There are an estimated 8.7 billion devices currently connected to the Internet – and each one is a threat to its owner. Computers and computer systems rule our lives, and it is impossible to imagine life without them. But as society has become evermore dependent, both economically and politically, on the electronic flow of information, it has made us vulnerable to the real and destabilizing threat of cyber attack – the extremes of which could see us having to exist without power, vital resources and communications. Confronting this terrifying reality, Cyber Attack explores the digital dangers we face and examines the extremes they could reach. The book also investigates who is responsible and what can be done to protect us. Cyber Attack is written by bestselling author Paul Day, a former hacker turned leading computer security expert, and covers all areas of digital menace. What you learn in this book will make you think again next time you make an online transaction or send sensitive information from your smart phone.
Reports of cyber criminals, “hacktivists” and nation-states accessing sensitive information and disrupting services in both the public and private domains have risen steadily, heightening concerns over the adequacy of cybersecurity measures. Cybersecurity related concerns range from spearfishing attempts and spam, to malware, to illegal or illicit activity on the dark net. More and more cases of successful cyber-attacks are being reported. Financial information, medical records, any and all personal data maintained on computer systems by individuals or by organizations large and small are vulnerable. Mobile, wireless technology presents new opportunities for cyber-attacks. As more devices communicate with one another, from security systems to thermostats, the “Internet of Things” presents a growing target. Social media sites and advertisements also present opportunities for cybersecurity breaches.
This book is a practical guide to discovering and exploiting security flaws in web applications. The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications.
The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results.
Continue reading “The Web Application Hacker’s Handbook: Discovering and Exploiting Security Flaws”
Firewalls are among the best-known security tools in use today, and their critical role in information security continues to grow. However, firewalls are most effective when they are backed by effective security planning, a well-designed security policy, and when they work in concert with anti-virus software, intrusion detection systems, and other tools. This book aims to explore firewalls in the context of these other elements, providing readers with a solid, in-depth introduction to firewalls that focuses on both managerial and technical aspects of security. Coverage includes packet filtering, authentication, proxy servers, encryption, bastion hosts, virtual private networks (VPNs), log file maintenance, and intrusion detection systems. The second edition offers updated content and brand new material, from enhanced coverage of non-firewall subjects like information and network security to an all-new section dedicated to intrusion detection in the context of incident response.