Today we find web applications in every environment independent of a company's size and even in home networks. This fact made web applications also attractive to cyber criminals as there are new attack vectors like Cross Site Scripting, Remote File Inclusions (RFI) and SQL Injections. Such so called web based attacks can be found on every vulnerability statistic because of these attacks are so widespread. Criminals not only break into web applications, they also overtake whole web servers which than can become part of a botnet or even become a command and control server of such. GlastopfNG, is a honeypot specialized on simulating a vulnerable web server/application to become a target of automated or even manual attack. Instead of trying to block these attacks Glastopf tries to get as much information as possible about the attacker and the used attack itself. This gathered information can then be used in different ways to protect real applications in the future against such attacks.
Every day, corporations are connecting the dots about our personal behavior—silently scrutinizing clues left behind by our work habits and Internet use. But who connects the dots about what firms are doing with all this information? Frank Pasquale exposes how powerful interests abuse secrecy for profit and explains ways to rein them in.
Please note that this book was last updated in April 2012, even though the ISBN number and the publication date remain the same as for the first edition.
ModSecurity Handbook is the definitive guide to ModSecurity, a popular open source web application firewall. Written by Ivan Ristic, who designed and wrote much of ModSecurity, this book will teach you everything you need to know to monitor the activity on your web sites and protect them from attack.
Continue reading “ModSecurity Handbook: The Complete Guide to the Popular Open Source Web Application Firewall”
The Definitive Guide to File System Analysis: Key Concepts and Hands-on Techniques
Most digital evidence is stored within the computer's file system, but understanding how file systems work is one of the most technically challenging concepts for a digital investigator because there exists little documentation. Now, security expert Brian Carrier has written the definitive reference for everyone who wants to understand and be able to testify about how file system analysis is performed.
Continue reading “File System Forensic Analysis”
Enormous expanses of the Internet are unreachable with standard web search engines. This book provides the key to finding these hidden resources by identifying how to uncover and use invisible web resources. Mapping the invisible Web, when and how to use it, assessing the validity of the information, and the future of Web searching are topics covered in detail. Only 16 percent of Net-based information can be located using a general search engine. The other 84 percent is what is referred to as the invisible Web—made up of information stored in databases. Unlike pages on the visible Web, information in databases is generally inaccessible to the software spiders and crawlers that compile search engine indexes. As Web technology improves, more and more information is being stored in databases that feed into dynamically generated Web pages. The tips provided in this resource will ensure that those databases are exposed and Net-based research will be conducted in the most thorough and effective manner.