Protect your Web 2.0 architecture against the latest wave of cybercrime using expert tactics from Internet security professionals. Hacking Exposed Web 2.0 shows how hackers perform reconnaissance, choose their entry point, and attack Web 2.0-based services, and reveals detailed countermeasures and defense techniques. You'll learn how to avoid injection and buffer overflow attacks, fix browser and plug-in flaws, and secure AJAX, Flash, and XML-driven applications. Real-world case studies illustrate social networking site weaknesses, cross-site attack methods, migration vulnerabilities, and IE7 shortcomings.
* Plug security holes in Web 2.0 implementations the proven Hacking Exposed way
* Learn how hackers target and abuse vulnerable Web 2.0 applications, browsers, plug-ins, online databases, user inputs, and HTML forms
* Prevent Web 2.0-based SQL, XPath, XQuery, LDAP, and command injection attacks
* Circumvent XXE, directory traversal, and buffer overflow exploits
* Learn XSS and Cross-Site Request Forgery methods attackers use to bypass browser security controls
* Fix vulnerabilities in Outlook Express and Acrobat Reader add-ons
* Use input validators and XML classes to reinforce ASP and .NET security
* Eliminate unintentional exposures in ASP.NET AJAX (Atlas), Direct Web Remoting, Sajax, and GWT Web applications
* Mitigate ActiveX security exposures using SiteLock, code signing, and secure controls
*
Find and fix Adobe Flash vulnerabilities and DNS rebinding attacks
Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions
Labels: Hacking
Hacking Exposed: Linux, 3 Ed
The Latest Linux Security Solutions
This authoritative guide will help you secure your Linux network--whether you use Linux as a desktop OS, for Internet services, for telecommunications, or for wireless services. Completely rewritten the ISECOM way, Hacking Exposed Linux, Third Edition provides the most up-to-date coverage available from a large team of topic-focused experts. The book is based on the latest ISECOM security research and shows you, in full detail, how to lock out intruders and defend your Linux systems against catastrophic attacks.
Secure Linux by using attacks and countermeasures from the latest OSSTMM research
Follow attack techniques of PSTN, ISDN, and PSDN over Linux
Harden VoIP, Bluetooth, RF, RFID, and IR devices on Linux
Block Linux signal jamming, cloning, and eavesdropping attacks
Apply Trusted Computing and cryptography tools for your best defense
Fix vulnerabilities in DNS, SMTP, and Web 2.0 services
Prevent SPAM, Trojan, phishing, DoS, and DDoS exploits
Find and repair errors in C code with static analysis and Hoare Logic
Labels: Hacking
Professional Penetration Testing: Creating and Operating a Formal Hacking Lab
Save yourself some money! This complete classroom-in-a-book on penetration testing provides material that can cost upwards of $1,000 for a fraction of the price!
Thomas Wilhelm has delivered pen testing training to countless security professionals and now through the pages of this book you can benefit from his years of experience as a professional penetration tester and educator. After reading this book you will be able to create a personal penetration test lab that can deal with real-world vulnerability scenarios.
Penetration testing is the act of testing a network to find security vulnerabilities before they are exploited by phishers, digital piracy groups, and countless other organized or individual malicious hackers. The material presented will be useful to beginners all the way through to advanced practitioners.
•Find out how to turn hacking and pen testing skills into a professional career
•Understand how to conduct controlled attacks on a network through real-world examples of vulnerable and exploitable servers
•Master project management skills necessary for running a formal penetration test and setting up a professional ethical hacking business
•Discover metrics and reporting methodologies that provide experience crucial to a professional penetration tester
•Learn through video - the DVD includes instructional videos that replicate classroom instruction and live, real-world vulnerability simulations of complete servers with known and unknown vulnerabilities to practice hacking skills in a controlled lab environment
Labels: Hacking