Learn the essentials of developing secure software in accordance with the most current industry standards, in this comprehensive instructional guide. Secure Software Development: A Programmer's Guide leads readers through the tasks and activities that successful computer programmers navigate on a daily basis, from reading and analyzing requirements to choosing development tools, to guarding against software vulnerabilities and attacks. Additional coverage includes coding with built-in quality and security measures, and follow-up testing once a project is completed. With clear, straightforward examples and actual code snippets, readers can feel confident that they will gain the skills needed to develop software with all the critical components that ensure quality and security.
Using real-world case studies, this guide distills the lessons of security incidents and identifies what went wrong, what went right, and what could be done better in the future. Gupta and Laliberte (both practicing security professionals) examine how losses could have been reduced or prevented, whether through better incident response or through better initial countermeasures. Supporting information, such as network diagrams and screen shots, help illustrate the discussion. Annotation ©2004 Book News, Inc., Portland, OR (booknews.com)
Databases are the nerve center of our economy. Every piece of your personal information is stored there-medical records, bank accounts, employment history, pensions, car registrations, even your children's grades and what groceries you buy. Database attacks are potentially crippling-and relentless.
In this essential follow-up to The Shellcoder's Handbook, four of the world's top security experts teach you to break into and defend the seven most popular database servers. You'll learn how to identify vulnerabilities, how attacks are carried out, and how to stop the carnage. The bad guys already know all this. You need to know it too.
* Identify and plug the new holes in Oracle and Microsoft(r) SQL Server
* Learn the best defenses for IBM's DB2(r), PostgreSQL, Sybase ASE, and MySQL(r) servers
* Discover how buffer overflow exploitation, privilege escalation through SQL, stored procedure or trigger abuse, and SQL injection enable hacker access
* Recognize vulnerabilities peculiar to each database
* Find out what the attackers already know
Continue reading “The Database Hacker's Handbook: Defending Database Servers”
As our economy and our society grow increasingly dependent on cyberspace we are only just beginning to understand how vulnerable that dependency makes us to catastrophic failure. Numerous books and expert studies have defined and detailed the accelerating threat. They are long on alarming description but short on prescribing a real solution, beyond spending billions of dollars on ever more complex technology, inexorably eroding the value of privacy in the name of security. This book clarifies shows how the security methods we have designed for the physical world are futile in cyberspace. If we want effective cybersecurity we need to understand the real and different nature of cyberspace, and the decision makers and security professionals have to understand the laws and rules of cyberspace and why and how they work in cybersecurity. Victor Sheymov’s comprehensive multi-disciplinary approach suggests a fundamentally new approach to security in cyberspace, using methods native to cyberspace, and his book lays out a foundation for an effective, feasible and reliable cybersecurity technology. The book consists of three parts. The first part, Security, is a review of access security in the world of our physical space. This review shows the reasons why our efforts in access security historically have been reasonably effective. The second part, Cyberspace, examines the specific qualities of cyberspace. It explains the fundamental differences between physical and cyberspace, and how these differences are relevant to cybersecurity. The third part, Cybersecurity, shows that methods used in computer security for the last quarter of a century are fundamentally alien to cyberspace. It explains why our efforts to secure cyberspace so far have been completely ineffective. It introduces new approaches to cybersecurity based on methods that are native to cyberspace that can provide real security in cyberspace, as well as protect our critical infrastructure. The Author: Victor Sheymov is a computer security expert, author, scientist, inventor, and holder of multiple patents for methods and systems in cyber security. He was responsible for coordination of all security aspects of Russian cipher communications with its outposts abroad when he was exfiltrated with his wife and daughter by the CIA in 1980. He worked for the National Security Agency for a number of years and is a recipient of several prestigious awards in intelligence and security.
Open source intelligence (OSINT) and web reconnaissance are rich topics for infosec professionals looking for the best ways to sift through the abundance of information widely available online. In many cases, the first stage of any security assessment―that is, reconnaissance―is not given enough attention by security professionals, hackers, and penetration testers. Often, the information openly present is as critical as the confidential data.
Hacking Web Intelligence shows you how to dig into the Web and uncover the information many don't even know exists. The book takes a holistic approach that is not only about using tools to find information online but also how to link all the information and transform it into presentable and actionable intelligence. You will also learn how to secure your information online to prevent it being discovered by these reconnaissance methods.
Hacking Web Intelligence is an in-depth technical reference covering the methods and techniques you need to unearth open source information from the Internet and utilize it for the purpose of targeted attack during a security assessment. This book will introduce you to many new and leading-edge reconnaissance, information gathering, and open source intelligence methods and techniques, including metadata extraction tools, advanced search engines, advanced browsers, power searching methods, online anonymity tools such as TOR and i2p, OSINT tools such as Maltego, Shodan, Creepy, SearchDiggity, Recon-ng, Social Network Analysis (SNA), Darkweb/Deepweb, data visualization, and much more.Provides a holistic approach to OSINT and Web recon, showing you how to fit all the data together into actionable intelligenceFocuses on hands-on tools such as TOR, i2p, Maltego, Shodan, Creepy, SearchDiggity, Recon-ng, FOCA, EXIF, Metagoofil, MAT, and many moreCovers key technical topics such as metadata searching, advanced browsers and power searching, online anonymity, Darkweb / Deepweb, Social Network Analysis (SNA), and how to manage, analyze, and visualize the data you gatherIncludes hands-on technical examples and case studies, as well as a Python chapter that shows you how to create your own information-gathering tools and modify existing APIs