Authors: Maik Schmidt.
Paperback, 425 pages
Publisher: Pragmatic Bookshelf
Publication Date: 2008-11-17


Reviews :

    Enterprise Recipes with Ruby and Rails helps you to overcome typical obstacles hidden in every enterprise's infrastructure. It doesn't matter if your Rails application needs to access your company's message-oriented middleware or if it has to scan through tons of huge XML documents to get a missing piece of data. Ruby and Rails enable you to create solutions that are both elegant and efficient.

With more than 50 concise, targeted recipes, this book shows you how to use existing infrastructure to develop effectively for the enterprise. For example, Ruby is an excellent language for manipulating both textual and binary data. This is enormously useful, because typical enterprise software is about storing and processing huge amounts of data. You'll learn how to process data in various popular data formats such as XML, CSV, fixed length records, and JSON.

This book covers the whole spectrum of distributed application technologies, ranging from simple socket-based servers to full-blown Service Oriented Architectures. In addition, Ruby is a perfect ally when you have to integrate with RESTful and SOAP services, or when you have to access message-oriented middleware. It even helps you to reuse your existing C/C , Java, or .NET code with ease.

Since the advent of the Web, many enterprises have opened their internal services to the outside world to participate in the rapidly growing world of e-commerce. As an enterprise programmer you'd better learn how to use existing payment gateways and how to implement security mechanisms to protect your company's data and your customers' privacy, and this book shows you how.

Enterprise programming is not only about developing huge software projects but also about maintaining and operating them. You'll save a lot of valuable time if you document your software (of course, automatically) and automate tedious and recurring tasks, such as monitoring your servers and testing your programs. Enterprise Recipes with Ruby and Rails covers these major enterprise concerns, giving you tools and knowledge you'll turn to over and over....

Authors: Bryan Burns. Jennifer Granick. Steve Manzuik. Paul Guersch . Dave Killion. Nicolas Beauchesne. Eric Moret. Julien Sobrier. Michael Lynn. Eric Markham. Chris Iezzoni. Philippe Biondi.
Paperback, 856 pages
Publisher: O'Reilly Media, Inc.
Publication Date: 2007-08-27


Reviews :

    What if you could sit down with some of the most talented security engineers in the world and ask any network security question you wanted? Security Power Tools lets you do exactly that! Members of Juniper Networks' Security Engineering team and a few guest experts reveal how to use, tweak, and push the most popular network security applications, utilities, and tools available using Windows, Linux, Mac OS X, and Unix platforms. Designed to be browsed, Security Power Tools offers you multiple approaches to network security via 23 cross-referenced chapters that review the best security tools on the planet for both black hat techniques and white hat defense tactics. It's a must-have reference for network administrators, engineers and consultants with tips, tricks, and how-to advice for an assortment of freeware and commercial tools, ranging from intermediate level command-line operations to advanced programming of self-hiding exploits. Security Power Tools details best practices for: Reconnaissance -- including tools for network scanning such as nmap; vulnerability scanning tools for Windows and Linux; LAN reconnaissance; tools to help with wireless reconnaissance; and custom packet generation Penetration -- such as the Metasploit framework for automated penetration of remote computers; tools to find wireless networks; exploitation framework applications; and tricks and tools to manipulate shellcodes Control -- including the configuration of several tools for use as backdoors; and a review of known rootkits for Windows and Linux Defense -- including host-based firewalls; host hardening for Windows and Linux networks; communication security with ssh; email security and anti-malware; anddevice security testing Monitoring -- such as tools to capture, and analyze packets; network monitoring with Honeyd and snort; and host monitoring of production servers for file changes Discovery -- including The Forensic Toolkit, SysInternals and other popular forensic tools; application fuzzer and fuzzing techniques; and the art of binary reverse engineering using tools like Interactive Disassembler and Ollydbg A practical and timely network security ethics chapter written by a Stanford University professor of law completes the suite of topics and makes this book a goldmine of security information. Save yourself a ton of headaches and be prepared for any network security dilemma with Security Power Tools....

Authors: Joel Scambray.
Paperback, 451 pages
Publisher: McGraw-Hill Osborne Media
Publication Date: 2007-12-04
Edition: 3

Reviews :

   

The latest Windows security attack and defense strategies

"Securing Windows begins with reading this book." --James Costello (CISSP) IT Security Specialist, Honeywell

Meet the challenges of Windows security with the exclusive Hacking Exposed "attack-countermeasure" approach. Learn how real-world malicious hackers conduct reconnaissance of targets and then exploit common misconfigurations and software flaws on both clients and servers. See leading-edge exploitation techniques demonstrated, and learn how the latest countermeasures in Windows XP, Vista, and Server 2003/2008 can mitigate these attacks. Get practical advice based on the authors' and contributors' many years as security professionals hired to break into the world's largest IT infrastructures. Dramatically improve the security of Microsoft technology deployments of all sizes when you learn to:

• Establish business relevance and context for security by highlighting real-world risks
• Take a tour of the Windows security architecture from the hacker's perspective, exposing old and new vulnerabilities that can easily be avoided
• Understand how hackers use reconnaissance techniques such as footprinting, scanning, banner grabbing, DNS queries, and Google searches to locate vulnerable Windows systems
• Learn how information is extracted anonymously from Windows using simple NetBIOS, SMB, MSRPC, SNMP, and Active Directory enumeration techniques
• Prevent the latest remote network exploits such as password grinding via WMI and Terminal Server, passive Kerberos logon sniffing, rogue server/man-in-the-middle attacks, and cracking vulnerable services
• See up close how professional hackers reverse engineer and develop new Windows exploits
• Identify and eliminate rootkits, malware, and stealth software
• Fortify SQL Server against external and insider attacks
• Harden your clients and users against the latest e-mail phishing, spyware, adware, and Internet Explorer threats
• Deploy and configure the latest Windows security countermeasures, including BitLocker, Integrity Levels, User Account Control, the updated Windows Firewall, Group Policy, Vista Service Refactoring/Hardening, SafeSEH, GS, DEP, Patchguard, and Address Space Layout Randomization

...

Authors: Billy Hoffman. Bryan Sullivan.
Paperback, 504 pages
Publisher: Addison-Wesley Professional
Publication Date: 2007-12-16
Edition: 1

Reviews :

   

The Hands-On, Practical Guide to Preventing Ajax-Related Security Vulnerabilities

 

More and more Web sites are being rewritten as Ajax applications; even traditional desktop software is rapidly moving to the Web via Ajax. But, all too often, this transition is being made with reckless disregard for security. If Ajax applications aren’t designed and coded properly, they can be susceptible to far more dangerous security vulnerabilities than conventional Web or desktop software. Ajax developers desperately need guidance on securing their applications: knowledge that’s been virtually impossible to find, until now.

            Ajax Security systematically debunks today’s most dangerous myths about Ajax security, illustrating key points with detailed case studies of actual exploited Ajax vulnerabilities, ranging from MySpace’s Samy worm to MacWorld’s conference code validator. Even more important, it delivers specific, up-to-the-minute recommendations for securing Ajax applications in each major Web programming language and environment, including .NET, Java, PHP, and even Ruby on Rails. You’ll learn how to:

 

·        Mitigate unique risks associated with Ajax, including overly granular Web services, application control flow tampering, and manipulation of program logic

·        Write new Ajax code more safely—and identify and fix flaws in existing code

·        Prevent emerging Ajax-specific attacks, including JavaScript hijacking and persistent storage theft

·        Avoid attacks based on XSS and SQL Injection—including a dangerous SQL Injection variant that can extract an entire backend database with just two requests

·        Leverage security built into Ajax frameworks like Prototype, Dojo, and ASP.NET AJAX Extensions—and recognize what you still must implement on your own

·        Create more secure “mashup” applications

 

Ajax Security will be an indispensable resource for developers coding or maintaining Ajax applications; architects and development managers planning or designing new Ajax software, and all software security professionals, from QA specialists to penetration testers.

...

Authors: Yusuf Bhaiji.
Paperback, 840 pages
Publisher: Cisco Press
Publication Date: 2008-03-30
Edition: 1

Reviews :

   

CCIE Professional Development

Network Security Technologies and Solutions

 

A comprehensive, all-in-one reference for Cisco network security

 

Yusuf Bhaiji, CCIE No. 9305

 

Network Security Technologies and Solutions is a comprehensive reference to the most cutting-edge security products and methodologies available to networking professionals today. This book helps you understand and implement current, state-of-the-art network security technologies to ensure secure communications throughout the network infrastructure.

 

With an easy-to-follow approach, this book serves as a central repository of security knowledge to help you implement end-to-end security solutions and provides a single source of knowledge covering the entire range of the Cisco network security portfolio.  The book is divided into five parts mapping to Cisco security technologies and solutions: perimeter security, identity security and access management, data privacy, security monitoring, and security management. Together, all these elements enable dynamic links between customer security policy, user or host identity, and network infrastructures.

 

With this definitive reference, you can gain a greater understanding of the solutions available and learn how to build integrated, secure networks in today’s modern, heterogeneous networking environment. This book is an excellent resource for those seeking a comprehensive reference on mature and emerging security tactics and is also a great study guide for the CCIE Security exam.

 

“Yusuf’s extensive experience as a mentor and advisor in the security technology field has honed his ability to translate highly technical information into a straight-forward, easy-to-understand format. If you’re looking for a truly comprehensive guide to network security, this is the one! ”

–Steve Gordon, Vice President, Technical Services, Cisco

 

Yusuf Bhaiji, CCIE No. 9305 (R&S and Security), has been with Cisco for seven years and is currently the program manager for Cisco CCIE Security certification. He is also the CCIE Proctor in the Cisco Dubai Lab. Prior to this, he was technical lead for the Sydney TAC Security and VPN team at Cisco.

 

• Filter traffic with access lists and implement security features on switches
• Configure Cisco IOS router firewall features and deploy ASA and PIX Firewall appliances
• Understand attack vectors and apply Layer 2 and Layer 3 mitigation techniques
• Secure management access with AAA
• Secure access control using multifactor authentication technology
• Implement identity-based network access control
• Apply the latest wireless LAN security solutions
• Enforce security policy compliance with Cisco NAC
• Learn the basics of cryptography and implement IPsec VPNs, DMVPN, GET VPN, SSL VPN, and MPLS VPN technologies
• Monitor network activity and security incident response with network and host intrusion prevention, anomaly detection, and security monitoring and correlation
• Deploy security management solutions such as Cisco Security Manager, SDM, ADSM, PDM, and IDM
• Learn about regulatory compliance issues such as GLBA, HIPPA, and SOX

 

This book is part of the Cisco CCIE Professional Development Series from Cisco Press, which offers expert-level instruction on network design, deployment, and support methodologies to help networking professionals manage complex networks and prepare for CCIE exams.

 

Category: Network Security

Covers: CCIE Security Exam

...

Authors: Matthias Dalheimer. Matt Welsh.
Paperback, 972 pages
Publisher: O'Reilly Media, Inc.
Publication Date: 2005-12-22
Edition: 5th

Reviews :

    You may be contemplating your first Linux installation. Or you may have been using Linux for years and need to know more about adding a network printer or setting up an FTP server. "Running Linux," now in its fifth edition, is the book you'll want on hand in either case. Widely recognized in the Linux community as the ultimate getting-started and problem-solving book, it answers the questions and tackles the configuration issues that frequently plague users, but are seldom addressed in other books.

This fifth edition of "Running Linux" is greatly expanded, reflecting the maturity of the operating system and the teeming wealth of software available for it. Hot consumer topics such

as audio and video playback applications, groupware functionality, and spam filtering are covered, along with the basics in configuration and management that always have made the book popular.

"Running Linux" covers basic communications such as mail, web surfing, and instant messaging, but also delves into the subtleties of network configuration--including dial-up, ADSL, and cable modems--in case you need to set up your network manually. The book can

make you proficient on office suites and personal productivity applications--and also tells you what programming tools are available if you're interested in contributing to these applications.

Other new topics in the fifth edition include encrypted email and filesystems, advanced shell techniques, and remote login applications. Classic discussions on booting, package management, kernel recompilation, and X configuration have also been updated.

The authors of "Running Linux" have anticipated problem areas, selected stable andpopular solutions, and provided clear instructions to ensure that you'll have a satisfying experience using Linux. The discussion is direct and complete enough to guide novice users, while still providing the additional information experienced users will need to progress in their mastery of Linux.

Whether you're using Linux on a home workstation or maintaining a network server, "Running Linux" will provide expert advice just when you need it....

    The Linux operating system has made a lot of progress in the past few years, and Running Linux has progressed right along with it to remain the single best general-purpose book for curious computer users who want to install, use, and enjoy Linux. The team of authors present a text that's simultaneously detailed and readable. Coupled with an inquisitive and capable reader, that's a recipe for success with the world's most popular open-source operating system. This new edition adds coverage of the GNOME desktop environment, the Apache/MySQL/PHP server suite, and the Postfix mail transfer daemon. It also covers core capabilities and behaviors of Linux through kernel version 2.4. There's better coverage of network security (including firewalling and ADSL link configuration), and coverage of how to set up audio-related hardware and software.

Perhaps best of all, this book conveys a sense of the "Linux attitude" as the authors see it. Linux, they say, is largely about experimentation, research, trial and error, and participation in a community. This comes in welcome contrast to books that focus on recipes (follow these steps to accomplish A; do these things to make your system do B). Though the authors of this book provide lots of how-to information, it's always presented with an eye toward further exploration. In explaining how to build the kernel, for example, the authors provide six concise steps as a reference, but then go on for several pages about designing makefiles and how to deal with error messages. This book's a treat. --David Wall

Topics covered: Assuming you know next to nothing about Linux, socially and historically as well as technically, this book teaches you what you need to know to make the operating system meet your desktop and server computing requirements. Coverage takes you from preparing to install Linux (in a multi-OS environment if you wish), continues through system administration and the most useful applications (like TeX and Internet clients), and proceeds to cover programming tools and server daemons (notably Apache, MySQL, and PHP). The coverage is mostly generic, but peculiarities of Red Hat, SuSE, and Debian get attention, too....

Authors: Matthew MacDonald.
Paperback, 624 pages
Publisher: Pogue Press
Publication Date: 2009-01-07
Edition: 2

Reviews :

    Think you have to be a technical wizard to build a great web site? Think again. If you want to create an engaging web site, this thoroughly revised, completely updated edition of Creating a Web Site: The Missing Manual demystifies the process and provides tools, techniques, and expert guidance for developing a professional and reliable web presence.

Whether you want to build a personal web site, an e-commerce site, a blog, or a web site for a specific occasion or promotion, this book gives you detailed instructions and clear-headed advice for:

• Everything from planning to launching. From picking and buying a domain name, choosing a Web hosting firm, building your site, and uploading the files to a web server, this book teaches you the nitty-gritty of creating your home on the Web.



• Ready-to-use building blocks. Creating your own web site doesn't mean you have to build everything from scratch. You'll learn how to incorporate loads of pre-built and freely available tools like interactive menus, PayPal shopping carts, Google ads, and Google Analytics.



• The modern Web. Today's best looking sites use powerful tools like Cascading Style Sheets (for sophisticated page layout), JavaScript (for rollover buttons and cascading menus), and video. This book doesn't treat these topics as fancy frills. From step one, you'll learn easy ways to create a powerful site with these tools.



• Blogs. Learn the basics behind the Web's most popular form of self-expression. And take a step-by-step tour through Blogger, the Google-run blogging service that will have you blogging before you close this book.

This isn't just another dry, uninspired book on how to create a web site. Creating a Web Site: The Missing Manual is a witty and intelligent guide you need to make your ideas and vision a web reality....

Authors: Bilal Haidar.
Paperback, 936 pages
Publisher: Wrox
Publication Date: 2008-11-10


Reviews :

    As the only book to address ASP.NET 3.5, AJAX, and IIS 7 security from the developer’s point of view, this book begins with a look at the new features of IIS 7.0 and then goes on to focus on IIS 7.0 and ASP.NET 3.5 integration. You’ll walk through a detailed explanation of the request life cycle for an ASP.NET application running on IIS 7.0 under the classic mode, from the moment it enters IIS 7.0 until ASP.NET generates a corresponding response....

Authors: Warren G. Kruse. Jay G. Heiser.
Paperback, 416 pages
Publisher: Addison-Wesley Professional
Publication Date: 2001-10-06


Reviews :

    Every computer crime leaves tracks--you just have to know where to find them. This book shows you how to collect and analyze the digital evidence left behind in a digital crime scene. Computers have always been susceptible to unwanted intrusions, but as the sophistication of computer technology increases so does the need to anticipate, and safeguard against, a corresponding rise in computer-related criminal activity. Computer forensics, the newest branch of computer security, focuses on the aftermath of a computer security incident. The goal of computer forensics is to conduct a structured investigation to determine exactly what happened, who was responsible, and to perform the investigation in such a way that the results are useful in a criminal proceeding. Written by two experts in digital investigation, Computer Forensics provides extensive information on how to handle the computer as evidence. Kruse and Heiser walk the reader through the complete forensics process--from the initial collection of evidence through the final report.Topics include an overview of the forensic relevance of encryption, the examination of digital evidence for clues, and the most effective way to present your evidence and conclusions in court. Unique forensic issues associated with both the Unix and the Windows NT/2000 operating systems are thoroughly covered. This book provides a detailed methodology for collecting, preserving, and effectively using evidence by addressing the three A's of computer forensics: *Acquire the evidence without altering or damaging the original data. *Authenticate that your recorded evidence is the same as the original seized data. *Analyze the data without modifying the recovered data. Computer Forensics is written for everyone who is responsible for investigating digital criminal incidents or who may be interested in the techniques that such investigators use. It is equally helpful to those investigating hacked web servers, and those who are investigating the source of illegal pornography. 0201707195B09052001...

    Computer security is a crucial aspect of modern information management, and one of the latest buzzwords is incident response--detecting and reacting to security breaches. Computer Forensics offers information professionals a disciplined approach to implementing a comprehensive incident-response plan, with a focus on being able to detect intruders, discover what damage they did, and hopefully find out who they are.

There is little doubt that the authors are serious about cyberinvestigation. They advise companies to "treat every case like it will end up in court," and although this sounds extreme, it is good advice. Upon detecting a malicious attack on a system, many system administrators react instinctively. This often involves fixing the problem with minimal downtime, then providing the necessary incremental security to protect against an identical attack. The authors warn that this approach often contaminates evidence and makes it difficult to track the perpetrator. This book describes how to maximize system uptime while protecting the integrity of the "crime scene."

The bulk of Computer Forensics details the technical skills required to become an effective electronic sleuth, with an emphasis on providing a well-documented basis for a criminal investigation. The key to success is becoming a "white hat" hacker in order to combat the criminal "black hat" hackers. The message is clear: if you're not smart enough to break into someone else's system, you're probably not smart enough to catch someone breaking into your system. In this vein, the authors use a number of technical examples and encourage the readers to develop expertise in Unix/Linux and Windows NT fundamentals. They also provide an overview of a number of third-party tools, many of which can be used for both tracking hackers and to probe your own systems.

The authors explain their investigative techniques via a number of real-world anecdotes. It is striking that many of the same hacks detailed in Cliff Stoll's classic The Cuckoo's Egg are still in use over 10 years later--both on the criminal and investigative fronts. It is up to individual companies whether or not to pursue each attempted security violation as a potential criminal case, but Computer Forensics provides a strong argument to consider doing so. --Pete Ostenson

Topics covered: Overview of computer crime investigative response, including extensive descriptions of hacking techniques. Frequent examples are used to demonstrate how to extract evidence from a violated computer system. Appendices include sample incident-response forms....

Authors: Byron Acohido. Jon Swartz.
Hardcover, 304 pages
Publisher: Union Square Press
Publication Date: 2008-04-01


Reviews :

   

• The Exploiters: The drug addicts, scam artists, and crime lords who carry out the gritty aspects of data theft and financial fraud;
• The Enablers: The credit card companies, banks, and credit bureaus who broker data;
• The Expediters: The technology experts running the gamut from good guys like Bill Gates to the devious virus writers and database hackers always on the alert for fresh flaws.

...