The latest Web app attacks and countermeasures from world-renowned practitionersProtect your Web applications from malicious attacks by mastering the weapons and thought processes of today's hacker. Written by recognized security practitioners and thought leaders, Hacking Exposed Web Applications, Third Edition is fully updated to cover new infiltration methods and countermeasures. Find out how to reinforce authentication and authorization, plug holes in Firefox and IE, ...

Proven security tactics for today's mobile apps, devices, and networks"A great overview of the new threats created by mobile devices. ...The authors have heaps of experience in the topics and bring that to every chapter." -- SlashdotHacking Exposed Mobile continues in the great tradition of the Hacking Exposed series, arming business leaders and technology practitioners with an in-depth understanding of the latest attacks and countermeasures--so they can leverage...

Penetration testers simulate cyber attacks to find security weaknesses in networks, operating systems, and applications. Information security experts worldwide use penetration techniques to evaluate enterprise defenses.In Penetration Testing, security expert, researcher, and trainer Georgia Weidman introduces you to the core skills and techniques that every pentester needs. Using a virtual machine–based lab that includes Kali Linux and vulnerable operating systems, you’ll ...

A fully updated edition of the world’s bestselling computer security book Hacking Exposed 7: Network Security Secrets and Solutions is filled with all-new information on today's most devastating attacks and proven countermeasures. The book covers: advanced persistent threats; infrastructure hacks; industrial automation and embedded devices; wireless security; the new SCADA protocol hacks; Microsoft Windows Server 2010; Web 2.0; Ubuntu Linux; hardware; Cisco; RFID; malware; ...

The subject of security never strays far from the minds of IT workers, for good reason. If there is a network with even just one connection to another network, it needs to be secured. RADIUS, or Remote Authentication Dial-In User Service, is a widely deployed protocol that enables companies to authenticate, authorize and account for remote users who want access to a system or service from a central network server. Originally developed for dial-up remote access, RADIUS is now used ...

Fully up-to-date coverage of every topic on the CEH v9 certification examThoroughly revised for current exam objectives, this integrated self-study system offers complete coverage of the EC Council's Certified Ethical Hacker v9 exam. Inside, IT security expert Matt Walker discusses all of the tools, techniques, and exploits relevant to the CEH exam. Readers will find learning objectives at the beginning of each chapter, exam tips, end-of-chapter reviews, a...

Security Smarts for the Self-Guided IT ProfessionalLearn how to improve the security posture of your organization and defend against some of the most pervasive network attacks. Malware, Rootkits & Botnets: A Beginners Guide explains the nature, sophistication, and danger of these risks and offers best practices for thwarting them.After reviewing the current threat landscape, the book describes the entire threat lifecycle, explaining how cybercriminals create, dep...

Implement an Effective Security Metrics Project or Program IT Security Metrics provides a comprehensive approach to measuring risks, threats, operational activities, and the effectiveness of data protection in your organization. The book explains how to choose and design effective measurement strategies and addresses the data requirements of those strategies. The Security Process Management Framework is introduced and analytical strategies for security metrics data are discussed. You'll le...

Among the tests you perform on web applications, security testing is perhaps the most important, yet it's often the most neglected. The recipes in the Web Security Testing Cookbook demonstrate how developers and testers can check for the most common web security issues, while conducting unit tests, regression tests, or exploratory tests. Unlike ad hoc security assessments, these recipes are repeatable, concise, and systematic-perfect for integrating into your regular test suite.

Author Michal Zalewski has long been known and respected in the hacking and security communities for his intelligence, curiosity and creativity, and this book is truly unlike anything else out there. In Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks, Zalewski shares his expertise and experience to explain how computers and networks work, how information is processed and delivered, and what security threats lurk in the shadows. No humdrum technica...

Master the tactics and tools of the advanced persistent threat hackerIn this book, IT security expert Tyler Wrightson reveals the mindset, skills, and effective attack vectors needed to compromise any target of choice. Advanced Persistent Threat Hacking discusses the strategic issues that make all organizations vulnerable and provides noteworthy empirical evidence. You'll learn a proven APT Hacker Methodology for systematically targeting and infiltrating an organization ...

The rise of network-based, automated services in the past decade has definitely changed the way businesses operate, but not always for the better. Offering services, conducting transactions and moving data on the Web opens new opportunities, but many CTOs and CIOs are more concerned with the risks. Like the rulers of medieval cities, they've adopted a siege mentality, building walls to keep the bad guys out. It makes for a secure perimeter, but hampers the flow of commerce.Fortunat...