Professional Pen Testing for Web Applications (Programmer to Programmer)

There is no such thing as “perfect security” when it comes to keeping all systems intact and functioning properly. Good penetration (pen) testing creates a balance that allows a system to be secure while simultaneously being fully functional. With this book, you'll learn how to become an effective penetrator (i.e., a white hat or ethical hacker) in order to circumvent the security features of a Web application so that those features can be accurately evaluated and adequate security precautions can be put in place.

After a review of the basics of web applications, you'll be introduced to web application hacking concepts and techniques such as vulnerability analysis, attack simulation, results analysis, manuals, source code, and circuit diagrams. These web application hacking concepts and techniques will prove useful information for ultimately securing the resources that need your protection.

What you will learn from this book
* Surveillance techniques that an attacker uses when targeting a system for a strike
* Various types of issues that exist within the modern day web application space
* How to audit web services in order to assess areas of risk and exposure
* How to analyze your results and translate them into documentation that is useful for remediation
* Techniques for pen-testing trials to practice before a live project

Who this book is for

This book is for programmers, developers, and information security professionals who want to become familiar with web application security and how to audit it.

Wrox Professional guides are planned and written by working programmers to meet the real-world needs of programmers, developers, and IT professionals. Focused and relevant, they address the issues technology professionals face every day. They provide examples, practical solutions, and expert education in new technologies, all designed to help programmers do a better job.

Price: $39.99

Click here to buy from Amazon

Network Security Assessment: From Vulnerability to Patch

Network Security Assessment: From Vulnerability to PatchThis book will take readers from the discovery of vulnerabilities and the creation of the corresponding exploits, through a complete security assessment, all the way through deploying patches against these vulnerabilities to protect their networks.

This is unique in that it details both the management and technical skill and tools required to develop an effective vulnerability management system. Business case studies and real world vulnerabilities are used through the book. It starts by introducing the reader to the concepts of a vulnerability management system. Readers will be provided detailed timelines of exploit development, vendors' time to patch, and corporate path installations. Next, the differences between security assessment s and penetration tests will be clearly explained along with best practices for conducting both. Next, several case studies from different industries will illustrate the effectiveness of varying vulnerability assessment methodologies. The next several chapters will define the steps of a vulnerability assessment including: defining objectives, identifying and classifying assets, defining rules of engagement, scanning hosts, and identifying operating systems and applications. The next several chapters provide detailed instructions and examples for differentiating vulnerabilities from configuration problems, validating vulnerabilities through penetration testing. The last section of the book provides best practices for vulnerability management and remediation.

* Unique coverage detailing both the management and technical skill and tools required to develop an effective vulnerability management system

* Vulnerability management is rated the #2 most pressing concern for security professionals in a poll conducted by Information Security Magazine

* Covers in the detail the vulnerability management lifecycle from discovery through patch.

Price: $62.95

Click here to buy from Amazon

Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition

Gray Hat Hacking The Ethical Hackers Handbook, 3rd EditionFully updated expanded to cover the latest devious hacking methods

Featuring in-depth, advanced coverage of vulnerability discovery and reverse engineering, Gray Hat Hacking, Third Edition provides eight brand-new chapters on the latest ethical hacking techniques. In addition to the new chapters, the rest of the book is updated to address current issues, threats, tools and techniques.

This one-of-a-kind guide offers a comprehensive overview of the hacking landscape and is organized in a progressive manner, first giving an update on the latest developments in hacking-related law, useful to everyone in the security field. Next, the book describes the security testing process and covers useful tools and exploit frameworks. The second section is expanded by explaining social engineering, physical, and insider attacks and the latest trends in hacking (Voice over IP and SCADA attacks). The book then explains, from both a code and machine-level perspective, how exploits work and guides you through writing simple exploits. Finally, the authors provide a comprehensive description of vulnerability research and reverse engineering.

Gray Hat Hacking, Third Edition features eight new chapters, covering:

  • Social engineering
  • Physical attacks
  • Insider attacks
  • VoIP attacks
  • SCADA attacks
  • Dradis framework and information sharing
  • Client content-based attacks
  • Web server attacks

Detailed, authoritative coverage Introduction to Ethical Disclosure; Ethics of Ethical Hacking; Ethical Hacking and the Legal System; Proper and Ethical Disclosure; Penetration Testing and Tools; Social Engineering Attacks; Physical Attacks; Insider Attacks; Using BackTrack LiveCD Linux Distribution; Using Metasploit; Dradis and Managing a Pen Test; Exploiting; Progamming SProgrammingills; Basic Linux Exploits; Advanced Linux Exploits; Shellcode Strategies; Writing Linux Shell Code; Basic Windows Exploits; Client Content Based Attacks; Web Server Attacks; VoIP Attacks; SCADA Attacks; Vulnerability Analysis; Passive Analysis; Advanced Static Analysis with IDA Pro; Advanced Reverse Engineering; Client-Side Browser Exploits; Exploiting Windows Access Control Model; Intelligent Fuzzing with Sulley; From Vulnerability to Exploit; Closing the Holes: Mitigation Techniques; Malware Analysis; Collecting Malware and Initial Analysis; Hacking Malware

Price: $60.00

Click here to buy from Amazon

Wi-Foo: The Secrets of Wireless Hacking

Wi-Foo: The Secrets of Wireless Hacking“This is an excellent book. It contains the ‘in the trenches' coverage that the enterprise administrator needs to know to deploy wireless networks securely.” –Robert Haskins, Chief Technology Officer, ZipLink Wi-Foo: The Secrets of Wireless Hacking is the first practical and realistic book about 802.11 network penetration testing and hardening. Unlike other books, it is based on a daily experience of breaking into and securing wireless LANs. Rather than collecting random wireless security news, tools, and methodologies, Wi-Foo presents a systematic approach to wireless security threats and countermeasures starting from the rational wireless hardware selection for security auditing and finishing with how to choose the optimal encryption ciphers for the particular network you are trying to protect.

Price: $49.99

Click here to buy from Amazon

Seven Deadliest USB Attacks

Seven Deadliest USB Attacks (Syngress Seven Deadliest Attacks Series)Do you need to keep up with the latest hacks, attacks, and exploits effecting USB technology? Then you need Seven Deadliest USB Attacks. This book pinpoints the most dangerous hacks and exploits specific to USB, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable.

 

 

 

Attacks detailed in this book include:

  1. USB Hacksaw
  2. USB Switchblade
  3. USB Based Virus/Malicous Code Launch
  4. USB Device Overflow
  5. RAMdump
  6. Pod Slurping
  7. Social Engineering and USB Technology
  • Knowledge is power, find out about the most dominant attacks currently waging war on computers and networks globally
  • Discover the best ways to defend against these vicious attacks; step-by-step instruction shows you how
  • Institute countermeasures, don't be caught defenseless again, learn techniques to make your computer and network impenetrable

Price: $24.95

Click here to buy from Amazon