Book Description

Digital Forensics for Legal Professionals provides you with a guide to digital technology forensics in plain English. In the authors’ years of experience in working with attorneys as digital forensics experts, common questions arise again and again: “What do I ask for?” “Is the evidence relevant?” “What does this item in the forensic report mean?” “What should I ask the other expert?” “What should I ask you?” “Can you explain that to a jury?” This book answers many of those questions in clear language that is understandable by non-technical people. With many illustrations and diagrams that will be usable in court, they explain technical concepts such as unallocated space, forensic copies, timeline artifacts and metadata in simple terms that make these concepts accessible to both attorneys and juries.

The authors also explain how to determine what evidence to ask for, evidence might be that could be discoverable, and the methods for getting to it including relevant subpoena and motion language. Additionally, this book provides an overview of the current state of digital forensics, the right way to select a qualified expert, what to expect from a qualified expert and how to properly use experts before and during trial.

• Includes a companion Web site with: courtroom illustrations, and examples of discovery motions
• Provides examples of direct and cross examination questions for digital evidence
• Contains a reference of definitions of digital forensic terms, relevant case law, and resources for the attorney

Table of Contents
Section 1: What is Digital Forensics?
Chapter 1. Digital Evidence is Everywhere
Chapter 2. Overview of Digital Forensics
Chapter 3. Digital Forensics – The Sub-Disciplines
Chapter 4. The Foundations of Digital Forensics – Best Practices
Chapter 5. Overview of Digital Forensics Tools
Chapter 6. Digital Forensics at Work in the Legal System

Section 2: Experts
Chapter 7. Why Do I Need an Expert?
Chapter 8. The Difference between Computer Experts and Digital Forensic Experts
Chapter 9. Selecting a Digital Forensics Expert
Chapter 10. What to Expect from an Expert
Chapter 11. Approaches by Different Types of Examiners
Chapter 12. Spotting a Problem Expert
Chapter 13. Qualifying an Expert in Court

Sections 3: Motions and Discovery
Chapter 14. Overview of Digital Evidence Discovery
Chapter 15. Discovery of Digital Evidence in Criminal Cases
Chapter 16. Discovery of Digital Evidence in Civil Cases
Chapter 17. Discovery of Computers and Storage Media
Chapter 18. Discovery of Video Evidence
Chapter 19. Discovery of Audio Evidence
Chapter 20. Discovery of Social Media Evidence
Chapter 21. Discovery in Child Pornography Cases
Chapter 22. Discovery of Internet Service Provider Records
Chapter 23. Discovery of Global Positioning System Evidence
Chapter 24. Discovery of Call Detail Records
Chapter 25. Obtaining Expert Funding in Indigent Cases

Section 4: Common Types of Digital Evidence
Chapter 26. Hash Values: The Verification Standard
Chapter 27. Metadata
Chapter 28. Thumbnails and the Thumbnail Cache
Chapter 29. Deleted Data
Chapter 30. Computer Time Artifacts (MAC Times)
Chapter 31. Internet History (Web and Browser Caching)
Chapter 32. Windows Shortcut Files (Link Files)
Chapter 33. Cellular System Evidence and Call Detail Records
Chapter 34. Email Evidence
Chapter 35. Social Media
Chapter 36. Peer to Peer Networks and File Sharing
Chapter 37. Cell Phones
Chapter 38. Video and Photo Evidence
Chapter 39. Databases
Chapter 40. Accounting Systems and Financial Software
Chapter 41. Multiplayer Online games
Chapter 42. Global Positioning Systems

Book Details

• Paperback: 368 pages
• Publisher: Syngress (September 2011)
• Language: English
• ISBN-10: 159749643X
• ISBN-13: 978-1597496438

Related Posts

• The Encyclopedia of Operations Management (23-09-2011)
• Securing the Smart Grid: Next Generation Power Grid Security (24-02-2011)
• Real Life Applications of Soft Computing (24-02-2011)
• QuickBooks 2010: The Missing Manual (29-10-2009)
• Parallel Iterative Algorithms: From Sequential to Grid Computing (06-07-2009)
• Numerical Methods in Scientific Computing: Volume 1 (06-07-2009)
• Mathematics for Computer Graphics (20-04-2011)
• Hello World! Computer Programming for Kids and Other Beginners (27-07-2009)
• Guide to Assembly Language: A Concise Introduction (14-03-2011)
• Gnucash 2.4 Small Business Accounting: Beginner's Guide (21-03-2011)

Book Description

This is the only official, EC-Council-endorsed CHFI (Computer Hacking Forensics Investigator) study guide. It was written for security professionals, systems administrators, IT consultants, legal professionals, IT managers, police and law enforcement personnel studying for the CHFI certification, and professionals needing the skills to identify an intruder’s footprints and properly gather the necessary evidence to prosecute. Key features include:

• The Only Official Study Guide for CHFI
  Provides 100% coverage of all exam objectives.
• Full Web-based Exam
  Modeled after the real exam, it also includes explanations of correct and incorrect answers.
• Exam Objectives
  Each is clearly explained at the beginning of the chapter.
• Notes and Alerts
  Highlight crucial points of the exam modules.
• Exam Objectives Fast Track
  Bulleted highlights emphasize the important points from the exam’s perspective at the end of the chapter.
• Key Terms
  All concepts are defined and explained as they appear.
• Exam Objectives Frequently Asked Questions
  Test what you have learned by reading FAQs based on the material covered in the chapter. Log on to the Syngress Web site to access review questions based on the exam.

Table of Contents
Chapter 1. Computer Forensics in Today’s World
Chapter 2. Systems, Disks, and Media
Chapter 3. The Computer Investigation Process
Chapter 4. Acquiring Data, Duplicating Data, and Recovering Deleted Files
Chapter 5. Windows, Linux, and Macintosh Boot Processes
Chapter 6. Windows and Linux Forensics
Chapter 7. Steganography and Application Password Crackers
Chapter 8. Computer-Assisted Attacks and Crimes
Chapter 9. Investigating Network Traffic and Investigating Logs
Chapter 10. Router Forensics and Network Forensics
Chapter 11. Investigating Wireless Attacks
Chapter 12. PDA, Blackberry, and iPod Forensics
Chapter 13. Forensic Software and Hardware
Chapter 14. Forensics Investigation Using EnCase
Chapter 15. Incident Response
Chapter 16. Types of Investigations

Appendix A. Becoming an Expert Witness
Appendix B. Worldwide Forensic Acts and Laws
Index

Book Details

• Paperback: 960 pages
• Publisher: Syngress (November 2007)
• Language: English
• ISBN-10: 1597491977
• ISBN-13: 978-1597491976

Related Posts

• Hacking Exposed: Wireless (23-05-2009)
• Hacking Exposed: Linux, 3rd Edition (31-01-2011)
• Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition (15-02-2011)
• Zabbix 1.8 Network Monitoring (10-05-2010)
• Windows Vista Annoyances: Tips, Secrets, and Hacks (11-08-2009)
• Windows Server 2008 Security Resource Kit (23-05-2009)
• Ubuntu Unleashed 2012 Edition: Covering 11.10 and 12.04 (04-02-2012)
• Ubuntu Unleashed 2010 Edition: Covering 9.10 and 10.4, 5th Edition (09-12-2009)
• The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws (23-05-2009)
• The Book of Xen: A Practical Guide for the System Administrator (30-01-2010)

Book Description

A tactical guide to installing, implementing, optimizing, and supporting SSH in order to secure your network

Prevent unwanted hacker attacks! This detailed guide will show you how to strengthen your company system’s defenses, keep critical data secure, and add to the functionality of your network by deploying SSH. Security expert Himanshu Dwivedi shows you ways to implement SSH on virtually all operating systems, desktops, and servers, so your system is safe, secure, and stable. Learn how SSH fulfills all the core items in security, including authentication, authorization, encryption, integrity, and auditing. Also, discover methods to optimize the protocol for security and functionality on Unix®, Windows®, and network architecture environments. Additionally, find out about the similarities and differences of the major SSH servers and clients.

With the help of numerous architectural examples and case studies, you’ll gain the necessary skills to:

• Explore many remote access solutions, including the theory, setup, and configuration of port forwarding
• Take advantage of features such as secure e-mail, proxy, and dynamic port forwarding
• Use SSH on network devices that are traditionally managed by Telnet
• Utilize SSH as a VPN solution in both a server and client aspect
• Replace insecure protocols such as Rsh, Rlogin, and FTP
• Use SSH to secure Web browsing and as a secure wireless (802.11) solution

Table of Contents
Part 1: SSH Basics
Chapter 1. Overview of SSH
Chapter 2. SSH Servers
Chapter 3. Secure Shell Clients
Chapter 4. Authentication
Chapter 5. SSH Management

Part 2: Remote Access Solutions
Chapter 6. SSH Port Forwarding
Chapter 7. Secure Remote Access

Part 3: Protocol Replacement
Chapter 8. SSH Versatility
Chapter 9. Proxy Technologies in a secure Web Environment
Chapter 10. SSH Case Studies

Book Details

• Paperback: 402 pages
• Publisher: Wiley (October 2003)
• Language: English
• ISBN-10: 0471458805
• ISBN-13: 978-0471458807

Related Posts

• Ubuntu Unleashed 2012 Edition: Covering 11.10 and 12.04 (04-02-2012)
• The Linux Command Line: A Complete Introduction (23-01-2012)
• The Design of Rijndael: AES - The Advanced Encryption Standard (09-01-2010)
• Shell Scripting: Expert Recipes for Linux, Bash and more (19-09-2011)
• Mastering Unix Shell Scripting, 2nd Edition (14-05-2011)
• From Bash to Z Shell (08-07-2011)
• Classic Shell Scripting (01-09-2011)
• bash Pocket Reference (13-05-2010)
• bash Cookbook (15-11-2011)
• vi and Vim Editors Pocket Reference: Support for every text editing task, 2nd Edition (20-01-2011)

Book Description

“In the Java world, security is not viewed as an add-on a feature. It is a pervasive way of thinking. Those who forget to think in a secure mindset end up in trouble. But just because the facilities are there doesn’t mean that security is assured automatically. A set of standard practices has evolved over the years. The Secure® Coding® Standard for Java™ is a compendium of these practices. These are not theoretical research papers or product marketing blurbs. This is all serious, mission-critical, battle-tested, enterprise-scale stuff.”
—James A. Gosling, Father of the Java Programming Language

An essential element of secure coding in the Java programming language is a well-documented and enforceable coding standard. Coding standards encourage programmers to follow a uniform set of rules determined by the requirements of the project and organization, rather than by the programmer’s familiarity or preference. Once established, these standards can be used as a metric to evaluate source code (using manual or automated processes).

The CERT® Oracle® Secure Coding Standard for Java™ provides rules designed to eliminate insecure coding practices that can lead to exploitable vulnerabilities. Application of the standard’s guidelines will lead to higher-quality systems–robust systems that are more resistant to attack. Such guidelines are required for the wide range of products coded in Java–for devices such as PCs, game players, mobile phones, home appliances, and automotive electronics.

After a high-level introduction to Java application security, seventeen consistently organized chapters detail specific rules for key areas of Java development. For each area, the authors present noncompliant examples and corresponding compliant solutions, show how to assess risk, and offer references for further information. Each rule is prioritized based on the severity of consequences, likelihood of introducing exploitable vulnerabilities, and cost of remediation.

The standard provides secure coding rules for the Java SE 6 Platform including the Java programming language and libraries, and also addresses new features of the Java SE 7 Platform. It describes language behaviors left to the discretion of JVM and compiler implementers, guides developers in the proper use of Java’s APIs and security architecture, and considers  security concerns pertaining to standard extension APIs (from the javax package hierarchy).The standard covers security issues applicable to these libraries: lang, util, Collections, Concurrency Utilities, Logging, Management, Reflection, Regular Expressions, Zip, I/O, JMX, JNI, Math, Serialization, and JAXP.

Book Details

• Paperback: 744 pages
• Publisher: Addison-Wesley Professional (September 2011)
• Language: English
• ISBN-10: 0321803957
• ISBN-13: 978-0321803955

Related Posts

• DSLs in Action (15-01-2011)
• Ubuntu Unleashed 2012 Edition: Covering 11.10 and 12.04 (04-02-2012)
• Programming in Scala, 2nd Edition (19-05-2011)
• Programming Concurrency on the JVM (13-09-2011)
• Practical Clojure (02-06-2010)
• Oracle SOA Suite 11g R1 Developer’s Guide (09-08-2010)
• Oracle PL/SQL Recipes: A Problem-Solution Approach (27-12-2010)
• Oracle JRockit: The Definitive Guide (21-06-2010)
• JBoss ESB: Beginner's Guide (07-02-2012)
• JavaFX 2.0: Introduction by Example (14-01-2012)

Book Description

If you’re an app developer with a solid foundation in Objective-C, this book is an absolute must—chances are very high that your company’s iOS applications are vulnerable to attack. That’s because malicious attackers now use an arsenal of tools to reverse-engineer, trace, and manipulate applications in ways that most programmers aren’t aware of.

This guide illustrates several types of iOS attacks, as well as the tools and techniques that hackers use. You’ll learn best practices to help protect your applications, and discover how important it is to understand and strategize like your adversary.

• Examine subtle vulnerabilities in real-world applications—and avoid the same problems in your apps
• Learn how attackers infect apps with malware through code injection
• Discover how attackers defeat iOS keychain and data-protection encryption
• Use a debugger and custom code injection to manipulate the runtime Objective-C environment
• Prevent attackers from hijacking SSL sessions and stealing traffic
• Securely delete files and design your apps to prevent forensic data leakage
• Avoid debugging abuse, validate the integrity of run-time classes, and make your code harder to trace

Table of Contents
Chapter 1. Everything You Know Is Wrong

Part I: Hacking
Chapter 2. The Basics of Compromising iOS
Chapter 3. Stealing the Filesystem
Chapter 4. Forensic Trace and Data Leakage
Chapter 5. Defeating Encryption
Chapter 6. Unobliterating Files
Chapter 7. Manipulating the Runtime
Chapter 8. Abusing the Runtime Library
Chapter 9. Hijacking Traffic

Part II: Securing
Chapter 10. Implementing Encryption
Chapter 11. Counter Forensics
Chapter 12. Securing the Runtime
Chapter 13. Jailbreak Detection
Chapter 14. Next Steps

Book Details

• Paperback: 356 pages
• Publisher: O’Reilly Media (January 2012)
• Language: English
• ISBN-10: 1449318746
• ISBN-13: 978-1449318741

Related Posts

• Windows Vista Annoyances: Tips, Secrets, and Hacks (11-08-2009)
• Web Security, Privacy and Commerce, 2nd Edition (10-05-2011)
• Using SQLite (20-08-2010)
• Ubuntu Unleashed 2012 Edition: Covering 11.10 and 12.04 (04-02-2012)
• The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws (23-05-2009)
• The Official CHFI Study Guide (Exam 312-49) (08-02-2012)
• The Design of Rijndael: AES - The Advanced Encryption Standard (09-01-2010)
• The CERT Oracle Secure Coding Standard for Java (28-01-2012)
• The Basics of Hacking and Penetration Testing (26-11-2011)
• Tap, Move, Shake: Turning Your Game Ideas into iPhone & iPad Apps (29-12-2011)

Book Description

When the Stuxnet computer worm damaged the Iranian nuclear program in 2010, the public got a small glimpse into modern cyber warfare—without truly realizing the scope of this global conflict. Inside Cyber Warfare provides fascinating and disturbing details on how nations, groups, and individuals throughout the world increasingly rely on Internet attacks to gain military, political, and economic advantages over their adversaries.

This updated second edition takes a detailed look at the complex domain of cyberspace, and the players and strategies involved. You’ll discover how sophisticated hackers working on behalf of states or organized crime patiently play a high-stakes game that could target anyone, regardless of affiliation or nationality.

• Discover how Russian investment in social networks benefits the Kremlin
• Learn the role of social networks in fomenting revolution in the Middle East and Northern Africa
• Explore the rise of anarchist groups such as Anonymous and LulzSec
• Look inside cyber warfare capabilities of nations including China and Israel
• Understand how the U.S. can legally engage in covert cyber operations
• Learn how the Intellectual Property war has become the primary focus of state-sponsored cyber operations

Jeffrey Carr, the founder and CEO of Taia Global, Inc., is a cyber intelligence expert and consultant who specializes in the investigation of cyber attacks against governments and infrastructures by state and non-state hackers.

Table of Contents
Chapter 1. Assessing the Problem
Chapter 2. The Rise of the Nonstate Hacker
Chapter 3. The Legal Status of Cyber Warfare
Chapter 4. Responding to International Cyber Attacks as Acts of War
Chapter 5. The Intelligence Component to Cyber Warfare
Chapter 6. Nonstate Hackers and the Social Web
Chapter 7. Follow the Money
Chapter 8. Organized Crime in Cyberspace
Chapter 9. Investigating Attribution
Chapter 10. Weaponizing Malware
Chapter 11. The Role of Cyber in Military Doctrine
Chapter 12. A Cyber Early Warning Model
Chapter 13. Advice for Policymakers from the Field
Chapter 14. Conducting Operations in the Cyber-Space-Time Continuum
Chapter 15. The Russian Federation: Information Warfare Framework
Chapter 16. Cyber Warfare Capabilities by Nation-State
Chapter 17. US Department of Defense Cyber Command and Organizational Structure
Chapter 18. Active Defense for Cyber: A Legal Framework for Covert Countermeasures

Book Details

• Paperback: 316 pages
• Publisher: O’Reilly Media; 2nd Edition (December 2011)
• Language: English
• ISBN-10: 1449310044
• ISBN-13: 978-1449310042

Related Posts

• The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws (23-05-2009)
• The Official CHFI Study Guide (Exam 312-49) (08-02-2012)
• How to Cheat at Voip Security (17-05-2009)
• Hacking Exposed: Wireless (23-05-2009)
• Hacking Exposed: Web 2.0 (31-01-2011)
• Hacking Exposed: Malware & Rootkits (31-01-2011)
• Hacking Exposed: Linux, 3rd Edition (31-01-2011)
• Hacking Exposed, 6th Edition (23-05-2009)
• Hackers: Heroes of the Computer Revolution (04-06-2010)
• Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners (07-06-2011)

Book Description

With the Android platform fast becoming a target of malicious hackers, application security is crucial. This concise book provides the knowledge you need to design and implement robust, rugged, and secure apps for any Android device. You’ll learn how to identify and manage the risks inherent in your design, and work to minimize a hacker’s opportunity to compromise your app and steal user data.

How is the Android platform structured to handle security? What services and tools are available to help you protect data? Up until now, no single resource has provided this vital information. With this guide, you’ll learn how to address real threats to your app, whether or not you have previous experience with security issues.

• Examine Android’s architecture and security model, and how it isolates the filesystem and database
• Learn how to use Android permissions and restricted system APIs
• Explore Android component types, and learn how to secure communications in a multi-tier app
• Use cryptographic tools to protect data stored on an Android device
• Secure the data transmitted from the device to other parties, including the servers that interact with your app

Table of Contents
Chapter 1. Introduction
Chapter 2. Android Architecture
Chapter 3. Application Permissions
Chapter 4. Component Security and Permissions
Chapter 5. Protecting Stored Data
Chapter 6. Securing Server Interactions
Chapter 7. Summary

Book Details

• Paperback: 112 pages
• Publisher: O’Reilly Media (December 2011)
• Language: English
• ISBN-10: 1449315070
• ISBN-13: 978-1449315078

Related Posts

• Developing Android Applications with Adobe AIR (05-05-2011)
• App Inventor (09-05-2011)
• Android in Action, 3rd Edition (19-12-2011)
• Android Apps for Absolute Beginners (23-06-2011)
• Android 3.0 Application Development Cookbook (10-08-2011)
• Unlocking Android (28-07-2009)
• The Busy Coder’s Guide to Android Development (09-01-2010)
• The Busy Coder's Guide to Android Development, Version 3.6 (04-04-2011)
• The Android Developer’s Cookbook: Building Applications with the Android SDK (25-11-2010)
• Sams Teach Yourself Android Application Development in 24 Hours, 2nd Edition (24-09-2011)

Book Description

“Thorough and comprehensive coverage from one of the foremost experts in browser security.”
—Tavis Ormandy, Google Inc.

Modern web applications are built on a tangle of technologies that have been developed over time and then haphazardly pieced together. Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. To keep users safe, it is essential for developers to confidently navigate this landscape.

In The Tangled Web, Michal Zalewski, one of the world’s top browser security experts, offers a compelling narrative that explains exactly how browsers work and why they’re fundamentally insecure. Rather than dispense simplistic advice on vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security. You’ll learn how to:

• Perform common but surprisingly complex tasks such as URL parsing and HTML sanitization
• Use modern security features like Strict Transport Security, Content Security Policy, and Cross-Origin Resource Sharing
• Leverage many variants of the same-origin policy to safely compartmentalize complex web applications and protect user credentials in case of XSS bugs
• Build mashups and embed gadgets without getting stung by the tricky frame navigation policy
• Embed or host user-supplied content without running into the trap of content sniffing

For quick reference, “Security Engineering Cheat Sheets” at the end of each chapter offer ready solutions to problems you’re most likely to encounter. With coverage extending as far as planned HTML5 features, The Tangled Web will help you create secure web applications that stand the test of time.

Table of Contents
Chapter 1 Security in the World of Web Applications

Part I: Anatomy of the Web
Chapter 2 It Starts with a URL
Chapter 3 Hypertext Transfer Protocol
Chapter 4 Hypertext Markup Language
Chapter 5 Cascading Style Sheets
Chapter 6 Browser-Side Scripts
Chapter 7 Non-HTML Document Types
Chapter 8 Content Rendering with Browser Plug-ins

Part II: Browser Security Features
Chapter 9 Content Isolation Logic
Chapter 10 Origin Inheritance
Chapter 11 Life Outside Same-Origin Rules
Chapter 12 Other Security Boundaries
Chapter 13 Content Recognition Mechanisms
Chapter 14 Dealing with Rogue Scripts
Chapter 15 Extrinsic Site Privileges

Part III: A Glimpse of Things to Come
Chapter 16 New and Upcoming Security Features
Chapter 17 Other Browser Mechanisms of Note

Chapter 18 Common Web Vulnerabilities

Appendix Epilogue
Notes
UPDATES

Book Details

• Paperback: 320 pages
• Publisher: No Starch Press (November 2011)
• Language: English
• ISBN-10: 1593273886
• ISBN-13: 978-1593273880

Related Posts

• jQuery 1.4 Animation Techniques: Beginners Guide (08-04-2011)
• XML and Java: Developing Web Applications, 2nd Edition (10-06-2009)
• WordPress Web Design For Dummies (07-11-2011)
• WordPress Bundle (11-02-2012)
• WordPress 3.0 jQuery (25-10-2010)
• WordPress 3 Site Blueprints (27-08-2010)
• Web Development Recipes (21-01-2012)
• Web Design with HTML and CSS Digital Classroom (02-11-2011)
• Web Design DeMYSTiFieD (15-03-2011)
• Web Design Bundle (Best Practices, UX, Typography, Business) (10-02-2012)

Book Description

Security is one of the most difficult areas in today’s IT industry. The reason being; the speed at which security methods are developing is considerably slower than the methods of hacking. One of the ways to tackle this is to implement Agile IT Security. Agile IT security methodology is based on proven software development practices. It takes the best works from Agile Software Development (Scrum, OpenUp, Lean) and applies it to security implementations.

This book combines the Agile software development practices with IT security. It teaches you how to deal with the ever-increasing threat to IT security and helps you build robust security with lesser costs than most other methods of security. It is designed to teach the fundamental methodologies of an agile approach to IT security. Its intent is to compare traditional IT security implementation approaches to new agile methodologies. Written by a senior IT specialist at IBM, you can rest assured of the usability of these methods directly in your organization.

This book will teach IT Security professionals the concepts and principles that IT development has been using for years to help minimize risk and work more efficiently. The book will take you through various scenarios and aspects of security issues and teach you how to implement security and overcome hurdles during your implementation.

It begins by identifying risks in IT security and showing how Agile principles can be used to tackle them. It then moves to developing security policies and identifying your organization’s assets. The last section teaches you how you can overcome real-world issues in implementing Agile security in your organization including dealing with your colleagues.

What you will learn from this book :

• Understand the various modern-day security risks and concerns and how Agile IT security is useful in dealing with these risks
• Learn Agile principles like pairwise, refactoring, collective ownership, collaboration, track project divergence and velocity rates
• Develop security policies and articulate security value and take steps to ensure your employees’ security awareness
• Identify your organization’s high value assets and apply risk-driven security
• Employ Lean implementation principles like eliminating waste, amplified learning, late decisions and fast deliveries
• Learn what teams in your organization can help you with security, and tie up with them
• Learn how to overcome Agile barriers and fears and train your security professionals
• Learn Agile team success factors and Agile risk success factors

Approach
The book is a tutorial that goes from basic to professional level for Agile IT security. It begins by assuming little knowledge of agile security. Readers should hold a good knowledge of security methods and agile development.

Who this book is written for
The book is targeted at IT security managers, directors, and architects. It is useful for anyone responsible for the deployment of IT security countermeasures. Security people with a strong knowledge of agile software development will find this book to be a good review of agile concepts.

Book Details

• Paperback: 120 pages
• Publisher: Packt Publishing (November 2011)
• Language: English
• ISBN-10: 1849685703
• ISBN-13: 978-1849685702

Related Posts

• User Stories Applied: For Agile Software Development (19-07-2011)
• Ubuntu Unleashed 2012 Edition: Covering 11.10 and 12.04 (04-02-2012)
• The Agile Samurai: How Agile Masters Deliver Great Software (28-09-2010)
• Security on Rails (19-12-2009)
• Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB (24-07-2009)
• Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, 2nd Edition (04-01-2011)
• Pro Agile .NET Development with SCRUM (24-10-2011)
• Practices of an Agile Developer: Working in the Real World (27-07-2009)
• Practices for Scaling Lean & Agile Development: Large, Multisite, and Offshore Product Development with Large-Scale Scrum (31-01-2010)
• Managing Software Debt: Building for Inevitable Change (03-02-2011)

Book Description

Tools used for penetration testing are often purchased or downloaded from the Internet. Each tool is based on a programming language such as Perl, Python, or Ruby. If a penetration tester wants to extend, augment, or change the functionality of a tool to perform a test differently than the default configuration, the tester must know the basics of coding for the related programming language. Coding for Penetration Testers provides the reader with an understanding of the scripting languages that are commonly used when developing tools for penetration testing. It also guides the reader through specific examples of custom tool development and the situations where such tools might be used. While developing a better understanding of each language, the reader is guided through real-world scenarios and tool development that can be incorporated into a tester’s toolkit.

Review
“Penetration testing is a profession that requires the mastery of dozens of tools; every job poses challenges that require these tools to be mixed, matched, and automated. The master penetration tester not only excels at using his or her toolbox, but also expands it with custom scripts and unique programs to solve the challenge of the day. This book provides a solid introduction to custom scripting and tool development, using multiple languages, with a penetration tester’s goals in mind. This background can transform penetration testing from a manual, often repetitive task, to an efficient process that is not just faster, but also more accurate and consistent across large engagements.”
–HD Moore, Metasploit Founder and CSO of Rapid7

“Penetration testing requires that the tester understand the target as much as possible, and know how to perform various attacks while being as efficient as possible. Having the skill set to create and use a variety of scripts increases the penetration tester’s efficiency and elevates him or her from the script kiddie to the professional realm. Ryan Linn and Jason Andress have created a guide that explores and introduces the techniques that are necessary to build the scripts used during a test. No matter the platform, this book provides the information required to learn scripting and become a world-class penetration tester. This is definitely a book that will remain close at hand for every test I perform!”
–Kevin Johnson, Senior Consultant, Secure Ideas

Table of Contents
Chapter 0: Introduction
Chapter 1: Introduction to Command Shell Scripting
Chapter 2: Introduction to Python
Chapter 3: Introduction to Perl
Chapter 4: Introduction to Ruby
Chapter 5: Introduction to Web Scripting with PHP
Chapter 6: Manipulating Windows with PowerShell
Chapter 7: Scanner Scripting
Chapter 8: Information Gathering
Chapter 9: Exploitation Scripting
Chapter 10: Post-Exploitation Scripting
Appendix: Subnetting and CIDR Addresses

Book Details

• Paperback: 320 pages
• Publisher: Syngress (October 2011)
• Language: English
• ISBN-10: 1597497290
• ISBN-13: 978-1597497299

Related Posts

• Ubuntu Unleashed 2012 Edition: Covering 11.10 and 12.04 (04-02-2012)
• The Basics of Hacking and Penetration Testing (26-11-2011)
• Metasploit: The Penetration Tester's Guide (30-07-2011)
• BackTrack 5 Wireless Penetration Testing: Beginner's Guide (01-10-2011)
• BackTrack 4: Assuring Security by Penetration Testing (11-05-2011)
• Zend Enterprise PHP Patterns (17-09-2009)
• WordPress 3 Ultimate Security (06-07-2011)
• Windows Server 2008 Security Resource Kit (23-05-2009)
• Web Security, Privacy and Commerce, 2nd Edition (10-05-2011)
• Usability Testing Essentials: Ready, Set...Test! (07-06-2011)

Book Description

Whether your company is planning on database migration, desktop application migration, or has IT infrastructure consolidation projects, this book gives you all the resources you’ll need. It gives you recommendations on tools, strategy and best practices and serves as a guide as you plan, determine effort and budget, design, execute and roll your modern Oracle system out to production. Focusing on Oracle grid relational database technology and Oracle Fusion Middleware as the target cloud-based architecture, your company can gain organizational efficiency, agility, increase innovation and reduce IT Total Cost of Ownership (TCO) by moving to service-oriented, Web-based cloud architectures.

Table of Contents
Chapter 1: Migrating to the Cloud: Client/Server Migrations to the Oracle Cloud
Chapter 2: Identifying the Level of Effort and Cost
Chapter 3: Methodology and Design
Chapter 4: Relational Migration Tools
Chapter 5: Database Schema and Data Migration
Chapter 6: Database Stored Object Migration
Chapter 7: Application Migration/Porting Due to Database Migration
Chapter 8: Migrating Applications to the Cloud
Chapter 9: Service Enablement of Client/Server Applications
Chapter 10: Oracle Database Cloud Infrastructure Planning and Implementation
Chapter 11: Sybase Migrations from a Systems Integrator Perspective, and Case Study
Chapter 12: Application Migration: Oracle Forms to Oracle Application Development Framework 11g
Chapter 13: Application Migration: PowerBuilder to Oracle APEX
Chapter 14: Challenges and Emerging Trends

About the Author
Tom Laszewski has over twenty years’ experience in databases, middleware, software development, management, and building strong technical partnerships. He is currently the Director of the Oracle Platform Migrations Group.

Prakash Nauduri has over 18 years’ experience working with databases, middleware, development tools/technologies, software design, development and training. He is currently the Technical Director of the Oracle Platform Migrations Group.

Book Details

• Paperback: 400 pages
• Publisher: Syngress (October 2011)
• Language: English
• ISBN-10: 1597496472
• ISBN-13: 978-1597496476

Related Posts

• Windows Azure Platform, 2nd Edition (14-01-2012)
• Understanding PaaS (26-01-2012)
• Ubuntu Unleashed 2012 Edition: Covering 11.10 and 12.04 (04-02-2012)
• Successful Project Management: Applying Best Practices and Real-World Techniques with Microsoft Project (02-04-2011)
• Python and AWS Cookbook (05-11-2011)
• Puppet 2.7 Cookbook (10-11-2011)
• Professional SharePoint 2010 Cloud-Based Solutions (22-11-2011)
• Pro SharePoint 2010 Disaster Recovery and High Availability (17-01-2012)
• Pro Oracle Application Express 4 (13-08-2011)
• PHP Development in the Cloud (22-12-2011)

Book Description

Great commercial penetration testing tools can be very expensive and sometimes hard to use or of questionable accuracy. This book helps solve both of these problems. The open source, no-cost penetration testing tools presented do a great job and can be modified by the user for each situation. Many tools, even ones that cost thousands of dollars, do not come with any type of instruction on how and in which situations the penetration tester can best use them. Penetration Tester’s Open Source Toolkit, Third Edition, expands upon existing instructions so that a professional can get the most accurate and in-depth test results possible. Real-life scenarios are a major focus so that the reader knows which tool to use and how to use it for a variety of situations.

• Details current open source penetration testing tools
• Presents core technologies for each type of testing and the best tools for the job
• New to this edition: Enterprise application testing, client-side attacks and updates on Metasploit and Backtrack

Review
“Jeremy Faircloth continues to write about computer and network security in ways that help the InfoSec community. In Penetration Tester’s Open Source Toolkit, Third Edition he combines his sharp insight into a wide variety of technologies, diverse penetration testing approaches and several penetration testing tools (then showcases these tools in action in the case study in each chapter) so the student of penetration testing can go out and get it done. This is just the kind of writing we should be expecting from our front runners in IT to be doing to support our Enterprise.”
–Tim Hoffman, President, Alida Connection

“All in all Penetration Tester’s Open Source Toolkit is a good read. Clear, concise and made me want to put to work the knowledge I had learnt at the end of each chapter so that I could say, yes I do understand how that works and how to use it in future tests.”
–review on Hakin9.org

Book Details

• Paperback: 464 pages
• Publisher: Syngress; 3rd Edition (August 2011)
• Language: English
• ISBN-10: 1597496278
• ISBN-13: 978-1597496278

Related Posts

• ZK Developer's Guide (09-11-2011)
• Zen Cart: E-commerce Application Development (05-07-2009)
• XMPP: The Definitive Guide (05-07-2009)
• WordPress Web Design For Dummies (07-11-2011)
• WordPress Top Plugins (27-10-2010)
• WordPress Theme Design (18-05-2009)
• WordPress MU 2.8: Beginner's Guide (08-11-2009)
• WordPress In Depth, 2nd Edition (26-09-2011)
• WordPress In Depth (19-02-2010)
• WordPress For Dummies, 3rd Edition (07-02-2011)

Book Description

The Basics of Hacking and Penetration Testing serves as an introduction to the steps required to complete a penetration test or perform an ethical hack from beginning to end. No prior hacking experience is needed. You learn how to properly utilize and interpret the results of modern day hacking tools, which are required to complete a penetration test. Tool coverage includes Backtrack Linux, Google reconnaissance, MetaGooFil, dig, Nmap, Nessus, Metasploit, Fast Track Autopwn, Netcat, Hacker Defender rootkit, and more. A simple and clean explanation of how to effectively utilize these tools as well as the introduction to a four-step methodology for conducting a penetration test or hack, will provide you with know-how required to jump start your career or gain a better understanding of offensive security. The book serves as an introduction to penetration testing and hacking and will provide you with a solid foundation of knowledge. After completing the book readers will be prepared to take on in-depth and advanced topics in hacking and penetration testing. The book walks through each of the steps and tools in a structured, orderly manner allowing readers to understand how the output from each tool can be fully utilized in the subsequent phases of the penetration test. This process allows readers to clearly see how the tools and phases relate.

• Each chapter contains hands-on examples and exercises that are designed to teach you how to interpret the results and utilize those results in later phases
• Written by an author who works in the field as a Penetration Tester and who teaches Offensive Security, Penetration Testing, and Ethical Hacking, and Exploitation classes at Dakota State University
• Utilizes the Backtrack Linux distribution and focuses on the seminal tools required to complete a penetration test

Review
“Have you heard of penetration testing but have no idea what it entails?  This is the perfect book to get you started,  easy to read, does not assume prior knowledge, and is up-to-date.  I strongly recommend Pat’s latest work.” -Jared DeMott, Principle Security Researcher, Crucial Security, Inc.

Book Details

• Paperback: 180 pages
• Publisher: Syngress (August 2011)
• Language: English
• ISBN-10: 1597496553
• ISBN-13: 978-1597496551

Related Posts

• BackTrack 4: Assuring Security by Penetration Testing (11-05-2011)
• The Official CHFI Study Guide (Exam 312-49) (08-02-2012)
• Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques (12-03-2011)
• Metasploit: The Penetration Tester's Guide (30-07-2011)
• Linux Server Hacks: 100 Industrial-Strength Tips and Tools (01-09-2011)
• Hacking Exposed: Linux, 3rd Edition (31-01-2011)
• Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition (15-02-2011)
• Coding for Penetration Testers: Building Better Tools (26-11-2011)
• BackTrack 5 Wireless Penetration Testing: Beginner's Guide (01-10-2011)
• Zabbix 1.8 Network Monitoring (10-05-2010)

Book Description

“Give a man an exploit and you make him a hacker for a day; teach a man to exploit bugs and you make him a hacker for a lifetime.”
–Felix ‘FX’ Lindner

Seemingly simple bugs can have drastic consequences, allowing attackers to compromise systems, escalate local privileges, and otherwise wreak havoc on a system.

A Bug Hunter’s Diary follows security expert Tobias Klein as he tracks down and exploits bugs in some of the world’s most popular software, like Apple’s iOS, the VLC media player, web browsers, and even the Mac OS X kernel. In this one-of-a-kind account, you’ll see how the developers responsible for these flaws patched the bugs—or failed to respond at all. As you follow Klein on his journey, you’ll gain deep technical knowledge and insight into how hackers approach difficult problems and experience the true joys (and frustrations) of bug hunting.

Along the way you’ll learn how to:

• Use field-tested techniques to find bugs, like identifying and tracing user input data and reverse engineering
• Exploit vulnerabilities like NULL pointer dereferences, buffer overflows, and type conversion flaws
• Develop proof of concept code that verifies the security flaw
• Report bugs to vendors or third party brokers

A Bug Hunter’s Diary is packed with real-world examples of vulnerable code and the custom programs used to find and test bugs. Whether you’re hunting bugs for fun, for profit, or to make the world a safer place, you’ll learn valuable new skills by looking over the shoulder of a professional bug hunter in action.

Table of Contents
Chapter 1. Bug Hunting
Chapter 2. Back to the ’90s
Chapter 3. Escape from the WWW Zone
Chapter 4. NULL Pointer FTW
Chapter 5. Browse and You’re Owned
Chapter 6. One Kernel to Rule Them All
Chapter 7. A Bug Older Than 4.4BSD
Chapter 8. The Ringtone Massacre

Appendix. Hints for Hunting
Appendix. Debugging
Appendix. Mitigation
Appendix. Updates

Book Details

• Paperback: 208 pages
• Publisher: No Starch Press (November 2011)
• Language: English
• ISBN-10: 1593273851
• ISBN-13: 978-1593273859

Book Description

CCNP Security FIREWALL 642-617 Official Cert Guide is a best of breed Cisco exam study guide that focuses specifically on the objectives for the CCNP Security FIREWALL exam. Senior security consultants and instructors David Hucaby, Dave Garneau, and Anthony Sequeira share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

CCNP Security FIREWALL 642-617 Official Cert Guide presents you with an organized test-preparation routine through the use of proven series elements and techniques. “Do I Know This Already?” quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.

The companion CD-ROM contains the powerful Pearson IT Certification Practice Test engine that enables you to focus on individual topic areas or take a complete, timed exam. The assessment engine also tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most.

Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

CCNP Security FIREWALL 642-617 Official Cert Guide is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.

The official study guide helps you master all the topics on the CCNP Security FIREWALL exam, including

• ASA interfaces
• IP connectivity
• ASA management
• Recording ASA activity
• Address translation
• Access control
• Proxy services
• Traffic inspection and handling
• Transparent firewall mode
• Virtual firewalls
• High availability
• ASA service modules

Book Details

• Hardcover: 768 pages
• Publisher: Cisco Press (September 2011)
• Language: English
• ISBN-10: 1587142791
• ISBN-13: 978-1587142796

Related Posts

• Cisco Firewalls (28-05-2011)
• CCNP Security VPN 642-647 Official Cert Guide (19-08-2011)
• CCNP Security Secure 642-637 Official Cert Guide (21-07-2011)
• Zend Enterprise PHP Patterns (17-09-2009)
• WordPress 3 Ultimate Security (06-07-2011)
• Windows Server 2008 Security Resource Kit (23-05-2009)
• Web Security, Privacy and Commerce, 2nd Edition (10-05-2011)
• Ubuntu Unleashed 2012 Edition: Covering 11.10 and 12.04 (04-02-2012)
• Thor's Microsoft Security Bible (15-09-2011)
• The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws (23-05-2009)

Book Description

Windows security concepts and technologies for IT beginners

IT security can be a complex topic, especially for those new to the field of IT. This full-color book, with a focus on the Microsoft Technology Associate (MTA) program, offers a clear and easy-to-understand approach to Windows security risks and attacks for newcomers to the world of IT. By paring down to just the essentials, beginners gain a solid foundation of security concepts upon which more advanced topics and technologies can be built.

This straightforward guide begins each chapter by laying out a list of topics to be discussed, followed by a concise discussion of the core networking skills you need to have to gain a strong handle on the subject matter. Chapters conclude with review questions and suggested labs so you can measure your level of understanding of the chapter’s content.

• Serves as an ideal resource for gaining a solid understanding of fundamental security concepts and skills
• Offers a straightforward and direct approach to security basics and covers anti-malware software products, firewalls, network topologies and devices, network ports, and more
• Reviews all the topics you need to know for taking the MTA 98-367 exam
• Provides an overview of security components, looks at securing access with permissions, addresses audit policies and network auditing, and examines protecting clients and servers

If you’re new to IT and interested in entering the IT workforce, then Microsoft Windows Security Essentials is essential reading.

From the Back Cover
Learn Windows Security Quickly and Easily

This full-color guide covers the basics of securing a Windows operating system and prepares you to take the Microsoft Technology Associate Exam 98-367, Security Fundamentals. You’ll learn essential security principles, then quickly get up to speed on malware, NTFS permissions, firewalls, encryption, and much more. This is the ideal book, whether you’re aspiring to be an IT professional, or just brushing up on the basics.

Learn these Windows security essentials—and more:

• Understanding how risk and threat impact security principles
• Recognizing malware in all its forms
• Defending against social engineering attacks
• Identifying the three aspects of user authentication
• Securing access using NTFS permissions
• Protecting clients, servers, and networks
• Understanding encryption, certificates, and PKIs
• Preparing for MTA Exam 98-367, Security Fundamentals

View full-color images of system security settings
Practical illustrations help reinforce learning objectives

This striking Essentials book maximizes skill acquisition and knowledge retention with:

• Chapter-opening learning objectives
• Full coverage of all exam topics
• Four-color screenshots and illustrations
• Essentials and Beyond—summaries and additional suggested exercises
• Chapter review questions

Book Details

• Paperback: 336 pages
• Publisher: Sybex (June 2011)
• Language: English
• ISBN-10: 111801684X
• ISBN-13: 978-1118016848

Related Posts

• Zend Enterprise PHP Patterns (17-09-2009)
• WordPress 3 Ultimate Security (06-07-2011)
• Windows Server 2008 Security Resource Kit (23-05-2009)
• Web Security, Privacy and Commerce, 2nd Edition (10-05-2011)
• Ubuntu Unleashed 2012 Edition: Covering 11.10 and 12.04 (04-02-2012)
• Thor's Microsoft Security Bible (15-09-2011)
• The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws (23-05-2009)
• The Official CHFI Study Guide (Exam 312-49) (08-02-2012)
• The Myths of Security (20-06-2009)
• The Design of Rijndael: AES - The Advanced Encryption Standard (09-01-2010)

Book Description

A step-by-step guide to the tasks involved in security administration

If you aspire to a career in security administration, one of your greatest challenges will be gaining hands-on experience. This book takes you through the most common security admin tasks step by step, showing you the way around many of the roadblocks you can expect on the job. It offers a variety of scenarios in each phase of the security administrator’s job, giving you the confidence of first-hand experience.

In addition, this is an ideal complement to the brand-new, bestselling CompTIA Security+ Study Guide, 5th Edition or the CompTIA Security+ Deluxe Study Guide, 2nd Edition, the latest offerings from Sybex for CompTIA’s Security+ SY0-301 exam.

• Targets security administrators who confront a wide assortment of challenging tasks and those seeking a career in security administration who are hampered by a lack of actual experience
• Walks you through a variety of common tasks, demonstrating step by step how to perform them and how to circumvent roadblocks you may encounter
• Features tasks that are arranged according to four phases of the security administrator’s role: designing a secure network, creating and implementing standard security policies, identifying insecure systems in an existing environment, and training both onsite and remote users
• Ideal hands-on for those preparing for CompTIA’s Security+ exam (SY0-301)

This comprehensive workbook provides the next best thing to intensive on-the-job training for security professionals.

From the Back Cover
Develop the skills you need in the real world

Hit the ground running with the street-smart training you’ll find in this practical guide to security administration. Using a “year in the life” approach, it gives you an inside look at the common responsibilities of security administrators, with key information organized around the actual day-to-day tasks, scenarios, and challenges you’ll face in the field. Updated for CompTIA Security+ Exam SY0-301, this valuable training tool is loaded with hands-on, step-by-step exercises covering all phases of a security administrator’s job, including:

• Designing a secure network environment
• Creating and implementing standard security policies and practices
• Identifying insecure systems in physical and digital environments
• Providing training to onsite and remote users

An invaluable study tool

This no-nonsense book also covers common tasks that CompTIA expects all of its Security+ candidates to know how to perform. So whether you’re preparing for certification or seeking practical skills to break into the field, you’ll find the instruction you need, including:

• Performing an initial risk assessment
• Hardening all systems—services, ports, OS,and more
• Encrypting files and securing data storage
• Creating and managing user accounts
• Deploying IPSec and securing remote systems
• Securing Internet activity, networks, and wireless
• Testing, pen testing, tracking, profiling, and troubleshooting

The Street Smarts series is designed to help current or aspiring IT professionals put their certification to work for them. Full of practical, real world scenarios, each book features actual tasks from the field and then offers step-by-step exercises that teach the skills necessary to complete those tasks. And because the exercises are based upon exam objectives from leading technology certifications, each Street Smarts book can be used as a lab manual for certification prep.

• Step-by-step exercises teach you hands-on skills
• Real world scenarios put those skills in perspective

REVISED FOR THE UPDATED SECURITY+ EXAM (SY0-301)

Book Details

• Paperback: 624 pages
• Publisher: Sybex; 3rd Edition (June 2011)
• Language: English
• ISBN-10: 1118061160
• ISBN-13: 978-1118061169

Related Posts

• CompTIA Security+ SYO-201 Cert Guide (27-01-2011)
• Zend Enterprise PHP Patterns (17-09-2009)
• WordPress 3 Ultimate Security (06-07-2011)
• Windows Server 2008 Security Resource Kit (23-05-2009)
• Web Security, Privacy and Commerce, 2nd Edition (10-05-2011)
• Ubuntu Unleashed 2012 Edition: Covering 11.10 and 12.04 (04-02-2012)
• Thor's Microsoft Security Bible (15-09-2011)
• The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws (23-05-2009)
• The Official CHFI Study Guide (Exam 312-49) (08-02-2012)
• The Myths of Security (20-06-2009)

Book Description

Information security is the act of protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction. This book discusses why information security is needed and how security problems can have widespread impacts. It covers the complete security lifecycle of products and services, starting with requirements and policy development and progressing through development, deployment, and operations, and concluding with decommissioning. Professionals in the sciences, engineering, and communications fields will turn to this resource to understand the many legal, technical, competitive, criminal and consumer forces and influences that are rapidly changing our information dependent society.

From the Back Cover
From design to deployment to decommissioning: a systems engineering approach to information security

With this book as a guide, readers learn to apply a tested and proven methodology to address the information security concerns of any organization, ensuring that specific classes of information are only accessible to designated users. The methodology is based on systems engineering, a set of concepts that enable the systematic documentation of objectives and set forth the functional and performance capabilities needed to achieve those objectives. Because the book considers the complete life cycle of security systems, it also guides readers through deployment, operations, and eventual decommissioning. Moreover, the book goes well beyond technical requirements, enabling the full account of all aspects of an organization’s needs, including:

• Day-to-day operations
• Services and products provided and consumer markets served
• Overall competitive environment and key competitors
• Legal and regulatory requirements
• Vulnerability to criminal activity

The book includes a CD which contains more than 200 color figures and diagrams to help illustrate and simplify complex systems and processes. Numerous examples throughout the book show step by step how to put security concepts and mechanisms into practice. The CD also includes a number of useful appendices, including a listing of individual state privacy laws, a sample enterprise security policy document, and a sample request for proposal.By presenting a systems engineering approach to information security, this book enables security practitioners and students of information security to cope with rapid changes in technology in order to consistently provide the level of information security needed to fully protect the interests of an organization, its personnel, and its customers.

Book Details

• Hardcover: 728 pages
• Publisher: Wiley-IEEE Press (July 2011)
• Language: English
• ISBN-10: 0470565128
• ISBN-13: 978-0470565124

Book Description

Expert Oracle and Java Security: Programming Secure Oracle Database Applications with Java provides resources that every Java and Oracle database application programmer needs to ensure that they have guarded the security of the data and identities entrusted to them. You’ll learn to consider potential vulnerabilities, and to apply best practices in secure Java and PL/SQL coding. Author David Coffin shows how to develop code to encrypt data in transit and at rest, to accomplish single sign-on with Oracle proxy connections, to generate and distribute two-factor authentication tokens from the Oracle server using pagers, cell phones (SMS), and e-mail, and to securely store and distribute Oracle application passwords.

Early chapters lay the foundation for effective security in an Oracle/Java environment. Each of the later chapters brings example code to a point where it may be applied as-is to address application security issues. Templates for applications are also provided to help you bring colleagues up to the same secure application standards. If you are less familiar with either Java or Oracle PL/SQL, you will not be left behind; all the concepts in this book are introduced as to a novice and addressed as to an expert.

• Helps you protect against data loss, identity theft, SQL injection, and address spoofing
• Provides techniques for encryption on network and disk, code obfuscation and wrap, database hardening, single sign-on and two-factor
• Provides what database administrators need to know about secure password distribution, Java secure programming, Java stored procedures, secure application roles in Oracle, logon triggers, database design, various connection pooling schemes, and much more

What you’ll learn

• Guard against data loss, identity theft, SQL Injection, and to address spoofing
• Protect sensitive data through encryption, both on disk and on the wire
• Control access to data using secure roles, single sign-on, proxy connections, and two-factor authentication
• Protect sensitive source ode through randomization, obfuscation, and wrapping
• Thwart attempts at SQL injection and other common attacks
• Manage constraints on the visibility of data and the scope of access

Who this book is for
Expert Oracle and Java Security: Programming Secure Oracle Database Applications with Java is for every Java developer who uses an Oracle database. It is also for every Oracle database administrator or PL/SQL programmer who supports Java client and web applications. Whatever role you play in developing and supporting Java and Oracle applications, you need to address computer, application, data, and identity security. This book offers the tools you’ll need to effectively manage security across all aspects of the applications you support.

Table of Contents

1. Introduction
2. Oracle Security
3. Secure Java Development Concepts
4. Java Stored Procedures
5. Adding Public Key Encryption
6. Adding Secret Password Encryption
7. A Working Model for Data Encryption in Transit
8. Implementing Single Sign On
9. Implementing Two-Factor Authentication
10. Application Identification and Authorization
11. Enhancing Our Security
12. Administration of This Security System

Book Details

• Paperback: 472 pages
• Publisher: Apress (September 2011)
• Language: English
• ISBN-10: 1430238313
• ISBN-13: 978-1430238317

Related Posts

• Securing SQL Server (20-10-2011)
• Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, 2nd Edition (04-01-2011)
• Oracle PL/SQL Recipes: A Problem-Solution Approach (27-12-2010)
• Oracle Database 11g R2 Performance Tuning Cookbook (02-02-2012)
• Expert PL/SQL Practices: for Oracle Developers and DBAs (12-08-2011)
• Expert Oracle Database Architecture: Oracle Database Programming 9i, 10g, and 11g Techniques and Solutions, 2nd Edition (28-07-2010)
• Ajax Security (25-05-2009)
• Zend Enterprise PHP Patterns (17-09-2009)
• XML and Java: Developing Web Applications, 2nd Edition (10-06-2009)
• WordPress 3 Ultimate Security (06-07-2011)

Book Description

There is a lot at stake for administrators taking care of servers, since they house sensitive data like credit cards, social security numbers, medical records, and much more. In Securing SQL Server you will learn about the potential attack vectors that can be used to break into your SQL Server database, and how to protect yourself from these attacks. Written by a Microsoft SQL Server MVP and MCM, you will learn how to properly secure your database, from both internal and external threats. Best practices and specific tricks employed by the author will also be revealed. Learn expert techniques to protect your SQL database environment.

• Author Denny Cherry is a Microsoft MVP and MCM for his expertise in the SQL Server product
• Learn expert techniques to protect your SQL database environment
• Discover how to identify what an intruder accessed or damaged

Table of Contents
Chapter 1: Securing the Network
Chapter 2: Database Encryption
Chapter 3: SQL Password Security
Chapter 4: Securing the Instance
Chapter 5: Additional Security for an Internet Facing SQL Server and Application
Chapter 6: SQL Injection Attacks
Chapter 7: Database Backup Security
Chapter 8: Auditing for Security
Chapter 9: Server Rights
Appendix A: External Audit Checklists

Book Details

• Paperback: 272 pages
• Publisher: Syngress (February 2011)
• Language: English
• ISBN-10: 1597496251
• ISBN-13: 978-1597496254

Related Posts

• Thor's Microsoft Security Bible (15-09-2011)
• The Design of Rijndael: AES - The Advanced Encryption Standard (09-01-2010)
• Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, 2nd Edition (04-01-2011)
• Expert SQL Server 2008 Encryption (30-10-2009)
• Expert SQL Server 2008 Development (24-12-2009)
• Expert Oracle and Java Security (22-10-2011)
• Zend Enterprise PHP Patterns (17-09-2009)
• XML Data Management: Native XML and XML-Enabled Database Systems (10-06-2009)
• WordPress 3 Ultimate Security (06-07-2011)
• Windows Server 2008 Security Resource Kit (23-05-2009)