Book picks similar to
Web Hacking 101 by Peter Yaworski
hacking
security
tech
non-fiction
The Linux Command Line
William E. Shotts Jr. - 2012
Available here:readmeaway.com/download?i=1593279523The Linux Command Line, 2nd Edition: A Complete Introduction PDF by William ShottsRead The Linux Command Line, 2nd Edition: A Complete Introduction PDF from No Starch Press,William ShottsDownload William Shotts’s PDF E-book The Linux Command Line, 2nd Edition: A Complete Introduction
Threat Modeling: Designing for Security
Adam Shostack - 2014
Dobbs Jolt Award Finalist since Bruce Schneier's Secrets and Lies and Applied Cryptography!Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies.Systems security managers, you'll find tools and a framework for structured thinking about what can go wrong. Software developers, you'll appreciate the jargon-free and accessible introduction to this essential skill. Security professionals, you'll learn to discern changing threats and discover the easiest ways to adopt a structured approach to threat modeling.Provides a unique how-to for security and software developers who need to design secure products and systems and test their designs Explains how to threat model and explores various threat modeling approaches, such as asset-centric, attacker-centric and software-centric Provides effective approaches and techniques that have been proven at Microsoft and elsewhere Offers actionable how-to advice not tied to any specific software, operating system, or programming language Authored by a Microsoft professional who is one of the most prominent threat modeling experts in the world As more software is delivered on the Internet or operates on Internet-connected devices, the design of secure software is absolutely critical. Make sure you're ready with Threat Modeling: Designing for Security.
The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy
Patrick Engebretson - 2011
No prior hacking experience is needed. You learn how to properly utilize and interpret the results of modern day hacking tools, which are required to complete a penetration test. Tool coverage includes Backtrack Linux, Google reconnaissance, MetaGooFil, dig, Nmap, Nessus, Metasploit, Fast Track Autopwn, Netcat, Hacker Defender rootkit, and more. A simple and clean explanation of how to effectively utilize these tools as well as the introduction to a four-step methodology for conducting a penetration test or hack, will provide you with know-how required to jump start your career or gain a better understanding of offensive security. The book serves as an introduction to penetration testing and hacking and will provide you with a solid foundation of knowledge. After completing the book readers will be prepared to take on in-depth and advanced topics in hacking and penetration testing. The book walks through each of the steps and tools in a structured, orderly manner allowing readers to understand how the output from each tool can be fully utilized in the subsequent phases of the penetration test. This process allows readers to clearly see how the tools and phases relate.Each chapter contains hands-on examples and exercises that are designed to teach you how to interpret the results and utilize those results in later phasesWritten by an author who works in the field as a Penetration Tester and who teaches Offensive Security, Penetration Testing, and Ethical Hacking, and Exploitation classes at Dakota State UniversityUtilizes the Backtrack Linux distribution and focuses on the seminal tools required to complete a penetration test
Reversing: Secrets of Reverse Engineering
Eldad Eilam - 2005
The book is broken into two parts, the first deals with security-related reverse engineering and the second explores the more practical aspects of reverse engineering. In addition, the author explains how to reverse engineer a third-party software library to improve interfacing and how to reverse engineer a competitor's software to build a better product. * The first popular book to show how software reverse engineering can help defend against security threats, speed up development, and unlock the secrets of competitive products * Helps developers plug security holes by demonstrating how hackers exploit reverse engineering techniques to crack copy-protection schemes and identify software targets for viruses and other malware * Offers a primer on advanced reverse-engineering, delving into disassembly-code-level reverse engineering-and explaining how to decipher assembly language
Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers
T.J. O'Connor - 2012
Instead of relying on another attacker's tools, this book will teach you to forge your own weapons using the Python programming language. This book demonstrates how to write Python scripts to automate large-scale network attacks, extract metadata, and investigate forensic artifacts. It also shows how to write code to intercept and analyze network traffic using Python, craft and spoof wireless frames to attack wireless and Bluetooth devices, and how to data-mine popular social media websites and evade modern anti-virus.
Linux Bible
Christopher Negus - 2005
Whether you're new to Linux or need a reliable update and reference, this is an excellent resource. Veteran bestselling author Christopher Negus provides a complete tutorial packed with major updates, revisions, and hands-on exercises so that you can confidently start using Linux today. Offers a complete restructure, complete with exercises, to make the book a better learning tool Places a strong focus on the Linux command line tools and can be used with all distributions and versions of Linux Features in-depth coverage of the tools that a power user and a Linux administrator need to get startedThis practical learning tool is ideal for anyone eager to set up a new Linux desktop system at home or curious to learn how to manage Linux server systems at work.
Programming Pearls
Jon L. Bentley - 1986
Jon has done a wonderful job of updating the material. I am very impressed at how fresh the new examples seem." - Steve McConnell, author, Code CompleteWhen programmers list their favorite books, Jon Bentley's collection of programming pearls is commonly included among the classics. Just as natural pearls grow from grains of sand that irritate oysters, programming pearls have grown from real problems that have irritated real programmers. With origins beyond solid engineering, in the realm of insight and creativity, Bentley's pearls offer unique and clever solutions to those nagging problems. Illustrated by programs designed as much for fun as for instruction, the book is filled with lucid and witty descriptions of practical programming techniques and fundamental design principles. It is not at all surprising that
Programming Pearls
has been so highly valued by programmers at every level of experience. In this revision, the first in 14 years, Bentley has substantially updated his essays to reflect current programming methods and environments. In addition, there are three new essays on (1) testing, debugging, and timing; (2) set representations; and (3) string problems. All the original programs have been rewritten, and an equal amount of new code has been generated. Implementations of all the programs, in C or C++, are now available on the Web.What remains the same in this new edition is Bentley's focus on the hard core of programming problems and his delivery of workable solutions to those problems. Whether you are new to Bentley's classic or are revisiting his work for some fresh insight, this book is sure to make your own list of favorites.
Beautiful Testing: Leading Professionals Reveal How They Improve Software
Tim Riley - 2009
But testing is not a routine process, it's a constant exploration of methods and an evolution of good ideas.Beautiful Testing offers 23 essays from 27 leading testers and developers that illustrate the qualities and techniques that make testing an art. Through personal anecdotes, you'll learn how each of these professionals developed beautiful ways of testing a wide range of products -- valuable knowledge that you can apply to your own projects. Here's a sample of what you'll find inside:Microsoft's Alan Page shares some of his secrets about large-scale test automation.Scott Barber explains why performance testing needs to be a collaborative process, rather than simply an exercise in measuring speed.Karen Johnson describes how her professional experience intersected her personal life while testing medical software.Rex Black reveals how satisfying stakeholders for 25 years is a beautiful thingMathematician John D. Cook applies a classic definition of beauty, based on complexity and unity, to testing random number generatorsAll author royalties will be donated to the Nothing But Nets campaign to save lives by preventing malaria, a disease that kills millions of children in Africa each year.ContentsI. BEAUTIFUL TESTERS 1. Was it good for you? (Linda Wilkinson)2. Beautiful testing satisfies stakeholders (Rex Black)3. Building open source QA communities (Martin Schröder, Clint Talbert)4. Collaboration is the cornerstone of beautiful performance testing (Scott Barber)II. BEAUTIFUL PROCESS5. Just peachy: Making office software more reliable with fuzz testing (Kamran Khan)6. Bug management and test case effectiveness (Emily Chen, Brian Nitz)7. Beautiful XMPP Testing (Remko Troncon)8. Beautiful large-scale test automation (Alan Page)9. Beautiful is better than ugly (Neal Norwitz, Michelle Levesque, Jeffrey Yaskin)10. Testing a random number generator (John D. Cook)11. Change-centric testing (Murali Nandigama)12. Software in use (Karen N. Johnson)13. Software development is a creative process (Chris McMahon)14. Test-driven development: Driving new standards of beauty (Jennitta Andrea)15. Beautiful testing as the cornerstone of business success (Lisa Crispin)16. Peeling the glass onion at Socialtext (Mathew Heusser)17. Beautiful testing is efficient testing (Adam Goucher)III. BEAUTIFUL TOOLS18. Seeding bugs to find bugs: Beautiful mutation testing (Andreas Zeller, David Schuler)19. Reference testing as beautiful testing (Clint Talbert)20. CLAM Anti-virus: testing open source with open tools (Tomasz Kojm)21. Web application testing with Windmill (Adam Christian)22. Testing one million web pages (Tim Riley)23. Testing Network Services in Multimachine Scenarios (Isaac Clerencia)ContributorsIndex
Automate the Boring Stuff with Python: Practical Programming for Total Beginners
Al Sweigart - 2014
But what if you could have your computer do them for you?In "Automate the Boring Stuff with Python," you'll learn how to use Python to write programs that do in minutes what would take you hours to do by hand no prior programming experience required. Once you've mastered the basics of programming, you'll create Python programs that effortlessly perform useful and impressive feats of automation to: Search for text in a file or across multiple filesCreate, update, move, and rename files and foldersSearch the Web and download online contentUpdate and format data in Excel spreadsheets of any sizeSplit, merge, watermark, and encrypt PDFsSend reminder emails and text notificationsFill out online formsStep-by-step instructions walk you through each program, and practice projects at the end of each chapter challenge you to improve those programs and use your newfound skills to automate similar tasks.Don't spend your time doing work a well-trained monkey could do. Even if you've never written a line of code, you can make your computer do the grunt work. Learn how in "Automate the Boring Stuff with Python.""
How Linux Works: What Every Superuser Should Know
Brian Ward - 2004
Some books try to give you copy-and-paste instructions for how to deal with every single system issue that may arise, but How Linux Works actually shows you how the Linux system functions so that you can come up with your own solutions. After a guided tour of filesystems, the boot sequence, system management basics, and networking, author Brian Ward delves into open-ended topics such as development tools, custom kernels, and buying hardware, all from an administrator's point of view. With a mixture of background theory and real-world examples, this book shows both "how" to administer Linux, and "why" each particular technique works, so that you will know how to make Linux work for you.
Release It!: Design and Deploy Production-Ready Software (Pragmatic Programmers)
Michael T. Nygard - 2007
Did you design your system to survivef a sudden rush of visitors from Digg or Slashdot? Or an influx of real world customers from 100 different countries? Are you ready for a world filled with flakey networks, tangled databases, and impatient users?If you're a developer and don't want to be on call for 3AM for the rest of your life, this book will help.In Release It!, Michael T. Nygard shows you how to design and architect your application for the harsh realities it will face. You'll learn how to design your application for maximum uptime, performance, and return on investment.Mike explains that many problems with systems today start with the design.
Code: The Hidden Language of Computer Hardware and Software
Charles Petzold - 1999
And through CODE, we see how this ingenuity and our very human compulsion to communicate have driven the technological innovations of the past two centuries. Using everyday objects and familiar language systems such as Braille and Morse code, author Charles Petzold weaves an illuminating narrative for anyone who’s ever wondered about the secret inner life of computers and other smart machines. It’s a cleverly illustrated and eminently comprehensible story—and along the way, you’ll discover you’ve gained a real context for understanding today’s world of PCs, digital media, and the Internet. No matter what your level of technical savvy, CODE will charm you—and perhaps even awaken the technophile within.
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
Gordon Fyodor Lyon - 2009
From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, this book suits all levels of security and networking professionals. A 42-page reference guide documents every Nmap feature and option, while the rest of the book demonstrates how to apply those features to quickly solve real-world tasks. Examples and diagrams show actual communication on the wire. Topics include subverting firewalls and intrusion detection systems, optimizing Nmap performance, and automating common networking tasks with the Nmap Scripting Engine. Hints and instructions are provided for common uses such as taking network inventory, penetration testing, detecting rogue wireless access points, and quashing network worm outbreaks. Nmap runs on Windows, Linux, and Mac OS X.Nmap's original author, Gordon "Fyodor" Lyon, wrote this book to share everything he has learned about network scanning during more than 11 years of Nmap development. Visit http: //nmap.org/book for more information and sample chapters.
The Art of Deception: Controlling the Human Element of Security
Kevin D. Mitnick - 2001
Since his release from federal prison, in 1998, Mitnick has turned his life around and established himself as one of the most sought-after computer security experts worldwide. Now, in The Art of Deception, the world's most notorious hacker gives new meaning to the old adage, "It takes a thief to catch a thief." Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. With the help of many fascinating true stories of successful attacks on business and government, he illustrates just how susceptible even the most locked-down information systems are to a slick con artist impersonating an IRS agent. Narrating from the points of view of both the attacker and the victims, he explains why each attack was so successful and how it could have been prevented in an engaging and highly readable style reminiscent of a true-crime novel. And, perhaps most importantly, Mitnick offers advice for preventing these types of social engineering hacks through security protocols, training programs, and manuals that address the human element of security.
Managing Risk and Information Security: Protect to Enable
Malcolm Harkins - 2012
Because almost every aspect of an enterprise is now dependent on technology, the focus of IT security must shift from locking down assets to enabling the business while managing and surviving risk. This compact book discusses business risk from a broader perspective, including privacy and regulatory considerations. It describes the increasing number of threats and vulnerabilities, but also offers strategies for developing solutions. These include discussions of how enterprises can take advantage of new and emerging technologiessuch as social media and the huge proliferation of Internet-enabled deviceswhile minimizing risk. With ApressOpen, content is freely available through multiple online distribution channels and electronic formats with the goal of disseminating professionally edited and technically reviewed content to the worldwide community. Here are some of the responses from reviewers of this exceptional work: Managing Risk and Information Security is a perceptive, balanced, and often thought-provoking exploration of evolving information risk and security challenges within a business context. Harkins clearly connects the needed, but often-overlooked linkage and dialog between the business and technical worlds and offers actionable strategies. The book contains eye-opening security insights that are easily understood, even by the curious layman. Fred Wettling, Bechtel Fellow, IS&T Ethics & Compliance Officer, Bechtel As disruptive technology innovations and escalating cyber threats continue to create enormous information security challenges, Managing Risk and Information Security: Protect to Enable provides a much-needed perspective. This book compels information security professionals to think differently about concepts of risk management in order to be more effective. The specific and practical guidance offers a fast-track formula for developing information security strategies which are lock-step with business priorities. Laura Robinson, Principal, Robinson Insight Chair, Security for Business Innovation Council (SBIC) Program Director, Executive Security Action Forum (ESAF) The mandate of the information security function is being completely rewritten. Unfortunately most heads of security havent picked up on the change, impeding their companies agility and ability to innovate. This book makes the case for why security needs to change, and shows how to get started. It will be regarded as marking the turning point in information security for years to come. Dr. Jeremy Bergsman, Practice Manager, CEB The world we are responsible to protect is changing dramatically and at an accelerating pace. Technology is pervasive in virtually every aspect of our lives. Clouds, virtualization and mobile are redefining computing and they are just the beginning of what is to come. Your security perimeter is defined by wherever your information and people happen to be.