Web Application Defender’s Cookbook: Battling Hackers and Protecting Users

Rating: 
Amazon Price: N/A (as of June 24, 2017 12:35 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

Defending your web applications against hackers and attackers

The top-selling book Web Application Hacker's Handbook showed how attackers and hackers identify and attack vulnerable live web applications. This new Web Application Defender's Cookbook is the perfect counterpoint to that book: it shows you how to defend. Authored by a highly credentialed defensive security expert, this new book details defensive security methods and can be used as courseware for training network security personnel, web server administrators, and security consultants.
Continue reading “Web Application Defender's Cookbook: Battling Hackers and Protecting Users”

Consent of the Networked: The Worldwide Struggle For Internet Freedom

Rating: 
Amazon Price: N/A (as of June 24, 2017 22:03 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

The Internet was going to liberate us, but in truth it has not. For every story about the web’s empowering role in events such as the Arab Spring, there are many more about the quiet corrosion of civil liberties by companies and governments using the same digital technologies we have come to depend upon.

Sudden changes in Facebook’s features and privacy settings have exposed identities of protestors to police in Egypt and Iran. Apple removes politically controversial apps at the behest of governments as well as for its own commercial reasons. Dozens of Western companies sell surveillance technology to dictatorships around the world. Google struggles with censorship demands from governments in a range of countries—many of them democracies—as well as mounting public concern over the vast quantities of information it collects about its users.
Continue reading “Consent of the Networked: The Worldwide Struggle For Internet Freedom”

Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts

Rating: 
Amazon Price: N/A (as of June 24, 2017 11:58 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

A future with billions of connected "things" includes monumental security concerns. This practical book explores how malicious attackers can abuse popular IoT-based devices, including wireless LED lightbulbs, electronic door locks, baby monitors, smart TVs, and connected cars.

If you’re part of a team creating applications for Internet-connected devices, this guide will help you explore security solutions. You’ll not only learn how to uncover vulnerabilities in existing IoT devices, but also gain deeper insight into an attacker’s tactics.Analyze the design, architecture, and security issues of wireless lighting systemsUnderstand how to breach electronic door locks and their wireless mechanismsExamine security design flaws in remote-controlled baby monitorsEvaluate the security design of a suite of IoT-connected home productsScrutinize security vulnerabilities in smart TVsExplore research into security weaknesses in smart carsDelve into prototyping techniques that address security in initial designsLearn plausible attacks scenarios based on how people will likely use IoT devices

CyberCrime – A Clear and Present Danger: The CEO’s Guide to Cyber Security

Rating: 
Amazon Price: $49.00 $48.20 You save: $0.80 (2%). (as of June 25, 2017 04:49 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

Is Your Information Easy to Steal? Every business has something it needs to protect. Whether it’s top-secret IP, an exclusive client list, or a secure payment portal, your data is what sets you apart from the competition. But most businesses aren’t doing a very good job of protecting what’s theirs. The digital world is changing fast—and cybercrime is changing with it. Whether it’s a 12-year-old “script kiddie” crippling your website with denial-of-service attacks, or a master hacker targeting a project leader with phishing e-mails, the bad guys have dozens of clever and creative ways to take your assets. Sooner or later, you will come under attack. The future of your organisation depends on making your information hard to steal. But most business owners don’t know where to start. This book is the answer.

Basics of SQL injection Analysis, Detection and Prevention: Web Security

Amazon Price: $45.00 $39.78 You save: $5.22 (12%). (as of June 24, 2017 23:54 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

Web sites are dynamic, static, and most of the time a combination of both. Web sites needs to protect their databases to assure security. An SQL injection attacks interactive web applications that provide database services. These applications take user inputs and use them to create an SQL query at run time. In an SQL injection attack, an attacker might insert a malicious crafted SQL query as input to perform an unauthorized database operation. Using SQL injection attacks, an attacker can retrieve, modify or can delete confidential sensitive information from the database. It may jeopardize the confidentiality, trust and security of Web sites which totally depends on databases. This report presents a “code reengineering” that implicitly protects the web applications from SQL injection attacks. It uses an original approach that combines static as well as dynamic analysis. In this report, I mentioned an automated technique for moving out SQL injection vulnerabilities from Java code by converting plain text inputs received from users into prepared statements.