The latest Web app attacks and countermeasures from world-renowned practitioners
Protect your Web applications from malicious attacks by mastering the weapons and thought processes of today's hacker. Written by recognized security practitioners and thought leaders, Hacking Exposed Web Applications, Third Edition is fully updated to cover new infiltration methods and countermeasures. Find out how to reinforce authentication and authorization, plug holes in Firefox and IE, reinforce against injection attacks, and secure Web 2.0 features. Integrating security into the Web development lifecycle (SDL) and into the broader enterprise information security program is also covered in this comprehensive resource.
Get full details on the hacker's footprinting, scanning, and profiling tools, including SHODAN, Maltego, and OWASP DirBuster
See new exploits of popular platforms like Sun Java System Web Server and Oracle WebLogic in operation
Understand how attackers defeat commonly used Web authentication technologies
See how real-world session attacks leak sensitive data and how to fortify your applications
Learn the most devastating methods used in today's hacks, including SQL injection, XSS, XSRF, phishing, and XML injection techniques
Find and fix vulnerabilities in ASP.NET, PHP, and J2EE execution environments
Safety deploy XML, social networking, cloud computing, and Web 2.0 services
Defend against RIA, Ajax, UGC, and browser-based, client-side exploits
Protect your wireless systems from crippling attacks using the detailed security information in this comprehensive volume. Thoroughly updated to cover today's established and emerging wireless technologies, Hacking Exposed Wireless, second edition reveals how attackers use readily available and custom tools to target, infiltrate, and hijack vulnerable systems. This book discusses the latest developments in Wi-Fi, Bluetooth, ZigBee, and DECT hacking, and explains how to perform penetration tests, reinforce WPA protection schemes, mitigate packet injection risk, and lock down Bluetooth and RF devices. Cutting-edge techniques for exploiting Wi-Fi clients, WPA2, cordless phones, Bluetooth pairing, and ZigBee encryption are also covered in this fully revised guide.
Build and configure your Wi-Fi attack arsenal with the best hardware and software tools
Explore common weaknesses in WPA2 networks through the eyes of an attacker
Leverage post-compromise remote client attacks on Windows 7 and Mac OS X
Master attack tools to exploit wireless systems, including Aircrack-ng, coWPAtty, Pyrit, IPPON, FreeRADIUS-WPE, and the all new KillerBee
Evaluate your threat to software update impersonation attacks on public networks
Assess your threat to eavesdropping attacks on Wi-Fi, Bluetooth, ZigBee, and DECT networks using commercial and custom tools
Develop advanced skills leveraging Software Defined Radio and other flexible frameworks
Apply comprehensive defenses to protect your wireless devices and infrastructure
Phishing Exposed unveils the techniques phishers employ that enable them to successfully commit fraudulent acts against the global financial industry.
Also highlights the motivation, psychology and legal aspects encircling this deceptive art of exploitation. The External Threat Assessment Team will outline innovative forensic techniques employed in order to unveil the identities of these organized individuals, and does not hesitate to remain candid about the legal complications that make prevention and apprehension so difficult today.
This title provides an in-depth, high-tech view from both sides of the playing field, and is a real eye-opener for the average internet user, the advanced security engineer, on up through the senior executive management of a financial institution. This is the book to provide the intelligence necessary to stay one step ahead of the enemy, and to successfully employ a pro-active and confident strategy against the evolving attacks against e-commerce and its customers.
* Unveils the techniques phishers employ that enable them to successfully commit fraudulent acts * Offers an in-depth, high-tech view from both sides of the playing field to this current epidemic * Stay one step ahead of the enemy with all the latest information
Secure Your Wireless Networks the Hacking Exposed Way
Defend against the latest pervasive and devastating wireless attacks using the tactical security information contained in this comprehensive volume. Hacking Exposed Wireless reveals how hackers zero in on susceptible networks and peripherals, gain access, and execute debilitating attacks. Find out how to plug security holes in Wi-Fi/802.11 and Bluetooth systems and devices. You'll also learn how to launch wireless exploits from Metasploit, employ bulletproof authentication and encryption, and sidestep insecure wireless hotspots. The book includes vital details on new, previously unpublished attacks alongside real-world countermeasures.
Understand the concepts behind RF electronics, Wi-Fi/802.11, and Bluetooth
Find out how hackers use NetStumbler, WiSPY, Kismet, KisMAC, and AiroPeek to target vulnerable wireless networks
Defend against WEP key brute-force, aircrack, and traffic injection hacks
Crack WEP at new speeds using Field Programmable Gate Arrays or your spare PS3 CPU cycles
Prevent rogue AP and certificate authentication attacks
Perform packet injection from Linux
Launch DoS attacks using device driver-independent tools
Exploit wireless device drivers using the Metasploit 3.0 Framework
Identify and avoid malicious hotspots
Deploy WPA/802.11i authentication and encryption using PEAP, FreeRADIUS, and WPA pre-shared keys
This authoritative guide will help you secure your Linux network--whether you use Linux as a desktop OS, for Internet services, for telecommunications, or for wireless services. Completely rewritten the ISECOM way, Hacking Exposed Linux, Third Edition provides the most up-to-date coverage available from a large team of topic-focused experts. The book is based on the latest ISECOM security research and shows you, in full detail, how to lock out intruders and defend your Linux systems against catastrophic attacks.
Secure Linux by using attacks and countermeasures from the latest OSSTMM research
Follow attack techniques of PSTN, ISDN, and PSDN over Linux
Harden VoIP, Bluetooth, RF, RFID, and IR devices on Linux
Block Linux signal jamming, cloning, and eavesdropping attacks
Apply Trusted Computing and cryptography tools for your best defense
Fix vulnerabilities in DNS, SMTP, and Web 2.0 services
Prevent SPAM, Trojan, phishing, DoS, and DDoS exploits
Find and repair errors in C code with static analysis and Hoare Logic
The latest Windows security attack and defense strategies
"Securing Windows begins with reading this book." --James Costello (CISSP) IT Security Specialist, Honeywell
Meet the challenges of Windows security with the exclusive Hacking Exposed "attack-countermeasure" approach. Learn how real-world malicious hackers conduct reconnaissance of targets and then exploit common misconfigurations and software flaws on both clients and servers. See leading-edge exploitation techniques demonstrated, and learn how the latest countermeasures in Windows XP, Vista, and Server 2003/2008 can mitigate these attacks. Get practical advice based on the authors' and contributors' many years as security professionals hired to break into the world's largest IT infrastructures. Dramatically improve the security of Microsoft technology deployments of all sizes when you learn to:
Establish business relevance and context for security by highlighting real-world risks
Take a tour of the Windows security architecture from the hacker's perspective, exposing old and new vulnerabilities that can easily be avoided
Understand how hackers use reconnaissance techniques such as footprinting, scanning, banner grabbing, DNS queries, and Google searches to locate vulnerable Windows systems
Learn how information is extracted anonymously from Windows using simple NetBIOS, SMB, MSRPC, SNMP, and Active Directory enumeration techniques
Prevent the latest remote network exploits such as password grinding via WMI and Terminal Server, passive Kerberos logon sniffing, rogue server/man-in-the-middle attacks, and cracking vulnerable services
See up close how professional hackers reverse engineer and develop new Windows exploits
Identify and eliminate rootkits, malware, and stealth software
Fortify SQL Server against external and insider attacks
Harden your clients and users against the latest e-mail phishing, spyware, adware, and Internet Explorer threats
Deploy and configure the latest Windows security countermeasures, including BitLocker, Integrity Levels, User Account Control, the updated Windows Firewall, Group Policy, Vista Service Refactoring/Hardening, SafeSEH, GS, DEP, Patchguard, and Address Space Layout Randomization
