Books about Exploiting from Amazon.com

This book is a practical guide to discovering and exploiting security flaws in web applications The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications.

The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results.

The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias "PortSwigger", Dafydd developed the popular Burp Suite of web application hack tools..
Price: $27.13 [Notify me when price goes down.]

• This much-anticipated revision, written by the ultimate group of top security experts in the world, features 40 percent new content on how to find security holes in any operating system or application
• New material addresses the many new exploitation techniques that have been discovered since the first edition, including attacking "unbreakable" software packages such as McAfee's Entercept, Mac OS X, XP, Office 2003, and Vista
• Also features the first-ever published information on exploiting Cisco's IOS, with content that has never before been explored
• The companion Web site features downloadable code files

.
Price: $23.99 [Notify me when price goes down.]

The rapidly increasing volume of information contained in relational databases places a strain on databases, performance, and maintainability: DBAs are under greater pressure than ever to optimize database structure for system performance and administration.

Physical Database Design discusses the concept of how physical structures of databases affect performance, including specific examples, guidelines, and best and worst practices for a variety of DBMSs and configurations. Something as simple as improving the table index design has a profound impact on performance. Every form of relational database, such as Online Transaction Processing (OLTP), Enterprise Resource Management (ERP), Data Mining (DM), or Management Resource Planning (MRP), can be improved using the methods provided in the book.

· The first complete treatment on physical database design, written by the authors of the seminal, Database Modeling and Design: Logical Design, 4th edition.
· Includes an introduction to the major concepts of physical database design as well as detailed examples, using methodologies and tools most popular for relational databases today: Oracle, DB2 (IBM), and SQL Server (Microsoft).
· Focuses on physical database design for exploiting B+tree indexing, clustered indexes, multidimensional clustering (MDC), range partitioning, shared nothing partitioning, shared disk data placement, materialized views, bitmap indexes, automated design tools, and more!.
Price: $40.33 [Notify me when price goes down.]

"Imagine trying to play defense in football without ever studying offense. You would not know when a run was coming, how to defend pass patterns, nor when to blitz. In computer systems, as in football, a defender must be able to think like an attacker I say it in my class every semester, you don't want to be the last person to attack your own system--you should be the first.

"The world is quickly going online. While I caution against online voting, it is clear that online gaming is taking the Internet by storm. In our new age where virtual items carry real dollar value, and fortunes are won and lost over items that do not really exist, the new threats to the intrepid gamer are all too real. To protect against these hazards, you must understand them, and this groundbreaking book is the only comprehensive source of information on how to exploit computer games. Every White Hat should read it. It's their only hope of staying only one step behind the bad guys."

--Aviel D. Rubin, Ph.D.
Professor, Computer Science
Technical Director, Information Security Institute
Johns Hopkins University

"Everyone's talking about virtual worlds. But no one's talking about virtual-world security. Greg Hoglund and Gary McGraw are the perfect pair to show just how vulnerable these online games can be."

--Cade Metz
Senior Editor
PC Magazine

"If we're going to improve our security practices, frank discussions like the ones in this book are the only way forward. Or as the authors of this book might say, when you're facing off against Heinous Demons of Insecurity, you need experienced companions, not to mention a Vorpal Sword of Security Knowledge."

--Edward W. Felten, Ph.D.
Professor of Computer Science and Public Affairs
Director, Center for Information Technology Policy
Princeton University

"Historically, games have been used by warfighters to develop new capabilities and to hone existing skills--especially in the Air Force. The authors turn this simple concept on itself, making games themselves the subject and target of the 'hacking game,' and along the way creating a masterly publication that is as meaningful to the gamer as it is to the serious security system professional.

"Massively distributed systems will define the software field of play for at least the next quarter century. Understanding how they work is important, but understanding how they can be manipulated is essential for the security professional. This book provides the cornerstone for that knowledge."

--Daniel McGarvey
Chief, Information Protection Directorate
United States Air Force

"Like a lot of kids, Gary and I came to computing (and later to computer security) through games. At first, we were fascinated with playing games on our Apple ][s, but then became bored with the few games we could afford. We tried copying each other's games, but ran up against copy-protection schemes. So we set out to understand those schemes and how they could be defeated. Pretty quickly, we realized that it was a lot more fun to disassemble and work around the protections in a game than it was to play it.

"With the thriving economies of today's online games, people not only have the classic hacker's motivation to understand and bypass the security of games, but also the criminal motivation of cold, hard cash. That's a combination that's hard to stop. The first step, taken by this book, is revealing the techniques that are being used today."

--Greg Morrisett, Ph.D.
Allen B. Cutting Professor of Computer Science
School of Engineering and Applied Sciences
Harvard University

"If you're playing online games today and you don't understand security, you're at a real disadvantage. If you're designing the massive distributed systems of tomorrow and you don't learn from games, you're just plain sunk."

--Brian Chess, Ph.D.
Founder/Chief Scientist, Fortify Software
Coauthor of Secure Programming with Static Analysis

"This book offers up a fascinating tour of the battle for software security on a whole new front: attacking an online game. Newcomers will find it incredibly eye opening and even veterans of the field will enjoy some of the same old programming mistakes given brilliant new light in a way that only massively-multiplayer-supermega-blow-em-up games can deliver. w00t!"

--Pravir Chandra
Principal Consultant, Cigital
Coauthor of Network Security with OpenSSL

If you are a gamer, a game developer, a software security professional, or an interested bystander, this book exposes the inner workings of online-game security for all to see.

From the authors of the best-selling Exploiting Software, Exploiting Online Games takes a frank look at controversial security issues surrounding MMORPGs, such as World of Warcraft^™ and Second Life^®. This no-holds-barred book comes fully loaded with code examples, debuggers, bots, and hacks.

This book covers

• Why online games are a harbinger of software security issues to come
• How millions of gamers have created billion-dollar virtual economies
• How game companies invade personal privacy
• Why some gamers cheat
• Techniques for breaking online game security
• How to build a bot to play a game for you
• Methods for total conversion and advanced mods

Written by the world's foremost software security experts, this book takes a close look at security problems associated with advanced, massively distributed software. With hundreds of thousands of interacting users, today's online games are a bellwether of modern software. The kinds of attack and defense techniques described in Exploiting Online Games are tomorrow's security techniques on display today.

.
Price: $23.00 [Notify me when price goes down.]

Computing hardware would have no value without software; software tells hardware what to do. Software therefore must have special authority within computing systems. All computer security problems stem from that fact, and Exploiting Software: How to Break Code shows you how to design your software so it's as resistant as possible to attack. Sure, everything's phrased in offensive terms (as instructions for the attacker, that is), but this book has at least as much value in showing designers what sorts of attacks their software will face (the book could serve as a checklist for part of a pre-release testing regimen). Plus, the clever reverse-engineering strategies that Greg Hoglund and Gary McGraw teach will be useful in many legitimate software projects. Consider this a recipe book for mayhem, or a compendium of lessons learned by others. It depends on your situation.

PHP programmers will take issue with the authors' blanket assessment of their language ("PHP is a study in bad security"), much of which seems based on older versions of the language that had some risky default behaviors--but those programmers will also double-check their servers' register_globals settings. Users of insufficiently patched Microsoft and Oracle products will worry about the detailed attack instructions this book contains. Responsible programmers and administrators will appreciate what amounts to documentation of attackers' rootkits for various operating systems, and will raise their eyebrows at the techniques for writing malicious code to unused EEPROM chips in target systems. --David Wall

Topics covered: How to make software fail, either by doing something it wasn't designed to do, or by denying its use to its rightful users. Techniques--including reverse engineering, buffer overflow, and particularly provision of unexpected input--are covered along with the tools needed to carry them out. A section on hardware viruses is detailed and frightening..
Price: $24.92 [Notify me when price goes down.]

During the last decade, we have moved, perhaps irrevocably, into the era of a global economy Through its focus on human resource management and organization, The Global Challenge: Frameworks for International Human Resource Management, provides a broad guide on how to manage the process of internationalization, with a particular focus on the transnational firm. In this brand new offering, authors Evans, Pucik and Barsoux discuss the “people implications” of traditional strategies for internationalization and how such strategies get executed through human resource management (HRM). They discuss such important topics as: · how to manage expatriates from the parent country · how to go about adapting management practices to circumstances abroad · how to localize management · how to recognize and ultimately avoid obstacles in joint ventures · how to expand across borders through acquisitions · how to respond to the contradictory pressures of the transnational firm, where HRM has a critical role to play in enabling managers to resolve these paradoxes in innovative ways · how global competition is changing the nature of management and organization, even for firms operating in domestic markets. The book draws on practical examples from companies that have experienced the real challenges of international HRM. The authors carefully balance these real business applications with a wide scope of academic research..
Price: $79.99 [Notify me when price goes down.]

My Blue Goose exploits some of the latest trends in real estate marketing while incorporating ideas and tactics used by Fortune 500 companies throughout various industries. The 128 pages address subjects such as microsites, blogging, guerilla marketing, internet marketing, direct mail, social networking, public relations and contact creation.

The book s title comes from an old Chinese tale about a boy with a very unique goose. The townspeople become intrigued with the blue goose after it is placed in a store window at the end of town. The goose becomes a focal point and a lucky charm for the village. The analogy of exploiting something different about a business is used throughout the book.

My Blue Goose is quickly making ground with real estate professionals throughout the country..
Price: $21.95 [Notify me when price goes down.]

Rethinking Acrylic shows readers how to use acrylic paint in a variety of ways. Acrylic can mimic oil paint, watercolor, gouache and encaustic; it can be applied in subtle transparent washes, or troweled as a heavy thick impasto; it can be as transparent as glass or as dense and black as tar. Because of its ever-changing state, the author and contributors are covering the most popular techniques for acrylic, making them accessible to the contemporary artist and crafter thorough a variety of mini-demonstrations followed by full demonstrations that show how to transform those techniques into finished paintings..
Price: $19.79 [Notify me when price goes down.]

Most trading systems and books focus on identifying trends in the marketplace Yet futures markets trend only 15% of the time--remaining 85% of the time they are trendless and ``choppy''. Barnes unprecendented book on how to make money in all markets gives you 20 proven trading methods that will prepare you for virtually every trading situation. Sample methods and results include: Acceleration Principle (Silver) -46/54 trades profitable, average profit per trade 214; Boxed Size Breakout Contra Method (Gold) - 19/22 trades profitable, average profit per trade 437; Contra Price Volume Confirm Method (T-bonds) - 24/25 trades profitable, average profit per trade 585..
Price: $76.61 [Notify me when price goes down.]