Google Hacking for Penetration Testers, Volume 1


Johnny Long - 2004
    What many users don't realize is that the deceptively simple components that make Google so easy to use are the same features that generously unlock security flaws for the malicious hacker. Vulnerabilities in website security can be discovered through Google hacking, techniques applied to the search engine by computer criminals, identity thieves, and even terrorists to uncover secure information. This book beats Google hackers to the punch, equipping web administrators with penetration testing applications to ensure their site is invulnerable to a hacker's search. Penetration Testing with Google Hacks explores the explosive growth of a technique known as "Google Hacking." When the modern security landscape includes such heady topics as "blind SQL injection" and "integer overflows," it's refreshing to see such a deceptively simple tool bent to achieve such amazing results; this is hacking in the purest sense of the word. Readers will learn how to torque Google to detect SQL injection points and login portals, execute port scans and CGI scans, fingerprint web servers, locate incredible information caches such as firewall and IDS logs, password databases, SQL dumps and much more - all without sending a single packet to the target Borrowing the techniques pioneered by malicious "Google hackers," this talk aims to show security practitioners how to properly protect clients from this often overlooked and dangerous form of informationleakage. *First book about Google targeting IT professionals and security leaks through web browsing. *Author Johnny Long, the authority on Google hacking, will be speaking about "Google Hacking" at the Black Hat 2004 Briefing. His presentation on penetrating security flaws with Google is expected to create a lot of buzz and exposure for the topic. *Johnny Long's Web site hosts the largest repository of Google security exposures and is the most popular destination for security professionals who want to learn about the dark side of Google.

The Microsoft Data Warehouse Toolkit: With SQL Server 2008 R2 and the Microsoft Business Intelligence Toolset


Joy Mundy - 2006
    In this new edition, the authors explain how SQL Server 2008 R2 provides a collection of powerful new tools that extend the power of its BI toolset to Excel and SharePoint users and they show how to use SQL Server to build a successful data warehouse that supports the business intelligence requirements that are common to most organizations. Covering the complete suite of data warehousing and BI tools that are part of SQL Server 2008 R2, as well as Microsoft Office, the authors walk you through a full project lifecycle, including design, development, deployment and maintenance.Features more than 50 percent new and revised material that covers the rich new feature set of the SQL Server 2008 R2 release, as well as the Office 2010 release Includes brand new content that focuses on PowerPivot for Excel and SharePoint, Master Data Services, and discusses updated capabilities of SQL Server Analysis, Integration, and Reporting Services Shares detailed case examples that clearly illustrate how to best apply the techniques described in the book The accompanying Web site contains all code samples as well as the sample database used throughout the case studies The Microsoft Data Warehouse Toolkit, Second Edition provides you with the knowledge of how and when to use BI tools such as Analysis Services and Integration Services to accomplish your most essential data warehousing tasks.

The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System


Bill Blunden - 2009
    Adopting an approach that favors full disclosure, The Rootkit Arsenal presents the most accessible, timely, and complete coverage of rootkit technology. This book covers more topics, in greater depth, than any other currently available. In doing so the author forges through the murky back alleys of the Internet, shedding light on material that has traditionally been poorly documented, partially documented, or intentionally undocumented.The spectrum of topics covered includes how to:* Hook kernel structures on multi-processor systems* Use a kernel debugger to reverse system internals* Inject call gates to create a back door into Ring-0* Use detour patches to sidestep group policy* Modify privilege levels on Vista by altering kernel objects* Utilize bootkit technology* Defeat live incident response and post-mortem forensics* Implement code armoring to protect your deliverables* Establish covert channels using the WSK and NDIS 6.0

Web Hacking 101


Peter Yaworski
    With few exceptions, existing books are overly technical, only dedicate a single chapter to website vulnerabilities or don't include any real world examples. This book is different.Using publicly disclosed vulnerabilities, Web Hacking 101 explains common web vulnerabilities and will show you how to start finding vulnerabilities and collecting bounties. With over 30 examples, the book covers topics like:HTML InjectionCross site scripting (XSS)Cross site request forgery (CSRF)Open RedirectsRemote Code Execution (RCE)Application Logicand more...Each example includes a classification of the attack, a report link, the bounty paid, easy to understand description and key takeaways. After reading this book, your eyes will be opened to the wide array of vulnerabilities that exist and you'll likely never look at a website or API the same way.

Configuring Windows 7: Self-Paced Training Kit (MCTS Exam 70-680)


Ian L. McLean - 2009
    This Self-Paced Training Kit is designed to help maximize your performance on 70-680, the required exam for the Microsoft Certified Technology Specialist (MCTS): Windows 7, Configuration certification.This 2-in-1 kit includes the official Microsoft study guide, plus practice tests on CD to help you assess your skills. It comes packed with the tools and features exam candidates want most—including in-depth, self-paced training based on final exam content; rigorous, objective-by-objective review; exam tips from expert, exam-certified authors; and customizable testing options. It also provides real-world scenarios, case study examples, and troubleshooting labs to give you the skills and expertise you can use on the job.Work at your own pace through the lessons and lab exercises. This official study guide covers installing, upgrading, and migrating to Windows 7; configuring network connectivity, applications, and devices; implementing backup and recovery; configuring User Account Control (UAC), mobility options, and new features such as DirectAccess and BranchCache; and managing system updates.Then assess yourself using the 200 practice questions on CD, featuring multiple customizable testing options to meet your specific needs. Choose timed or untimed testing mode, generate random tests, or focus on discrete objectives. You get detailed explanations for right and wrong answers—including pointers back to the book for further study. You also get an exam discount voucher—making this kit an exceptional value and a great career investment.

Ubuntu: The Beginner's Guide


Jonathan Moeller - 2011
     In the Guide, you'll learn how to: -Use the Ubuntu command line. -Manage users, groups, and file permissions. -Install software on a Ubuntu system, both from the command line and the GUI. -Configure network settings. -Use the vi editor to edit system configuration files. -Install and configure a Samba server for file sharing. -Install SSH for remote system control using public key/private key encryption. -Install a DHCP server for IP address management. -Install a LAMP server. -Install web applications like WordPress and Drupal. -Configure an FTP server. -Manage ebooks. -Convert digital media. -Manage and configure Unity, the default Ubuntu environment. -Manage and halt processes from the command line. -Set up both a VNC server and a client. -Enjoy games on Ubuntu. -And many other topics.

The Tangled Web: A Guide to Securing Modern Web Applications


Michal Zalewski - 2011
    Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. To keep users safe, it is essential for developers to confidently navigate this landscape.In The Tangled Web, Michal Zalewski, one of the world's top browser security experts, offers a compelling narrative that explains exactly how browsers work and why they're fundamentally insecure. Rather than dispense simplistic advice on vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security. You'll learn how to:Perform common but surprisingly complex tasks such as URL parsing and HTML sanitization Use modern security features like Strict Transport Security, Content Security Policy, and Cross-Origin Resource Sharing Leverage many variants of the same-origin policy to safely compartmentalize complex web applications and protect user credentials in case of XSS bugs Build mashups and embed gadgets without getting stung by the tricky frame navigation policy Embed or host user-supplied content without running into the trap of content sniffing For quick reference, "Security Engineering Cheat Sheets" at the end of each chapter offer ready solutions to problems you're most likely to encounter. With coverage extending as far as planned HTML5 features, The Tangled Web will help you create secure web applications that stand the test of time.

Hacker Cracker: A Journey from the Mean Streets of Brooklyn to the Frontiers of Cyberspace


Ejovi Nuwere - 2002
    Raised by his grandmother, his extended family included two uncles who served as role models: one a career criminal, the other a college student with a PC he loaned to his nephew. By the time he was 13, Ejovi had become a computer expert -- a gifted hacker with a talent that propelled him to the top of a dangerous underground world in which he ranked as one of its most elite practitioners. And at 21, he has become a top security specialist for one of the world's largest financial firms.Interweaving details of his life growing up on the bullet-ridden streets of Bed-Sty with fascinating hacker lore and a glimpse of the inner workings of sensitive corporate computer systems, Hacker Cracker is a Horatio Alger tale for our times: a thrilling, frightening, and ultimately uplifting story of survival and success.

CISSP for Dummies [With CDROM]


Lawrence C. Miller - 2002
    The topics covered in the exam include: network security, security management, systems development, cryptography, disaster recovery, law, and physical security. CISSP For Dummies, 3rd Edition is the bestselling guide that covers the CISSP exam and helps prepare those wanting to take this security exam. The 3rd Edition features 200 additional pages of new content to provide thorough coverage and reflect changes to the exam. Written by security experts and well-known Dummies authors, Peter Gregory and Larry Miller, this book is the perfect, no-nonsense guide to the CISSP certification, offering test-taking tips, resources, and self-assessment tools.Fully updated with 200 pages of new content for more thorough coverage and to reflect all exam changesSecurity experts Peter Gregory and Larry Miller bring practical real-world security expertiseCD-ROM includes hundreds of randomly generated test questions for readers to practice taking the test with both timed and untimed versions"CISSP For Dummies, 3rd Edition" can lead you down the rough road to certification successNote: CD-ROM/DVD and other supplementary materials are not included as part of eBook file.

CISSP Study Guide


Eric Conrad - 2010
    The exam is designed to ensure that someone who is handling computer security in a company has a standardized body of knowledge. The book is composed of 10 domains of the Common Body of Knowledge. In each section, it defines each domain. It also provides tips on how to prepare for the exam and take the exam. It also contains CISSP practice quizzes to test ones knowledge. The first domain provides information about risk analysis and mitigation. It also discusses security governance. The second domain discusses different techniques for access control, which is the basis for all the security disciplines. The third domain explains the concepts behind cryptography, which is a secure way of communicating that is understood only by certain recipients. Domain 5 discusses security system design, which is fundamental for operating the system and software security components. Domain 6 is a critical domain in the Common Body of Knowledge, the Business Continuity Planning, and Disaster Recovery Planning. It is the final control against extreme events such as injury, loss of life, or failure of an organization. Domains 7, 8, and 9 discuss telecommunications and network security, application development security, and the operations domain, respectively. Domain 10 focuses on the major legal systems that provide a framework in determining the laws about information system.

Rethinking the Internet of Things: A Scalable Approach to Connecting Everything


Francis Dacosta - 2013
    Billions of interconnected devices will be monitoring the environment, transportation systems, factories, farms, forests, utilities, soil and weather conditions, oceans and resources Many of these sensors and actuators will be networked into autonomous sets, with much of the information being exchanged machine-to-machine directly and without human involvement. Machine-to-machine communications are typically terse. Most sensors and actuators will report or act upon small pieces of information - chirps. Burdening these devices with current network protocol stacks is inefficient, unnecessary and unduly increases their cost of ownership. This must change. The architecture of the Internet of Things will entail a widely distributed topology incorporating simpler chirp protocols towards at the edges of the network. Rethinking the Internet of Things describes reasons why we must rethink current approaches to the Internet of Things. Appropriate architectures that will coexist with existing networking protocols are described in detail. An architecture comprised of integrator functions, propagator nodes, and end devices, along with their interactions, is explored. What you'll learn Teaches the difference between the "normal" Internet and the Internet of Things, Describes a new architecture and its components in the "chirp" context. Explains the shortcomings of IP for IoT. Describes the anatomy of the IoT. Re-frames key ideas such as reliability. Describes how to build the IoT Who this book is forThought leaders, executives, architectural, standards and development leaders in the evolving IoT industry

Managing Risk and Information Security: Protect to Enable


Malcolm Harkins - 2012
    Because almost every aspect of an enterprise is now dependent on technology, the focus of IT security must shift from locking down assets to enabling the business while managing and surviving risk. This compact book discusses business risk from a broader perspective, including privacy and regulatory considerations. It describes the increasing number of threats and vulnerabilities, but also offers strategies for developing solutions. These include discussions of how enterprises can take advantage of new and emerging technologies—such as social media and the huge proliferation of Internet-enabled devices—while minimizing risk. With ApressOpen, content is freely available through multiple online distribution channels and electronic formats with the goal of disseminating professionally edited and technically reviewed content to the worldwide community. Here are some of the responses from reviewers of this exceptional work: “Managing Risk and Information Security is a perceptive, balanced, and often thought-provoking exploration of evolving information risk and security challenges within a business context.  Harkins clearly connects the needed, but often-overlooked linkage and dialog between the business and technical worlds and offers actionable strategies.   The book contains eye-opening security insights that are easily understood, even by the curious layman.” Fred Wettling, Bechtel Fellow, IS&T Ethics & Compliance Officer, Bechtel     “As disruptive technology innovations and escalating cyber threats continue to create enormous information security challenges, Managing Risk and Information Security: Protect to Enable provides a much-needed perspective. This book compels information security professionals to think differently about concepts of risk management in order to be more effective. The specific and practical guidance offers a fast-track formula for developing information security strategies which are lock-step with business priorities.” Laura Robinson, Principal, Robinson Insight Chair, Security for Business Innovation Council (SBIC) Program Director, Executive Security Action Forum (ESAF) “The mandate of the information security function is being completely rewritten. Unfortunately most heads of security haven’t picked up on the change, impeding their companies’ agility and ability to innovate. This book makes the case for why security needs to change, and shows how to get started. It will be regarded as marking the turning point in information security for years to come.” Dr. Jeremy Bergsman, Practice Manager, CEB     “The world we are responsible to protect is changing dramatically and at an accelerating pace. Technology is pervasive in virtually every aspect of our lives. Clouds, virtualization and mobile are redefining computing – and they are just the beginning of what is to come. Your security perimeter is defined by wherever your information and people happen to be.

Zero Day: The Threat In Cyberspace


Robert O'Harrow Jr. - 2013
    For more than a year, Washington Post reporter Robert O'Harrow has explored the threats proliferating in our digital universe. This eBook is a compilation of that reporting. With chapters built around real people, including hackers, security researchers and corporate executives, this book will help regular people, lawmakers and businesses better understand the mind-bending challenge of keeping the internet safe from hackers and security breaches -- and all out war.

Steve Jobs & the NeXT Big Thing


Randall E. Stross - 1993
    This period was the nadir of Jobs’s professional life, as NeXT’s products failed to find a welcome in the marketplace. The company burned through more than $250 million without managing to eke out a profit. It would eventually be rescued by Apple and Jobs would return there after the close of the book’s narrative. When he did, he took with him lessons learned during his NeXT years in how not to manage a company.

Thinking in JavaScript


Aravind Shenoy - 2014
    Before we delve into the intricacies of JavaScript, we need to know why it is used. While HTML tells your browser how your webpage will look, JavaScript is used for dynamic content and to add functionality. Using this book, you will understand the concept of JavaScript and its use in web designing. You will also have a look at jQuery in general. You will learn about Functions, Operators, the concept of Variables, Conditions and Loops, Arrays, and the basics of jQuery in this book. Instead of wandering through loads of theory, we have used practical examples in this book. The examples in this book are compatible with almost every browser. Instead of using the verbatim code, you can modify the code and see the change in the output thereby understanding the subtle nuances of JavaScript. By the end of the book, with practice, you can achieve better things and get more acquainted with JavaScript.