This book is a practical guide to discovering and exploiting security flaws in web applications. The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications.
The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results.
The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias “PortSwigger”, Dafydd developed the popular Burp Suite of web application hack tools.
Wireless LANs can be found nearly everywhere today. Most mobile computers ship with built-in wireless LAN hardware by default and most other computers can be equipped with additional hardware. Because all data is transmitted wirelessly, extra security is needed in these networks. This was a concern to the creators of the IEEE 802.11 standard, who designed a simple protocol called WEP which stands for Wired Equivalent Privacy to protect such networks. Unfortunately, the WEP protocol has some serious design flaws and various attacks are possible against WEP protected networks. This book presents nearly all currently known attacks on the WEP protocol, including their theoretical background and their implementation. This book is intended for network operators, who want to learn more about wireless security, and also for cryptographers, who want to understand the theoretical background of these attacks.
David Litchfield has devoted years to relentlessly searching out the flaws in the Oracle database system and creating defenses against them. Now he offers you his complete arsenal to assess and defend your own Oracle systems. This in-depth guide explores every technique and tool used by black hat hackers to invade and compromise Oracle and then it shows you how to find the weak spots and defend them. Without that knowledge, you have little chance of keeping your databases truly secure.
Dr. Berg P. Hyacinthe (PhD, Florida State University; LLD Candidate, Assas School of Law, CERSA-CNRS, La Sorbonne) is internationally recognized as an eminent and multidisciplinary scientific investigator. A U.S. patent holder featured in Harvard’s Smithsonian/NASA Astrophysics Data System, Dr. Hyacinthe recently served as Assistant Professor and Scientific Advisor to Taibah University’s Strategic Science & Advanced Technology Unit. Dr. Hyacinthe held several positions at County and State levels of the U.S Government in the Information Technology arena. He has been featured in conferences held at the U.S. Naval Postgraduate School, Monterey (author); Defence Academy of the United Kingdom, Shrivenham (invited session Chair); and National Defence College, Helsinki (session Chair). In CYBER WARRIORS AT WAR, he draws on the triangular relationship between technology, law, and Information Age warfare to propose solutions against potential charges of having committed Information Operations (IO) war crimes and/or IO crimes against humanity. According to Dr. Hyacinthe, the success of pre-emptive strikes and decisive military operations depends profoundly upon both reliable human intelligence and the versatile skills of 21st century “cyber warriors” whose IO activities are conducted through modern warfare’s pentagonal synchrony – land, sea, air, cyberspace, and outer space. Unfortunately, these operations are commonly effectuated under a legal reasoning that is ambiguous in important ways: a threat to the national security of the United States of America and to the entire international community. Hence, as this Essay argues, the evolution of modern computer systems as weapons of war compels wary jurists to turn to the laws that should govern development and use of lethal information technologies. Further, this Essay examines how certain military operations within Information Warfare (IW) require new legal framework, and recounts specific events involving various types of IW conduct and cyber attack: an interesting exposé to jurists, military personnel, policymakers, and the growing and diverse body of information professionals around the world.