|
Хакинг кода. ASP.NET Web Application Security |
|
|
Категория: Безопасность, взлом, «Syngress» |
|
|
| |
|
|
Автор: Марк Барнет, Джеймс Фостер
Издательство: Новый издательский дом
Год издания: 2005
isbn: 5-9643-0069-3, 1-932266-65-8
Количество страниц: 464
Язык: русский
Формат: DJVU
|
Тема атак на различные базы данных, особенно тех, где содержится финансовая информация, сегодня очень актуальна. Умелый хакер может добыть информацию о вашей кредитной карте, подобрав пароль или обойдя систему безопасности сервера вашего банка. Задача программистов и системных администраторов этого банка - уберечь конфиденциальную информацию от хакинга. Хакинг - это искусство взлома всевозможных систем, уничтожение информации на удаленных компьютерах, воровство информации, действия по нанесению вреда компьютерным сетям.
В данном издании описаны основные виды атак, с помощью которых хакеры могут получить доступ к важной информации. Эти угрозы связаны с ошибками при предоставлении полномочий пользователей и авторизации их; при шифровании конфиденциальных данных; при установке индивидуальных уровней доступа; при обеспечении безопасности с помощью XML. Авторы привели примеры конкретных записей для программистов, а также подробности настройки системы для защиты от каждой из описанных атак. Детально освещены все аспекты, связанные с предоставлением паролей к аккаунтам, постановкой секретных вопросов, аутентификацией и авторизацией пользователей.
"Хакинг кода" поможет программистам и системным администраторам предотвратить атаки на пользовательские ячейки и web-сайты. |
|
|
|
|
|
Wireshark & Ethereal Network Protocol Analyzer Toolkit |
|
|
Категория: Безопасность, взлом, «Syngress» |
|
|
| |
|
|
Автор: Angela Orebaugh, Gilbert Ramirez
Издательство: Syngress
Год издания: 2007
isbn: 1-59749-073-3
Количество страниц: 577
Язык: english
Формат: PDF
|
This book provides complete information and step-by-step Instructions for analyzing protocols and network traffic on Windows, Unix or Mac OS X networks. First, readers will learn about the types of sniffers available today and see the benefits of using Ethereal. Readers will then learn to install Ethereal in multiple environments including Windows, Unix and Mac OS X as well as building Ethereal from source and will also be guided through Ethereals graphical user interface. The following sections will teach readers to use command-line options of Ethereal as well as using Tethereal to capture live packets from the wire or to read saved capture files. This section also details how to import and export files between Ethereal and WinDump, Snort, Snoop, Microsoft Network Monitor, and EtherPeek. The book then teaches the reader to master advanced tasks such as creating sub-trees, displaying bitfields in a graphical view, tracking requests and reply packet pairs as well as exclusive coverage of MATE, Ethereals brand new configurable upper level analysis engine. The final section to the book teaches readers to enable Ethereal to read new Data sources, program their own protocol dissectors, and to create and customize Ethereal reports.
|
|
|
|
|
|
Configuring SonicWALL Firewalls |
|
|
Категория: Безопасность, взлом, «Syngress» |
|
|
| |
|
|
Автор: Chris Lathem, Benjamin W Fortenberry
Издательство: Syngress
Год издания: 2006
isbn: 1-59749-250-7
Количество страниц: 530
Язык: english
Формат: PDF
|
Configuring SonicWALL Firewal is the first book to deliver an indepth look at the SonicWALL firewall product line. It covers all of the aspects of the SonicWALL product line from the SOHO devices to the Enterprise SonicWALL firewalls. Also covered are advanced troubleshooting techniques and the SonicWALL Security Manager. This book offers novice users a complete opportunity to learn the SonicWALL firewall appliance. Advanced users will find it a rich technical resource. |
|
|
|
|
|
Botnets. The Killer Web Applications |
|
|
Категория: Безопасность, взлом, «Syngress» |
|
|
| |
|
|
Автор: Craig A Schiller, Jim Binkley
Издательство: Syngress
Год издания: 2007
isbn: 1597491357
Количество страниц: 459
Язык: english
Формат: PDF
|
With funding from organized crime and spam lords, a generation of talented hackers without morals has created a devastating arsenal of deadly toys, in the form of botnets. Norman Elton and Matt Keel from the College of William & Mary in their presentation "Who Owns Your Network?" called bot networks "the single greatest threat facing humanity." This may be an exaggeration, but botnets are arguably the biggest threat that the Internet community has faced. |
|
|
|
|
|
Designing and Building Enterprise DMZs |
|
|
Категория: Безопасность, взлом, «Syngress» |
|
|
| |
|
|
Автор: Ido Dubrawsky
Издательство: Syngress
Год издания: 2006
isbn: 1-59749-100-4
Количество страниц: 736
Язык: english
Формат: PDF
|
This is the only book available on building network DMZs, which are the cornerstone of any good enterprise security configuration. It covers market-leading products from Microsoft, Cisco, and Check Point.
One of the most complicated areas of network technology is designing, planning, implementing, and constantly maintaining a demilitarized zone (DMZ) segment. This book is divided into four logical parts. First the reader will learn the concepts and major design principles of all DMZs. Next the reader will learn how to configure the actual hardware that makes up DMZs for both newly constructed and existing networks. Next, the reader will learn how to securely populate the DMZs with systems and services. The last part of the book deals with troubleshooting, maintaining, testing, and implementing security on the DMZ.
The only book published on Network DMZs on the components of securing enterprise networks
This is the only book available on building network DMZs, which are the cornerstone of any good enterprise security configuration. It covers market-leading products from Microsoft, Cisco, and Check Point
Provides detailed examples for building Enterprise DMZs from the ground up and retro-fitting existing infrastructures |
|
|
|
|
|
The Mezonic Agenda. Hacking the Presidency |
|
|
Категория: Безопасность, взлом, «Syngress» |
|
|
| |
|
|
Автор: Spyros Nomikos, Herbert Thompson
Издательство: Syngress
Год издания: 2004
isbn: 1-931836-83-3
Количество страниц: 401
Язык: english
Формат: PDF
|
"Hack-Along" with the Heroes and Villains of the Mezonic Agenda as the American Presidency hangs in the balance of cyber-space... In six days Hugh Davis will testify before Congress on the security, stability, and safety of Advice Software Inc.'s e-vote software. He is a world-renowned expert on software security, and his testimony will determine if the software will be implemented for use during the 2004 United States Presidential Elections. After his speech at an RSA conference in Amsterdam, he is handed a cryptic CD with information on the software from notorious hacker, Baff Lexicon. Unbeknownst to Davis, Advice Software has been tracking his every move since the inception of their software evaluation. A string of murders including Baff and the CFO of the Mezonic Corporation (a video card manufacturer in Macau, China) intensifies Davis' need to crack the CD and figure out its secrets before his testimony. He and his friend form the FBI must use their knowledge of buffer overflows, format string vulnerabilities and zero-day exploits to penetrate physical and cyber defenses, ultimately uncovering Advice's plot to fix the US presidential elections. Advice Software's CEO takes the game one step further by holding Davis' family as leverage for his testimony. What is the software's secret? Will Davis find out before his testimony? What are the motives that drive Advice Software's CEO and what is his connection to a secret society destined to avenge the 9/11 attacks against the US? |
|
|
|
|
|
Configuring Juniper Networks NetScreen & SSG Firewalls |
|
|
Категория: Безопасность, взлом, «Syngress» |
|
|
| |
|
|
Автор: Rob Cameron
Издательство: Syngress
Год издания: 2007
isbn: 1-59749-118-7
Количество страниц: 769
Язык: english
Формат: PDF
|
Configuring Juniper Networks NetScreen & SSG Firewalls is the only complete reference to this family of products. It covers all of the newly released features of the product line as highlighted by Juniper Networks, including: Complete Coverage of Integrated Intrusion Prevention Step-by-Step Instructions for Protecting Against Worms, Trojans, Spyware, and Malware Advanced Information on Virtualization Technologies And coverage of important new updates: Deep inspection firewall, Centralized- policy-based management, Built-in high availability features, & Rapid deployment features. |
|
|
|
|
|
FISMA Certification & Accreditation Handbook |
|
|
Категория: Безопасность, взлом, «Syngress» |
|
|
| |
|
|
Автор: Laura Taylor
Издательство: Syngress
Год издания: 2007
isbn: 1-59749-116-0
Количество страниц: 530
Язык: english
Формат: PDF
|
C&A is still a nascent science, and although excellent guidance exists on how to evaluate the risk exposure of federal information systems, agencies are still working on improving their C&A programs. C&A is, however, a large endeavor. Although the process has been proven to reduce risk to federal information systems, many folks new to C&A don't know where to start or how to get going on their C&A projects. Seasoned C&A experts continue to look for new ideas on how to improve their existing processes. This book is the first publication with numerous practical examples than can help you step through the C&A process from beginning to end. I wish this book had existed while I was the Security Staff Director of the FDIC so that I could have provided copies to my staff. |
|
|
|
|
|
Hack the Stack. Using Snort and Ethereal to Master the 8 Layers of an Insecure Netork |
|
|
Категория: «Syngress», Безопасность, взлом |
|
|
| |
|
|
Автор: Michael Gregg
Издательство: Syngress
Год издания: 2006
isbn: 1-59749-109-8
Количество страниц: 480
Язык: english
Формат: PDF
|
Remember the first time someone told you about the OSI model and described the various layers? It's probably something you never forgot. This book takes that same layered approach but applies it to network security in a new and refreshing way. It guides readers step-by-step through the stack starting with physical security and working its way up through each of the seven OSI layers. Each chapter focuses on one layer of the stack along with the attacks, vulnerabilities, and exploits that can be found at that layer. The book even includes a chapter on the mythical eighth layer. It's called the people layer. It's included because security is not just about technology it also requires interaction with people, policy and office politics. This book is designed to offer readers a deeper understanding of many common vulnerabilities and the ways in which attacker's exploit, manipulate, misuse, and abuse protocols and applications. The authors guide the readers through this process by using tools such as Ethereal (sniffer) and Snort (IDS). The sniffer is used to help readers understand how the protocols should work and what the various attacks are doing to break them. IDS is used to demonstrate the format of specific signatures and provide the reader with the skills needed to recognize and detect attacks when they occur. What makes this book unique is that it presents the material in a layer by layer approach which offers the readers a way to learn about exploits in a manner similar to which they most likely originally learned networking. This methodology makes this book a useful tool to not only security professionals but also for networking professionals, application programmers, and others. All of the primary protocols such as IP, ICMP, TCP are discussed but each from a security perspective. The authors convey the mindset of the attacker by examining how seemingly small flaws are often the catalyst of potential threats. The book considers the general kinds of things that may be monitored that would have alerted users of an attack. |
|
|
|
|
|
WarDriving and Wireless Penetration Testing |
|
|
Категория: «Syngress», Безопасность, взлом |
|
|
| |
|
|
Автор: Chris Hurley, Russ Rogers, Frank Thornton
Издательство: Syngress
Год издания: 2007
isbn: 1-59749-111-X
Количество страниц: 449
Язык: english
Формат: PDF
|
WarDriving and Wireless Penetration Testing brings together the premiere wireless penetration testers to outline how successful penetration testing of wireless networks is accomplished, as well as how to defend against these attacks. As wireless networking continues to spread in corporate and government use, security experts need to become familiar with the methodologies, tools, and tactics used by both penetration testers and attackers to compromise wireless networks and what they can do to both accomplish their jobs as penetration testers and how to protect networks from sophisticated attackers. WarDriving and Wireless Penetration Testing brings together the premiere wireless penetration testers to outline how successful penetration testing of wireless networks is accomplished, as well as how to defend against these attacks. |
|
|
|
|
|