How to Attack and Defend Your Website


Book Description

How to Attack and Defend Your Website is a concise introduction to web security that includes hands-on web hacking tutorials. The book has three primary objectives: to help readers develop a deep understanding of what is happening behind the scenes in a web application, with a focus on the HTTP protocol and other underlying web technologies; to teach readers how to use the industry standard in free web application vulnerability discovery and exploitation tools – most notably Burp Suite, a fully featured web application testing tool; and finally, to gain knowledge of finding and exploiting the most common web security vulnerabilities. This book is for information security professionals and those looking to learn general penetration testing methodology and how to use the various phases of penetration testing to identify and exploit common web protocols. How to Attack and Defend Your Website is be the first book to combine the methodology behind using penetration testing tools such as Burp Suite and Damn Vulnerable Web Application (DVWA), with practical exercises that show readers how to (and therefore, how to prevent) pwning with SQLMap and using stored XSS to deface web pages. - Learn the basics of penetration testing so that you can test your own website's integrity and security - Discover useful tools such as Burp Suite, DVWA, and SQLMap - Gain a deeper understanding of how your website works and how best to protect it




Web Hacking


Book Description

The Presidentâe(tm)s life is in danger! Jimmy Sniffles, with the help of a new invention, shrinks down to miniature size to sniff out the source of the problem.




Sharkonomics 2: How to attack and defend your business in today’s disruptive digital waters


Book Description

Sharks are nature’s most revered and feared killing machines. But if you study the behaviour of sharks, you will learn they are also highly strategic and efficient in the way they survive and thrive in nature’s competitive environment. Inspired by the shark’s evolved (over 420 million years) instincts and strategic moves, this book provides businesses with 10 ways on how to attack the market leaders, and take market share, in your sector. “Move or Die”, “Strike Unpredictably”, “Timing is the Key”, “Spread Panic” – these are some of the key ways to make shark food out of market leaders. Building on the success of the first edition of Sharkonomics (2012), this expanded and updated edition provides an inspiring perspective on competing in business and how companies of any size can create a presence for themselves in their market. “Stefan not only uses the ‘shark’ metaphor but has actually swam in shark waters to absorb the drama of life and death. He describes the attack stratagems of a shark but respects the intended victims enough to show how they can defend themselves.




Web Security for Developers


Book Description

Website security made easy. This book covers the most common ways websites get hacked and how web developers can defend themselves. The world has changed. Today, every time you make a site live, you're opening it up to attack. A first-time developer can easily be discouraged by the difficulties involved with properly securing a website. But have hope: an army of security researchers is out there discovering, documenting, and fixing security flaws. Thankfully, the tools you'll need to secure your site are freely available and generally easy to use. Web Security for Developers will teach you how your websites are vulnerable to attack and how to protect them. Each chapter breaks down a major security vulnerability and explores a real-world attack, coupled with plenty of code to show you both the vulnerability and the fix. You'll learn how to: Protect against SQL injection attacks, malicious JavaScript, and cross-site request forgery Add authentication and shape access control to protect accounts Lock down user accounts to prevent attacks that rely on guessing passwords, stealing sessions, or escalating privileges Implement encryption Manage vulnerabilities in legacy code Prevent information leaks that disclose vulnerabilities Mitigate advanced attacks like malvertising and denial-of-service As you get stronger at identifying and fixing vulnerabilities, you'll learn to deploy disciplined, secure code and become a better programmer along the way.




Secure Your Node.js Web Application


Book Description

Cyber-criminals have your web applications in their crosshairs. They search for and exploit common security mistakes in your web application to steal user data. Learn how you can secure your Node.js applications, database and web server to avoid these security holes. Discover the primary attack vectors against web applications, and implement security best practices and effective countermeasures. Coding securely will make you a stronger web developer and analyst, and you'll protect your users. Bake security into your code from the start. See how to protect your Node.js applications at every point in the software development life cycle, from setting up the application environment to configuring the database and adding new functionality. You'll follow application security best practices and analyze common coding errors in applications as you work through the real-world scenarios in this book. Protect your database calls from database injection attacks and learn how to securely handle user authentication within your application. Configure your servers securely and build in proper access controls to protect both the web application and all the users using the service. Defend your application from denial of service attacks. Understand how malicious actors target coding flaws and lapses in programming logic to break in to web applications to steal information and disrupt operations. Work through examples illustrating security methods in Node.js. Learn defenses to protect user data flowing in and out of the application. By the end of the book, you'll understand the world of web application security, how to avoid building web applications that attackers consider an easy target, and how to increase your value as a programmer. What You Need: In this book we will be using mainly Node.js. The book covers the basics of JavaScript and Node.js. Since most Web applications have some kind of a database backend, examples in this book work with some of the more popular databases, including MySQL, MongoDB, and Redis.




Penetration Testing and Network Defense


Book Description

The practical guide to simulating, detecting, and responding to network attacks Create step-by-step testing plans Learn to perform social engineering and host reconnaissance Evaluate session hijacking methods Exploit web server vulnerabilities Detect attempts to breach database security Use password crackers to obtain access information Circumvent Intrusion Prevention Systems (IPS) and firewall protections and disrupt the service of routers and switches Scan and penetrate wireless networks Understand the inner workings of Trojan Horses, viruses, and other backdoor applications Test UNIX, Microsoft, and Novell servers for vulnerabilities Learn the root cause of buffer overflows and how to prevent them Perform and prevent Denial of Service attacks Penetration testing is a growing field but there has yet to be a definitive resource that instructs ethical hackers on how to perform a penetration test with the ethics and responsibilities of testing in mind. Penetration Testing and Network Defense offers detailed steps on how to emulate an outside attacker in order to assess the security of a network. Unlike other books on hacking, this book is specifically geared towards penetration testing. It includes important information about liability issues and ethics as well as procedures and documentation. Using popular open-source and commercial applications, the book shows you how to perform a penetration test on an organization's network, from creating a test plan to performing social engineering and host reconnaissance to performing simulated attacks on both wired and wireless networks. Penetration Testing and Network Defense also goes a step further than other books on hacking, as it demonstrates how to detect an attack on a live network. By detailing the method of an attack and how to spot an attack on your network, this book better prepares you to guard against hackers. You will learn how to configure, record, and thwart these attacks and how to harden a system to protect it against future internal and external attacks. Full of real-world examples and step-by-step procedures, this book is both an enjoyable read and full of practical advice that will help you assess network security and develop a plan for locking down sensitive data and company resources. "This book goes to great lengths to explain the various testing approaches that are used today and gives excellent insight into how a responsible penetration testing specialist executes his trade." -Bruce Murphy, Vice President, World Wide Security Services, Cisco Systems(R)




Web 2.0 Security


Book Description

Accompanied a CD-ROM containing tools, Flash-based demos, sample code, and more, a practical handbook introduces a wide variety of next generation security controls for Web 2.0 applications--including MySpace, GoogleMaps, and Wikipedia--discussing such topics as Ajax attack vectors and defense, hacking methodologies of SOAP, XML-RPC, and REST-based applications, reverse engineering for Flash and .NET applications, and more. Original. (Intermediate)




Practical Social Engineering


Book Description

A guide to hacking the human element. Even the most advanced security teams can do little to defend against an employee clicking a malicious link, opening an email attachment, or revealing sensitive information in a phone call. Practical Social Engineering will help you better understand the techniques behind these social engineering attacks and how to thwart cyber criminals and malicious actors who use them to take advantage of human nature. Joe Gray, an award-winning expert on social engineering, shares case studies, best practices, open source intelligence (OSINT) tools, and templates for orchestrating and reporting attacks so companies can better protect themselves. He outlines creative techniques to trick users out of their credentials, such as leveraging Python scripts and editing HTML files to clone a legitimate website. Once you’ve succeeded in harvesting information about your targets with advanced OSINT methods, you’ll discover how to defend your own organization from similar threats. You’ll learn how to: Apply phishing techniques like spoofing, squatting, and standing up your own web server to avoid detection Use OSINT tools like Recon-ng, theHarvester, and Hunter Capture a target’s information from social media Collect and report metrics about the success of your attack Implement technical controls and awareness programs to help defend against social engineering Fast-paced, hands-on, and ethically focused, Practical Social Engineering is a book every pentester can put to use immediately.




Is It Safe? Protecting Your Computer, Your Business, and Yourself Online


Book Description

Is It Safe? PROTECTING YOUR COMPUTER, YOUR BUSINESS, AND YOURSELF ONLINE IDENTITY THEFT. DATA THEFT. INTERNET FRAUD. ONLINE SURVEILLANCE. EMAIL SCAMS. Hacks, attacks, and viruses. The Internet is a dangerous place. In years past, you could protect your computer from malicious activity by installing an antivirus program and activating a firewall utility. Unfortunately, that’s no longer good enough; the Internet has become a much darker place, plagued not only by rogue software but also by dangerous criminals and shadowy government agencies. Is It Safe? addresses the new generation of security threat. It presents information about each type of threat and then discusses ways to minimize and recover from those threats. Is It Safe? differs from other security books by focusing more on the social aspects of online security than purely the technical aspects. Yes, this book still covers topics such as antivirus programs and spam blockers, but it recognizes that today’s online security issues are more behavioral in nature–phishing schemes, email scams, and the like. Are you being scammed? Learn how to spot the newest and most insidious computer security threats–fraudulent retailers, eBay scammers, online con artists, and the like. Is your identity safe? Avoid being one of the nine million Americans each year who have their identities stolen. Today’s real Internet threats aren’t viruses and spam. Today’s real threat are thieves who steal your identity, rack up thousands on your credit card, open businesses under your name, commit crimes, and forever damage your reputation! Is Big Brother watching? Get the scoop on online tracking and surveillance. We examine just who might be tracking your online activities and why. Is your employer watching you? How to tell when you’re being monitored; and how to determine what is acceptable and what isn’t. Michael Miller has written more than 80 nonfiction books over the past two decades. His best-selling books include Que’s YouTube 4 You, Googlepedia: The Ultimate Google Resource, iPodpedia: The Ultimate iPod and iTunes Resource, and Absolute Beginner’s Guide to Computer Basics. He has established a reputation for clearly explaining technical topics to nontechnical readers and for offering useful real-world advice about complicated topics.




The Web Application Hacker's Handbook


Book Description

This book is a practical guide to discovering and exploiting security flaws in web applications. The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications. The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results. The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias "PortSwigger", Dafydd developed the popular Burp Suite of web application hack tools.




Recent Books