real-world examples, ready-to-use checklists, and valuable templates. Inside, you'll learn how to analyze Windows, UNIX, and Linux systems; secure databases; examine wireless networks and devices; and audit applications. Plus, you'll get up-to-date information on legal standards and practices, privacy and ethical issues, and the CobiT standard. 

Build and maintain an IT audit function with maximum effectiveness and value

• Implement best practice IT audit processes and controls
• Analyze UNIX-, Linux-, and Windows-based operating systems
• Audit network routers, switches, firewalls, WLANs, and mobile devices
• Evaluate entity-level controls, data centers, and disaster recovery plans
• Examine Web servers, platforms, and applications for vulnerabilities
• Review databases for critical controls
• Use the COSO, CobiT, ITIL, ISO, and NSA INFOSEC methodologies
• Implement sound risk analysis and risk management practices
• Drill down into applications to find potential control weaknesses

...

Authors: Michal Zalewski.
Paperback, 312 pages
Publisher: No Starch Press
Publication Date: 2005-04-15


Reviews :

    Author Michal Zalewski has long been known and respected in the hacking and security communities for his intelligence, curiosity and creativity, and this book is truly unlike anything else out there. In Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks, Zalewski shares his expertise and experience to explain how computers and networks work, how information is processed and delivered, and what security threats lurk in the shadows. No humdrum technical white paper or how-to manual for protecting one’s network, this book is a fascinating narrative that explores a variety of unique, uncommon and often quite elegant security challenges that defy classification and eschew the traditional attacker-victim model....

Authors: Wallace Wang.
Paperback, 384 pages
Publisher: No Starch Press
Publication Date: 2006-04-15
Edition: 4

Reviews :

    This offbeat, non-technical book examines what hackers do, how they do it, and how readers can protect themselves. Informative, irreverent, and entertaining, the completely revised fourth edition of Steal This Computer Book contains new chapters that discuss the hacker mentality, lock picking, exploiting P2P file sharing networks, and how people manipulate search engines and pop-up ads. Includes a CD with hundreds of megabytes of hacking and security-related programs that tie in to each chapter in the book....

    If ever a book on cyberculture wore a fedora and trench coat and leaned against a lamppost on a foggy street, this is the one. It is an unabashed look at the dark side of the Net--the stuff many other books gloss over. It's hard-edged, wisecracking, and often quite cynical as it pours over the reality of online scams, illegal activities, and simple annoyances.

Wang's stated goal is to open the reader's eyes about what's really there. He shows what's being done, how it's being done, and how to avoid problems or even strike back. He begins with a chapter about the news media, and his message is that no source is to be trusted completely. He examines issues important to Internet users: the cost of getting computerized (with tips on how to find the real bargains), who is using the Internet as a source of hate information, and how your privacy can be invaded and protected.

He shows you the secrets of malicious hackers and others and how some of them attack computer systems without the ethical mindset typical of the original, idealistic hackers. Wang shows you how you can set up your defenses against such an onslaught, discussing how to protect yourself and your kids from online stalkers and how online con games work.

Wang never claims that the Internet is the electronic den of darkness that the pop media make it out to be. But he makes it clear that something this big has its lowlights--it's own "net noir." His messages are "know your enemy" and "be careful who you trust," an ideology verified by the examples he provides. --Elizabeth Lewis ...

Authors: Angela Orebaugh. Gilbert Ramirez. Jay Beale.
Paperback, 552 pages
Publisher: Syngress
Publication Date: 2006-09-01


Reviews :

    Ethereal Network Protocol Analyzer Toolkit provides the reader with a completely integrated book and companion Web site to analyze network traffic using Ethereal, the world's most popular network protocol analyzer on Windows, Unix, and Apple OS X. This book covers everything from the fundamentals of protocol analysis, to analyzing real world malicious code to programming advanced protocol dissectors. The companion Web site for the book offers dozens of working tools and scripts created for this book. This book provides complete information and step-by-step Instructions for analyzing protocols and network traffic on Windows, Unix or Mac OS X networks. First, readers will learn about the types of sniffers available today and see the benefits of using Ethereal. Readers will then learn to install Ethereal in multiple environments including Windows, Unix and Mac OS X as well as building Ethereal from source and will also be guided through Ethereal's graphical user interface. The following sections will teach readers to use command-line options of Ethereal as well as using Tethereal to capture live packets from the wire or to read saved capture files. This section also details how to import and export files between Ethereal and WinDump, Snort, Snoop, Microsoft Network Monitor, and EtherPeek. The book then teaches the reader to master advanced tasks such as creating sub-trees, displaying bitfields in a graphical view, tracking requests and reply packet pairs as well as exclusive coverage of MATE, Ethereal's brand new configurable upper level analysis engine. The final section to the book teaches readers to enable Ethereal to read new Data sources, program their own protocol dissectors, and to create and customize Ethereal reports....

Authors: Chris Shiflett.
Paperback, 124 pages
Publisher: O'Reilly Media, Inc.
Publication Date: 2005-10-13
Edition: 1

Reviews :

    Being highly flexible in building dynamic, database-driven web applications makes the PHP programming language one of the most popular web development tools in use today. It also works beautifully with other open source tools, such as the MySQL database and the Apache web server. However, as more web sites are developed in PHP, they become targets for malicious attackers, and developers need to prepare for the attacks.

Security is an issue that demands attention, given the growing frequency of attacks on web sites. Essential PHP Security explains the most common types of attacks and how to write code that isn't susceptible to them. By examining specific attacks and the techniques used to protect against them, you will have a deeper understanding and appreciation of the safeguards you are about to learn in this book.

In the much-needed (and highly-requested) Essential PHP Security, each chapter covers an aspect of a web application (such as form processing, database programming, session management, and authentication). Chapters describe potential attacks with examples and then explain techniques to help you prevent those attacks.

Topics covered include:

• Preventing cross-site scripting (XSS) vulnerabilities
• Protecting against SQL injection attacks
• Complicating session hijacking attempts

You are in good hands with author Chris Shiflett, an internationally-recognized expert in the field of PHP security. Shiflett is also the founder and President of Brain Bulb, a PHP consultancy that offers a variety of services to clients around the world.

...

Authors: Paco Hope. Ben Walther.
Paperback, 312 pages
Publisher: O'Reilly Media, Inc.
Publication Date: 2008-10-28
Edition: 1

Reviews :

    Among the tests you perform on web applications, security testing is perhaps the most important, yet it's often the most neglected. The recipes in the Web Security Testing Cookbook demonstrate how developers and testers can check for the most common web security issues, while conducting unit tests, regression tests, or exploratory tests. Unlike ad hoc security assessments, these recipes are repeatable, concise, and systematic-perfect for integrating into your regular test suite. Recipes cover the basics from observing messages between clients and servers to multi-phase tests that script the login and execution of web application features. By the end of the book, you'll be able to build tests pinpointed at Ajax functions, as well as large multi-step tests for the usual suspects: cross-site scripting and injection attacks. This book helps you: Obtain, install, and configure useful-and free-security testing tools Understand how your application communicates with users, so you can better simulate attacks in your tests Choose from many different methods that simulate common attacks such as SQL injection, cross-site scripting, and manipulating hidden form fields Make your tests repeatable by using the scripts and examples in the recipes as starting points for automated tests

Don't live in dread of the midnight phone call telling you that your site has been hacked. With Web Security Testing Cookbook and the free tools used in the book's examples, you can incorporate security coverage into your test suite, and sleep in peace....

Authors: Paul Hudson.
Paperback, 370 pages
Publisher: O'Reilly Media, Inc.
Publication Date: 2005-10-13


Reviews :

    Now installed on more than 20 million Internet domains around the world, PHP is an undisputed leader in web programming languages. Database connectivity, powerful extensions, and rich object-orientation are all reasons for its popularity, but nearly everyone would agree that, above all, PHP is one of the easiest languages to learn and use for developing dynamic web applications. The ease of development and simplicity of PHP, combined with a large community and expansive repository of open source PHP libraries, make it a favorite of web designers and developers worldwide.

"PHP in a Nutshell" is a complete reference to the core of the language as well as the most popular PHP extensions. This book doesn't try to compete with or replace the widely available online documentation. Instead, it is designed to provide depth and breadth that can't be found elsewhere. "PHP in a Nutshell" provides the maximum information density on PHP, without all the fluff and extras that get in the way. The topic grouping, tips, and examples in this book complement the online guide and make this an essential reference for every PHP programmer. This book focuses on the functions commonly used by a majority of developers, so you can look up the information you need quickly. Topics include:

Object-oriented PHP

Networking

String manipulation

Working with files

Database interaction

XML

Multimedia creation

Mathematics

Whether you're just getting started or have years of experience in PHP development, "PHP in a Nutshell" is a valuable addition to your desk library....

Authors: Richard Deal.
Paperback, 1032 pages
Publisher: Cisco Press
Publication Date: 2005-12-25


Reviews :

   

Use Cisco concentrators, routers, Cisco PIX and Cisco ASA security appliances, and remote access clients to build a complete VPN solution

 

• A complete resource for understanding VPN components and VPN design issues
• Learn how to employ state-of-the-art VPN connection types and implement complex VPN configurations on Cisco devices, including routers, Cisco PIX and Cisco ASA security appliances, concentrators, and remote access clients
• Discover troubleshooting tips and techniques from real-world scenarios based on the author’s vast field experience
• Filled with relevant configurations you can use immediately in your own network

 

With increased use of Internet connectivity and less reliance on private WAN networks, virtual private networks (VPNs) provide a much-needed secure method of transferring critical information. As Cisco Systems® integrates security and access features into routers, firewalls, clients, and concentrators, its solutions become ever more accessible to companies with networks of all sizes. The Complete Cisco VPN Configuration Guide contains detailed explanations of all Cisco® VPN products, describing how to set up IPsec and Secure Sockets Layer (SSL) connections on any type of Cisco device, including concentrators, clients, routers, or Cisco PIX® and Cisco ASA security appliances. With copious configuration examples and troubleshooting scenarios, it offers clear information on VPN implementation designs.

 

Part I, “VPNs,” introduces the topic of VPNs and discusses today’s main technologies, including IPsec. It also spends an entire chapter on SSL VPNs, the newest VPN technology and one that Cisco has placed particular emphasis on since 2003. Part II, “Concentrators,” provides detail on today’s concentrator products and covers site-to-site and remote-access connection types with attention on IPsec and WebVPN. Part III covers the Cisco VPN Client versions 3.x and 4.x along with the Cisco3002 Hardware Client. Cisco IOS® routers are the topic of Part IV, covering scalable VPNs with Dynamic Multipoint VPN, router certificate authorities, and router remote access solutions. Part V explains Cisco PIX and Cisco ASA security appliances and their roles in VPN connectivity, including remote access and site-to-site connections. In Part VI, a case study shows how a VPN solution is best implemented in the real world using a variety of Cisco VPN products in a sample network.

 

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

 

...

Authors: Max Schubert. Derrick Bennett. Jonathan Gines. Andrew Hay. John Strand.
Paperback, 348 pages
Publisher: Syngress
Publication Date: 2008-06-02
Edition: 1st

Reviews :

    Nagios is an Open Source network, hardware, and application monitoring program. It is designed to inform system administrators of problems on their networks before their clients, end-users or managers do. Nagios is a SysAdmin's best friend. Nagios is installed on over 300,000 machines worldwide, and truly is a global product: approximately 25.6% of users are in the U.S., and 30% in EMEA. Nagios can monitor everything from network bandwidth to the temperature and humidity in a server room. SysAdmins are able to use Nagios for such a variety of purposes through custom software "plug ins" and third party hardware. SysAdmins customize these plug ins instructing Nagios to monitor the servers, applications, or devices that are most critical to their network infrastructure. These plug ins also allow SysAdmins to integrate Nagios with other monitoring devices and applications like Snort and Wireshark. Nagios can also be fully integrated with third party environmental monitoring devices and remote power supplies. When Nagios detects a problem, it can notify the SysAdmin in a variety of different ways (email, instant message, SMS, etc.). Current status information, historical logs, and reports can all be accessed via a web browser. Nagios could send a text message to a SysAdmin sitting on his couch at home that the temperature in the server room is too hot and could potentially damage the equipment. The SysAdmin can then check the status of the server from home using his Nagios Web interface, and then coordinate with the appropriate facility management personnel to check the air conditioning in the server room. This is merely one example of Nagios? capabilities. The same scenario could be applied to an overloaded Exchange server, a router being pounded by a Denial of Service Attack, or a user accessing or downloading unauthorized materials.

* Contains complete case study on deploying Nagios in an enterprise environment.
* Companion Web site offers 100 working Scripts for customizing Nagios plug-ins.
* Helps organizations adhere to federally mandated compliance regulations such as Sarbanes Oxley, or HIPAA.
* Details how to integrate Nagios with third-party hardware....