Book picks similar to
The Web Application Hackers Handbook: Discovering and Exploiting Security Flaws by John B. Stuttard
hacking
technical
web-app-pentesting
web-security
MCSA/MCSE Self-Paced Training Kit (Exam 70-290): Managing and Maintaining a Microsoft Windows Server 2003 Environment
Dan Holme - 2003
As you d expect, there s accurate, clearly written coverage of every exam objective (now including Service Pack 1): installation and configuration; user, group, and computer accounts; filesystems and backup/recovery; hardware, disk storage, and printers; Update Services and licensing; monitoring, and more. The content s been extensively revamped and more effectively focused on the exam s objectives. There s also a large Prepare for the Test section packed with questions, answers, testing skills, and suggested practices. You ll find more case studies, more troubleshooting scenarios, electronic practice testing in practically any form your heart desires, and (if you don t have Windows Server handy) a 120-day evaluation version. There s even a 15% discount coupon for your exam -- making this package an even more compelling proposition. Bill Camarda, from the June 2006 href="http://www.barnesandnoble.com/newslet... Only
Risen!
Donald Wells - 2014
From REMINGTON KANE, The Author of the TANNER! SeriesTAKEN! - RISEN! - Book 14 of The TAKEN! SeriesNO NAME.NO PULSE.NO HOPE?NO WAY!
Penetration Testing: A Hands-On Introduction to Hacking
Georgia Weidman - 2014
This beginner-friendly book opens with some basics of programming and helps you navigate Kali Linux, an operating system that comes preloaded with useful computer security tools like Wireshark and Metasploit. You'll learn about gathering information on a target, social engineering, capturing network traffic, analyzing vulnerabilities, developing exploits, and more. Hands-on examples discuss even advanced topics like mobile device security and bypassing anti-virus software.
Data Structure Through C
Yashavant P. Kanetkar - 2003
It adopts a novel approach, by using the programming language c to teach data structures. The book discusses concepts like arrays, algorithm analysis, strings, queues, trees and graphs. Well-designed animations related to these concepts are provided in the cd-rom which accompanies the book. This enables the reader to get a better understanding of the complex procedures described in the book through a visual demonstration of the same. Data structure through c is a comprehensive book which can be used as a reference book by students as well as computer professionals. It is written in a clear, easy-to-understood manner and it includes several programs and examples to explain clearly the complicated concepts related to data structures. The book was published by bpb publications in 2003 and is available in paperback. Key features: the book contains example programs that elucidate the concepts. It comes with a cd that visually demonstrates the theory presented in the book.
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
Mark Dowd - 2006
Drawing on their extraordinary experience, they introduce a start-to-finish methodology for "ripping apart" applications to reveal even the most subtle and well-hidden security flaws.
The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws
Dafydd Stuttard - 2007
The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications. The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results.The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias "PortSwigger," Dafydd developed the popular Burp Suite of web application hack tools.
Gray Hat Hacking: The Ethical Hacker's Handbook
Shon Harris - 2004
Section I: Exploits 202; Chapter 1: Survival; Chapter 2: Basic Exploits; Chapter 3: Advance Exploits; Chapter 4: Writing Shell Code; Section II: Vulnerability Analysis; Chapter 5: Passive Analysis; Chapter 6: Active Analysis; Chapter 7: Bug to Exploit; Chapter 8: Mitigation; Section III: Advanced System Hacks; Chapter 9: Advanced.
Metasploit: The Penetration Tester's Guide
David Kennedy - 2011
But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors.Once you've built your foundation for penetration testing, you'll learn the Framework's conventions, interfaces, and module system as you launch simulated attacks. You'll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks.Learn how to:Find and exploit unmaintained, misconfigured, and unpatched systems Perform reconnaissance and find valuable information about your target Bypass anti-virus technologies and circumvent security controls Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery Use the Meterpreter shell to launch further attacks from inside the network Harness standalone Metasploit utilities, third-party tools, and plug-ins Learn how to write your own Meterpreter post exploitation modules and scripts You'll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone else's to the test, Metasploit: The Penetration Tester's Guide will take you there and beyond.
Hacking the Xbox: An Introduction to Reverse Engineering
Andrew Huang - 2003
The book progresses into a discussion of the Xbox security mechanisms and other advanced hacking topics, with an emphasis on educating the readers on the important subjects of computer security and reverse engineering. Hacking the Xbox includes numerous practical guides, such as where to get hacking gear, soldering techniques, debugging tips and an Xbox hardware reference guide.Hacking the Xbox also confronts the social and political issues facing today's hacker by looking forward and discussing the impact of today's legal challenges on legitimate reverse engineering activities. The book includes a chapter written by the Electronic Frontier Foundation (EFF) about the rights and responsibilities of hackers, and concludes by discussing the latest trends and vulnerabilities in secure PC platforms.
CCNA - Cisco Certified Network Associate Study Guide: Exam 640-802
Todd Lammle - 2007
Completely Revised for the New 2007 Version of the CCNA Exam (#640-802) Cisco networking authority Todd Lammle has completely updated this new edition to cover all of the exam objectives for the latest version of the CCNA exam.
TCP/IP Protocol Suite
Behrouz A. Forouzan - 1999
TCP/IP Protocol Suite teaches students and professionals, with no prior knowledge of TCP/IP, everything they need to know about the subject. This comprehensive book uses hundreds of figures to make technical concepts easy to grasp, as well as many examples, which help tie the material to the real-world. The second edition of TCP/IP Protocol Suite has been fully updated to include all of the recent technology changes in the field. Many new chapters have been added such as one on Mobile IP, Multimedia and Internet, Network Security, and IP over ATM. Additionally, out-of-date material has been overhauled to reflect recent changes in technology.
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
Gordon Fyodor Lyon - 2009
From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, this book suits all levels of security and networking professionals. A 42-page reference guide documents every Nmap feature and option, while the rest of the book demonstrates how to apply those features to quickly solve real-world tasks. Examples and diagrams show actual communication on the wire. Topics include subverting firewalls and intrusion detection systems, optimizing Nmap performance, and automating common networking tasks with the Nmap Scripting Engine. Hints and instructions are provided for common uses such as taking network inventory, penetration testing, detecting rogue wireless access points, and quashing network worm outbreaks. Nmap runs on Windows, Linux, and Mac OS X.Nmap's original author, Gordon "Fyodor" Lyon, wrote this book to share everything he has learned about network scanning during more than 11 years of Nmap development. Visit http: //nmap.org/book for more information and sample chapters.
Red Team Field Manual
Ben Clark - 2014
The RTFM contains the basic syntax for commonly used Linux and Windows command line tools, but it also encapsulates unique use cases for powerful tools such as Python and Windows PowerShell. The RTFM will repeatedly save you time looking up the hard to remember Windows nuances such as Windows wmic and dsquery command line tools, key registry values, scheduled tasks syntax, startup locations and Windows scripting. More importantly, it should teach you some new red team techniques.
Linux Basics for Hackers: Getting Started with Networking, Scripting, and Security in Kali
OccupyTheWeb - 2018
Topics include Linux command line basics, filesystems, networking, BASH basics, package management, logging, and the Linux kernel and drivers.If you're getting started along the exciting path of hacking, cybersecurity, and pentesting, Linux Basics for Hackers is an excellent first step. Using Kali Linux, an advanced penetration testing distribution of Linux, you'll learn the basics of using the Linux operating system and acquire the tools and techniques you'll need to take control of a Linux environment.First, you'll learn how to install Kali on a virtual machine and get an introduction to basic Linux concepts. Next, you'll tackle broader Linux topics like manipulating text, controlling file and directory permissions, and managing user environment variables. You'll then focus in on foundational hacking concepts like security and anonymity and learn scripting skills with bash and Python. Practical tutorials and exercises throughout will reinforce and test your skills as you learn how to: - Cover your tracks by changing your network information and manipulating the rsyslog logging utility - Write a tool to scan for network connections, and connect and listen to wireless networks - Keep your internet activity stealthy using Tor, proxy servers, VPNs, and encrypted email - Write a bash script to scan open ports for potential targets - Use and abuse services like MySQL, Apache web server, and OpenSSH - Build your own hacking tools, such as a remote video spy camera and a password crackerHacking is complex, and there is no single way in. Why not start at the beginning with Linux Basics for Hackers?
The Shellcoder's Handbook: Discovering and Exploiting Security Holes
Jack Koziol - 2004
This much-anticipated revision, written by the ultimate group of top security experts in the world, features 40 percent new content on how to find security holes in any operating system or applicationNew material addresses the many new exploitation techniques that have been discovered since the first edition, including attacking "unbreakable" software packages such as McAfee's Entercept, Mac OS X, XP, Office 2003, and VistaAlso features the first-ever published information on exploiting Cisco's IOS, with content that has never before been exploredThe companion Web site features downloadable code files