The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications. The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results.The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias "PortSwigger," Dafydd developed the popular Burp Suite of web application hack tools.

    But how do you interpret those packets once you've captured them? And how can those packets help you to better understand what's going on under the hood of your network? Practical Packet Analysis shows how to use Wireshark to capture and then analyze packets as you take an indepth look at real-world packet analysis and network troubleshooting. The way the pros do it.Wireshark (derived from the Ethereal project), has become the world's most popular network sniffing application. But while Wireshark comes with documentation, there's not a whole lot of information to show you how to use it in real-world scenarios. Practical Packet Analysis shows you how to:Use packet analysis to tackle common network problems, such as loss of connectivity, slow networks, malware infections, and more Build customized capture and display filters Tap into live network communication Graph traffic patterns to visualize the data flowing across your network Use advanced Wireshark features to understand confusing packets Build statistics and reports to help you better explain technical network information to non-technical usersBecause net-centric computing requires a deep understanding of network communication at the packet level, Practical Packet Analysis is a must have for any network technician, administrator, or engineer troubleshooting network problems of any kind.

    This book brings you up-to-date with the latest changes in this crucial service.The fifth edition covers BIND 9.3.2, the most recent release of the BIND 9 series, as well as BIND 8.4.7. BIND 9.3.2 contains further improvements in security and IPv6 support, and important new features such as internationalized domain names, ENUM (electronic numbering), and SPF (the Sender Policy Framework).Whether you're an administrator involved with DNS on a daily basis or a user who wants to be more informed about the Internet and how it works, you'll find that this book is essential reading.Topics include:What DNS does, how it works, and when you need to use it How to find your own place in the Internet's namespace Setting up name servers Using MX records to route mail Configuring hosts to use DNS name servers Subdividing domains (parenting) Securing your name server: restricting who can query your server, preventing unauthorized zone transfers, avoiding bogus servers, etc. The DNS Security Extensions (DNSSEC) and Transaction Signatures (TSIG) Mapping one name to several servers for load sharing Dynamic updates, asynchronous notification of change to a zone, and incremental zone transfers Troubleshooting: using nslookup and dig, reading debugging output, common problems DNS programming using the resolver library and Perl's Net::DNS module

    From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, this book suits all levels of security and networking professionals. A 42-page reference guide documents every Nmap feature and option, while the rest of the book demonstrates how to apply those features to quickly solve real-world tasks. Examples and diagrams show actual communication on the wire. Topics include subverting firewalls and intrusion detection systems, optimizing Nmap performance, and automating common networking tasks with the Nmap Scripting Engine. Hints and instructions are provided for common uses such as taking network inventory, penetration testing, detecting rogue wireless access points, and quashing network worm outbreaks. Nmap runs on Windows, Linux, and Mac OS X.Nmap's original author, Gordon "Fyodor" Lyon, wrote this book to share everything he has learned about network scanning during more than 11 years of Nmap development. Visit http: //nmap.org/book for more information and sample chapters.

    The enhancements to ActionScript's performance, feature set, ease of use, cleanliness, and sophistication are considerable. Essential ActionScript 3.0 focuses on the core language and object-oriented programming, along with the Flash Player API. Essential ActionScript has become the #1 resource for the Flash and ActionScript development community, and the reason is the author, Colin Moock. Many people even refer to it simply as "The Colin Moock book."And for good reason: No one is better at turning ActionScript inside out, learning its nuances and capabilities, and then explaining everything in such an accessible way. Colin Moock is not just a talented programmer and technologist; he's also a gifted teacher.Essential ActionScript 3.0 is a radically overhauled update to Essential ActionScript 2.0. True to its roots, the book once again focuses on the core language and object-oriented programming, but also adds a deep look at the centerpiece of Flash Player's new API: display programming. Enjoy hundreds of brand new pages covering exciting new language features, such as the DOM-based event architecture, E4X, and namespaces--all brimming with real-world sample code.The ActionScript 3.0 revolution is here, and Essential ActionScript 3.0's steady hand is waiting to guide you through it.Adobe Developer Library is a co-publishing partnership between O'Reilly Media and Adobe Systems, Inc. and is designed to produce the number one information resources for developers who use Adobe technologies. Created in 2006, the Adobe Developer Library is the official source for comprehensive learning solutions to help developers create expressive and interactive web applications that can reach virtually anyone on any platform. With top-notch books and innovative online resources covering the latest in rich Internet application development, the Adobe Developer Library offers expert training and in-depth resources, straight from the source.

    But just how does the magic happen?In Black Hat Python, the latest from Justin Seitz (author of the best-selling Gray Hat Python), you'll explore the darker side of Python's capabilities writing network sniffers, manipulating packets, infecting virtual machines, creating stealthy trojans, and more. You'll learn how to:Create a trojan command-and-control using GitHubDetect sandboxing and automate common malware tasks, like keylogging and screenshottingEscalate Windows privileges with creative process controlUse offensive memory forensics tricks to retrieve password hashes and inject shellcode into a virtual machineExtend the popular Burp Suite web-hacking toolAbuse Windows COM automation to perform a man-in-the-browser attackExfiltrate data from a network most sneakilyInsider techniques and creative challenges throughout show you how to extend the hacks and how to write your own exploits.When it comes to offensive security, your ability to create powerful tools on the fly is indispensable. Learn how in Black Hat Python."

    Every page of Linux Pocket Guide lives up to this billing. It clearly explains how to get up to speed quickly on day-to-day Linux use. Once you're up and running, Linux Pocket Guide provides an easy-to-use reference that you can keep by your keyboard for those times when you want a fast, useful answer, not hours in the man pages.Linux Pocket Guide is organized the way you use Linux: by function, not just alphabetically. It's not the 'bible of Linux; it's a practical and concise guide to the options and commands you need most. It starts with general concepts like files and directories, the shell, and X windows, and then presents detailed overviews of the most essential commands, with clear examples. You'll learn each command's purpose, usage, options, location on disk, and even the RPM package that installed it.The Linux Pocket Guide is tailored to Fedora Linux--the latest spin-off of Red Hat Linux--but most of the information applies to any Linux system.Throw in a host of valuable power user tips and a friendly and accessible style, and you'll quickly find this practical, to-the-point book a small but mighty resource for Linux users.

    This book teaches basic Artificial Intelligence algorithms such as dimensionality, distance metrics, clustering, error calculation, hill climbing, Nelder Mead, and linear regression. These are not just foundational algorithms for the rest of the series, but are very useful in their own right. The book explains all algorithms using actual numeric calculations that you can perform yourself. Artificial Intelligence for Humans is a book series meant to teach AI to those without an extensive mathematical background. The reader needs only a knowledge of basic college algebra or computer programming—anything more complicated than that is thoroughly explained. Every chapter also includes a programming example. Examples are currently provided in Java, C#, R, Python and C. Other languages planned.

    Each idiom comes with a detailed description, example code showing the "wrong" way to do it, and code for the idiomatic, "Pythonic" alternative. *This version of the book is for Python 2.7.3+. There is also a Python 3.3+ version available.* "Writing Idiomatic Python" contains the most common and important Python idioms in a format that maximizes identification and understanding. Each idiom is presented as a recommendation to write some commonly used piece of code. It is followed by an explanation of why the idiom is important. It also contains two code samples: the "Harmful" way to write it and the "Idiomatic" way. * The "Harmful" way helps you identify the idiom in your own code. * The "Idiomatic" way shows you how to easily translate that code into idiomatic Python. This book is perfect for you: * If you're coming to Python from another programming language * If you're learning Python as a first programming language * If you're looking to increase the readability, maintainability, and correctness of your Python code What is "Idiomatic" Python? Every programming language has its own idioms. Programming language idioms are nothing more than the generally accepted way of writing a certain piece of code. Consistently writing idiomatic code has a number of important benefits: * Others can read and understand your code easily * Others can maintain and enhance your code with minimal effort * Your code will contain fewer bugs * Your code will teach others to write correct code without any effort on your part

    Security professionals will find plenty of solutions in this book to the problems posed by viruses, Trojan horses, worms, spyware, rootkits, adware, and other invasive software. Written by well-known malware experts, this guide reveals solutions to numerous problems and includes a DVD of custom programs and tools that illustrate the concepts, enhancing your skills. Security professionals face a constant battle against malicious software; this practical manual will improve your analytical capabilities and provide dozens of valuable and innovative solutions Covers classifying malware, packing and unpacking, dynamic malware analysis, decoding and decrypting, rootkit detection, memory forensics, open source malware research, and much more Includes generous amounts of source code in C, Python, and Perl to extend your favorite tools or build new ones, and custom programs on the DVD to demonstrate the solutions Malware Analyst's Cookbook is indispensible to IT security administrators, incident responders, forensic analysts, and malware researchers.

    This book builds on the contributions and strengths of seminal technologies like Spring, Hibernate, and TopLink.EJB 3 is the most important innovation introduced in Java EE 5.0. EJB 3 simplifies enterprise development, abandoning the complex EJB 2.x model in favor of a lightweight POJO framework. The new API represents a fresh perspective on EJB without sacrificing the mission of enabling business application developers to create robust, scalable, standards-based solutions.EJB 3 in Action is a fast-paced tutorial, geared toward helping you learn EJB 3 and the Java Persistence API quickly and easily. For newcomers to EJB, this book provides a solid foundation in EJB. For the developer moving to EJB 3 from EJB 2, this book addresses the changes both in the EJB API and in the way the developer should approach EJB and persistence.

    It guides you through everything you need to know to get started, including how to configure IPv6 on hosts and routers and which applications currently support IPv6. The new IPv6 protocols offers extended address space, scalability, improved support for security, real-time traffic support, and auto-configuration so that even a novice user can connect a machine to the Internet. Aimed at system and network administrators, engineers, network designers, and IT managers, this book will help you understand, plan for, design, and integrate IPv6 into your current IPv4 infrastructure.Beginning with a short history of IPv6, author Silvia Hagen provides an overview of new functionality and discusses why we need IPv6. Hagen also shares exhaustive discussions of the new IPv6 header format and Extension Headers, IPv6 address and ICMPv6 message format, Security, QoS, Mobility and, last but not least, offers a Quick Start Guide for different operating systems. IPv6 Essentials, Second Edition also covers:In-depth technical guide to IPv6 Mechanisms and Case Studies that show how to integrate IPv6 into your network without interruption of IPv4 services Routing protocols and upper layer protocols Security in IPv6: concepts and requirements. Includes the IPSEC framework and security elements available for authentication and encryption Quality of Service: covers the elements available for QoS in IPv6 and how they can be implemented Detailed discussion of DHCPv6 and Mobile IPv6 Discussion of migration cost and business case Getting started on different operating systems: Sun Solaris, Linux, BSD, Windows XP, and Cisco routersWhether you're ready to start implementing IPv6 today or are planning your strategy for the future, IPv6 Essentials, Second Edition will provide the solid foundation you need to get started."Silvia's look at IPv6 is always refreshing as she translates complex technology features into business drivers and genuine end-user benefits to enable building new business concepts based on end to end models." Latif Ladid, President IPv6 Forum, Chair EU IPv6 Task Force

    That's why Elizabeth Castro has written HTML 4 for the World Wide Web, Fourth Edition: Visual QuickStart Guide, an update to her blockbuster guide to HTML 4. You'll find all the concise, practical advice--and fun examples--that made the first edition a worldwide bestseller, plus entirely new coverage of debugging, JavaScript, and using tables for page layout, and an expanded section on Cascading Style Sheets.Like all the books in the Visual QuickStart series, this one breaks even the most complex tasks into easy-to-follow steps illustrated with hundreds of screenshots and the actual code. The book presumes no prior knowledge of HTML, making it the perfect introduction for beginners. But its tabbed format and info-packed appendixes (on special HTML characters and Web-safe colors, for example) also make it a handy and indispensable reference for those who build Web pages for a living. Find out why Amazon called the previous edition a "dream guide" to HTML.

    This practical guide shows you how to be productive with this tool quickly, whether you're a developer deploying code to production or a system administrator looking for a better automation solution.Author Lorin Hochstein shows you how to write playbooks (Ansible's configuration management scripts), manage remote servers, and explore the tool's real power: built-in declarative modules. You'll discover that Ansible has the functionality you need and the simplicity you desire.Understand how Ansible differs from other configuration management systemsUse the YAML file format to write your own playbooksLearn Ansible's support for variables and factsWork with a complete example to deploy a non-trivial applicationUse roles to simplify and reuse playbooksMake playbooks run faster with ssh multiplexing, pipelining, and parallelismDeploy applications to Amazon EC2 and other cloud platformsUse Ansible to create Docker images and deploy Docker containers

    Understanding HTTP is essential for practically all web-based programming, design, analysis, and administration.While the basics of HTTP are elegantly simple, the protocol's advanced features are notoriously confusing, because they knit together complex technologies and terminology from many disciplines. This book clearly explains HTTP and these interrelated core technologies, in twenty-one logically organized chapters, backed up by hundreds of detailed illustrations and examples, and convenient reference appendices. HTTP: The Definitive Guide explains everything people need to use HTTP efficiently -- including the black arts and tricks of the trade -- in a concise and readable manner.In addition to explaining the basic HTTP features, syntax and guidelines, this book clarifies related, but often misunderstood topics, such as: TCP connection management, web proxy and cache architectures, web robots and robots.txt files, Basic and Digest authentication, secure HTTP transactions, entity body processing, internationalized content, and traffic redirection.Many technical professionals will benefit from this book. Internet architects and developers who need to design and develop software, IT professionals who need to understand Internet architectural components and interactions, multimedia designers who need to publish and host multimedia, performance engineers who need to optimize web performance, technical marketing professionals who need a clear picture of core web architectures and protocols, as well as untold numbers of students and hobbyists will all benefit from the knowledge packed in this volume.There are many books that explain how to use the Web, but this is the one that explains how the Web works. Written by experts with years of design and implementation experience, this book is the definitive technical bible that describes the why and the how of HTTP and web core technologies. HTTP: The Definitive Guide is an essential reference that no technically-inclined member of the Internet community should be without.