Nov 21, 2011 |
6,035 views |
Book Description
“Give a man an exploit and you make him a hacker for a day; teach a man to exploit bugs and you make him a hacker for a lifetime.”
–Felix ‘FX’ Lindner
Seemingly simple bugs can have drastic consequences, allowing attackers to compromise systems, escalate local privileges, and otherwise wreak havoc on a system.
A Bug Hunter’s Diary follows security expert Tobias Klein as he tracks down and exploits bugs in some of the world’s most popular software, like Apple’s iOS, the VLC media player, web browsers, and even the Mac OS X kernel. In this one-of-a-kind account, you’ll see how the developers responsible for these flaws patched the bugs—or failed to respond at all. As you follow Klein on his journey, you’ll gain deep technical knowledge and insight into how hackers approach difficult problems and experience the true joys (and frustrations) of bug hunting.
Along the way you’ll learn how to:
- Use field-tested techniques to find bugs, like identifying and tracing user input data and reverse engineering
- Exploit vulnerabilities like NULL pointer dereferences, buffer overflows, and type conversion flaws
- Develop proof of concept code that verifies the security flaw
- Report bugs to vendors or third party brokers
A Bug Hunter’s Diary is packed with real-world examples of vulnerable code Download Now »
Nov 17, 2011 |
4,509 views |
Book Description
CCNP Security FIREWALL 642-617 Official Cert Guide is a best of breed Cisco exam study guide that focuses specifically on the objectives for the CCNP Security FIREWALL exam. Senior security consultants and instructors David Hucaby, Dave Garneau, and Anthony Sequeira share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.
CCNP Security FIREWALL 642-617 Official Cert Guide presents you with an organized test-preparation routine through the use of proven series elements and techniques. “Do I Know This Already?” quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.
The companion CD-ROM contains the powerful Pearson IT Certification Practice Test engine that enables you to focus on individual topic areas or take a complete, timed exam. The assessment engine also tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most.
Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time. Download Now »
Nov 02, 2011 |
7,968 views |
Book Description
Windows security concepts and technologies for IT beginners
IT security can be a complex topic, especially for those new to the field of IT. This full-color book, with a focus on the Microsoft Technology Associate (MTA) program, offers a clear and easy-to-understand approach to Windows security risks and attacks for newcomers to the world of IT. By paring down to just the essentials, beginners gain a solid foundation of security concepts upon which more advanced topics and technologies can be built.
This straightforward guide begins each chapter by laying out a list of topics to be discussed, followed by a concise discussion of the core networking skills you need to have to gain a strong handle on the subject matter. Chapters conclude with review questions and suggested labs so you can measure your level of understanding of the chapter’s content.
- Serves as an ideal resource for gaining a solid understanding of fundamental security concepts and skills
- Offers a straightforward and direct approach to security basics and covers anti-malware software products, firewalls, network topologies and devices, network ports, and more
- Reviews all the topics you need to know for taking the MTA 98-367 exam
- Provides an overview of security components, looks at securing access with permissions, addresses audit policies and network auditing, and examines protecting clients and servers
If you’re new to IT and interested in entering the IT workforce Download Now »
Oct 29, 2011 |
4,997 views |
Book Description
A step-by-step guide to the tasks involved in security administration
If you aspire to a career in security administration, one of your greatest challenges will be gaining hands-on experience. This book takes you through the most common security admin tasks step by step, showing you the way around many of the roadblocks you can expect on the job. It offers a variety of scenarios in each phase of the security administrator’s job, giving you the confidence of first-hand experience.
In addition, this is an ideal complement to the brand-new, bestselling CompTIA Security+ Study Guide, 5th Edition or the CompTIA Security+ Deluxe Study Guide, 2nd Edition, the latest offerings from Sybex for CompTIA’s Security+ SY0-301 exam.
- Targets security administrators who confront a wide assortment of challenging tasks and those seeking a career in security administration who are hampered by a lack of actual experience
- Walks you through a variety of common tasks, demonstrating step by step how to perform them and how to circumvent roadblocks you may encounter
- Features tasks that are arranged according to four phases of the security administrator’s role: designing a secure network, creating and implementing standard security policies, identifying insecure systems in an existing environment, and training both onsite and remote users
- Ideal hands-on for those preparing for CompTIA’s Security+ exam (SY0-301)
Download Now »
Oct 28, 2011 |
4,316 views |
Book Description
Information security is the act of protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction. This book discusses why information security is needed and how security problems can have widespread impacts. It covers the complete security lifecycle of products and services, starting with requirements and policy development and progressing through development, deployment, and operations, and concluding with decommissioning. Professionals in the sciences, engineering, and communications fields will turn to this resource to understand the many legal, technical, competitive, criminal and consumer forces and influences that are rapidly changing our information dependent society.
From the Back Cover
From design to deployment to decommissioning: a systems engineering approach to information security
With this book as a guide, readers learn to apply a tested and proven methodology to address the information security concerns of any organization, ensuring that specific classes of information are only accessible to designated users. The methodology is based on systems engineering, a set of concepts that enable the systematic documentation of objectives and set forth the functional and performance capabilities needed to achieve those objectives. Because the book considers the complete life cycle of security systems, it also guides readers through deployment, operations, and eventual decommissioning. Moreover, the book goes well beyond technical requirements, enabling the full account of all aspects of an organization’s needs, including: Download Now »
Oct 22, 2011 |
6,331 views |
Book Description
Expert Oracle and Java Security: Programming Secure Oracle Database Applications with Java provides resources that every Java and Oracle database application programmer needs to ensure that they have guarded the security of the data and identities entrusted to them. You’ll learn to consider potential vulnerabilities, and to apply best practices in secure Java and PL/SQL coding. Author David Coffin shows how to develop code to encrypt data in transit and at rest, to accomplish single sign-on with Oracle proxy connections, to generate and distribute two-factor authentication tokens from the Oracle server using pagers, cell phones (SMS), and e-mail, and to securely store and distribute Oracle application passwords.
Early chapters lay the foundation for effective security in an Oracle/Java environment. Each of the later chapters brings example code to a point where it may be applied as-is to address application security issues. Templates for applications are also provided to help you bring colleagues up to the same secure application standards. If you are less familiar with either Java or Oracle PL/SQL, you will not be left behind; all the concepts in this book are introduced as to a novice and addressed as to an expert.
- Helps you protect against data loss, identity theft, SQL injection, and address spoofing
- Provides techniques for encryption on network and disk, code obfuscation and wrap, database hardening, single sign-on and two-factor
- Provides what database administrators need to know about secure password distribution, Java secure programming, Java stored procedures, secure application roles in Oracle, logon triggers, database design, various connection pooling schemes, and much more Download Now »
