Wow! eBook – Blog

Book Description

The latest Web app attacks and countermeasures from world-renowned practitioners

Protect your Web applications from malicious attacks by mastering the weapons and thought processes of today’s hacker. Written by recognized security practitioners and thought leaders, Hacking Exposed Web Applications, Third Edition is fully updated to cover new infiltration methods and countermeasures. Find out how to reinforce authentication and authorization, plug holes in Firefox and IE, reinforce against injection attacks, and secure Web 2.0 features. Integrating security into the Web development lifecycle (SDL) and into the broader enterprise information security program is also covered in this comprehensive resource.

• Get full details on the hacker’s footprinting, scanning, and profiling tools, including SHODAN, Maltego, and OWASP DirBuster
• See new exploits of popular platforms like Sun Java System Web Server and Oracle WebLogic in operation
• Understand how attackers defeat commonly used Web authentication technologies
• See how real-world session attacks leak sensitive data and how to fortify your applications
• Learn the most devastating methods used in today’s hacks, including SQL injection, XSS, XSRF, phishing, and XML injection techniques Download Now »

Book Description

For an organization to function effectively, its security controls must not be so restrictive that the business is denied the ability to be innovative and flexible. But increasingly pervasive threats mandate vigilance in unlikely areas. Adaptive Security Management Architecture enables security professionals to structure the best program designed to meet the complex needs of an entire organization, taking into account the organization’s business goals as well as the surrounding controls, processes, and units already in existence.

Security aligned with business needs
Introducing the concept of Adaptive Security Management Architecture (ASMA), the book explains how an organization can develop an adaptive security program closely aligned to business needs, making it an enabling force that helps the organization achieve its goals and objectives. Describing how to achieve this adaptability, the book cites several examples and concepts to demonstrate aspects of managing change. It presents the end product of a successful security management system and examines the finer points of how it can be accomplished.

Risk management and governance
The book explores the security and business attributes that must be considered in the development of services and discusses the importance of consistency of management of services. In a section on risk management, the author explains how this important component is directly integrated with the ASMA model. Download Now »

Book Description

A unified treatment of the vulnerabilities that exist in real-world network systems—with tools to identify synergies for mergers and acquisitionsFragile Networks: Identifying Vulnerabilities and Synergies in an Uncertain World presents a comprehensive study of network systems and the roles these systems play in our everyday lives. This book successfully conceptualizes, defines, and constructs mathematically rigorous, computer-based tools for the assessment of network performance and efficiency, along with robustness and vulnerability analysis. The result is a thorough exploration that promotes an understanding of the critical infrastructure of today’s network systems, from congested urban transportation networks and supply chain networks under disruption to financial networks and the Internet.

The authors approach the analyses by abstracting not only topological structures of networks, but also the behavior of network users, the demand for resources, the resulting flows, and the associated costs. Following an introduction to the fundamental methodologies and tools required for network analysis and network vulnerability, the book is organized into three self-contained parts:

Part I—Network Fundamentals, Efficiency Measurement, and Vulnerability Analysis explores the theoretical and practical foundations for a new network efficiency measure in order to assess the importance of network components in various network systems. Methodologies for distinct decision-making behaviors are outlined, along with the tools for qualitative analysis, the algorithms for the computation of solutions, and a thorough discussion of the unified network efficient measure and network robustness with the unified measure. Download Now »

Book Description

What do information security and the art of war have in common?
The answer, this book argues, is a great deal. Although the authors have an expert technical knowledge of information security, they strongly believe that technical and procedural measures cannot offer a solution on their own.

The human factor
Information security is not painting by numbers. You can tick all the right boxes and acquire the latest technology, and you may fail all the same. This is because information security is ultimately a human problem, not a technical one. In the end, the threats to your information security come from human beings, not from machines. Although one problem you will face is simple human error, the major threat to your business information is from the criminal.

Fight Cybercrime
Cybercrime is on the move. It is in a state of constant evolution, capable of adapting both to developments in technology and to whatever security measures its targets have already put in place. It will seek out your weak points in order to exploit them for its own advantage. However, although the people who want to harm your business will try to take you by surprise, they are also bound to have weaknesses of their own. Because the activity of the cybercriminal is both deliberate and hostile, they can be compared to a military adversary. So if you want to defend yourself from cybercrime you can learn from military strategy. Download Now »

Book Description

Get complete coverage of the latest release of the Certified Information Systems Security Professional (CISSP) exam inside this comprehensive, fully updated resource. Written by the leading expert in IT security certification and training, this authoritative guide covers all 10 CISSP exam domains developed by the International Information Systems Security Certification Consortium (ISC2). You’ll find learning objectives at the beginning of each chapter, exam tips, practice exam questions, and in-depth explanations. Designed to help you pass the CISSP exam with ease, this definitive volume also serves as an essential on-the-job reference.COVERS ALL 10 CISSP DOMAINS:

• Information security and risk management
• Access control
• Security architecture and design
• Physical and environmental security
• Telecommunications and network security
• Cryptography
• Business continuity and disaster recovery planning Download Now »

Book Description

THE LATEST STRATEGIES FOR UNCOVERING TODAY’S MOST DEVASTATING ATTACKS

Thwart malicious network intrusion by using cutting-edge techniques for finding and fixing security flaws. Fully updated and expanded with nine new chapters, Gray Hat Hacking: The Ethical Hacker’s Handbook, Third Edition details the most recent vulnerabilities and remedies along with legal disclosure methods. Learn from the experts how hackers target systems, defeat production schemes, write malicious code, and exploit flaws in Windows and Linux systems. Malware analysis, penetration testing, SCADA, VoIP, and Web security are also covered in this comprehensive resource.

• Develop and launch exploits using BackTrack and Metasploit
• Employ physical, social engineering, and insider attack techniques
• Build Perl, Python, and Ruby scripts that initiate stack buffer overflows
• Understand and prevent malicious content in Adobe, Office, and multimedia files
• Detect and block client-side, Web server, VoIP, and SCADA attacks
• Reverse engineer, fuzz, and decompile Windows and Linux software
• Develop SQL injection, cross-site scripting, and forgery exploits
• Trap malware and rootkits using honeypots and SandBoxes Download Now »