Books about Vulnerabilities from Amazon.com

Dubai has a remarkable success story. Since its origins as a small fishing and pearling community, the emirate has steadily grown in strength to become the premier trading center of the Persian Gulf. It is also the locus of an exciting and innovative architectural revolution. Despite its lack of democratization and a genuine civil society, Dubai is now a booming metropolis of more than two million people, most of whom are expatriates benefiting from the city's increasingly diversified economy.

Following a detailed history, Christopher M. Davidson presents an in-depth study of Dubai's post-oil development strategies and their implementation during a period of near-complete political stability. Davidson addresses the probability of future problems as the need for sustained foreign direct investment encourages far-reaching socioeconomic reforms, many of which may affect the ideological, religious, and cultural legitimacy of the traditional monarchy. He also analyzes Dubai's awkward relationship with its federal partners in the United Arab Emirates and highlights some of the pitfalls of being the region's most successful free port-its attractiveness to international criminal fraternities, the economy of the global black market, and terrorist networks.

.
Price: $26.00 [Notify me when price goes down.]

Being highly flexible in building dynamic, database-driven web applications makes the PHP programming language one of the most popular web development tools in use today. It also works beautifully with other open source tools, such as the MySQL database and the Apache web server. However, as more web sites are developed in PHP, they become targets for malicious attackers, and developers need to prepare for the attacks.

Security is an issue that demands attention, given the growing frequency of attacks on web sites. Essential PHP Security explains the most common types of attacks and how to write code that isn't susceptible to them. By examining specific attacks and the techniques used to protect against them, you will have a deeper understanding and appreciation of the safeguards you are about to learn in this book.

In the much-needed (and highly-requested) Essential PHP Security, each chapter covers an aspect of a web application (such as form processing, database programming, session management, and authentication). Chapters describe potential attacks with examples and then explain techniques to help you prevent those attacks.

Topics covered include:

• Preventing cross-site scripting (XSS) vulnerabilities
• Protecting against SQL injection attacks
• Complicating session hijacking attempts

You are in good hands with author Chris Shiflett, an internationally-recognized expert in the field of PHP security. Shiflett is also the founder and President of Brain Bulb, a PHP consultancy that offers a variety of services to clients around the world.

.
Price: $15.92 [Notify me when price goes down.]

Gold Award Winner for Business and Economics in the 2005 ForeWord Magazine Book of the Year Awards

What happens when fire strikes the manufacturing plant of the sole supplier for the brake pressure valve used in every Toyota? When a hurricane shuts down production at a Unilever plant? When Dell and Apple chip manufacturers in Taiwan take weeks to recover from an earthquake? When the U.S. Pacific ports are shut down during the Christmas rush? When terrorists strike? In The Resilient Enterprise, Yossi Sheffi shows that companies' fortunes in the face of such business shocks depend more on choices made before the disruption than they do on actions taken in the midst of it—and that resilience benefits firms every day, disaster or no disaster. He shows how companies can build in flexibility throughout their supply chains, based on proven design principles and the right culture—balancing security, redundancy, and short-term profits. And he shows how investments in resilience and flexibility not only reduce risk but create a competitive advantage in the increasingly volatile marketplace.

Sheffi describes the way companies can increase security—reducing the likelihood of a disruption—with layered defenses, the tracking and analysis of “near-misses,” fast detection, and close collaboration with government agencies, trading partners, and even competitors. But the focus of the book is on resilience—the ability to bounce back from disruptions and disasters—by building in redundancy and flexibility. For example, standardization, modular design, and collaborative relationships with suppliers (and other stakeholders) can help create a robust supply chain. And a corporate culture of flexibility—with distributed decision making and communications at all levels—can create a resilient enterprise.

Sheffi provides tools for companies to reduce the vulnerability of the supply chain they live in. And along the way he tells the stories of dozens of enterprises, large and small, including Toyota, Nokia, General Motors, Zara, Land Rover, Chiquita, Aisin Seiki, Southwest Airlines, UPS, Johnson and Johnson, Intel, Amazon.com, the U.S. Navy, and others, from across the globe. Their successes, failures, preparations, and methods provide a rich set of lessons in preparing for and managing disruptions.
Additional material available at www.TheResilientEnterprise.com.
Price: $7.72 [Notify me when price goes down.]

Charles Perrow is famous worldwide for his ideas about normal accidents, the notion that multiple and unexpected failures--catastrophes waiting to happen--are built into our society's complex systems. In The Next Catastrophe, he offers crucial insights into how to make us safer, proposing a bold new way of thinking about disaster preparedness.

Perrow argues that rather than laying exclusive emphasis on protecting targets, we should reduce their size to minimize damage and diminish their attractiveness to terrorists. He focuses on three causes of disaster--natural, organizational, and deliberate--and shows that our best hope lies in the deconcentration of high-risk populations, corporate power, and critical infrastructures such as electric energy, computer systems, and the chemical and food industries. Perrow reveals how the threat of catastrophe is on the rise, whether from terrorism, natural disasters, or industrial accidents. Along the way, he gives us the first comprehensive history of FEMA and the Department of Homeland Security and examines why these agencies are so ill equipped to protect us.

The Next Catastrophe is a penetrating reassessment of the very real dangers we face today and what we must do to confront them. Written in a highly accessible style by a renowned systems-behavior expert, this book is essential reading for the twenty-first century. The events of September 11 and Hurricane Katrina--and the devastating human toll they wrought--were only the beginning. When the next big disaster comes, will we be ready?

.
Price: $18.78 [Notify me when price goes down.]

This is the first book available for the Metasploit Framework (MSF), which is the attack platform of choice for one of the fastest growing careers in IT security: Penetration Testing. The book and companion Web site will provide professional penetration testers and security researchers with a fully integrated suite of tools for discovering, running, and testing exploit code. This book discusses how to use the Metasploit Framework (MSF) as an exploitation platform.

The book begins with a detailed discussion of the three MSF interfaces: msfweb, msfconsole, and msfcli .This chapter demonstrates all of the features offered by the MSF as an exploitation platform. With a solid understanding of MSF's capabilities, the book then details techniques for dramatically reducing the amount of time required for developing functional exploits. By working through a real-world vulnerabilities against a popular closed source applications, the reader will learn how to use the tools and MSF to quickly build reliable attacks as standalone exploits. The section will also explain how to integrate an exploit directly into the Metasploit Framework by providing a line-by-line analysis of an integrated exploit module. Details as to how the Metasploit engine drives the behind-the-scenes exploitation process will be covered, and along the way the reader will come to understand the advantages of exploitation frameworks. The final section of the book examines the Meterpreter payload system and teaches readers to develop completely new extensions that will integrate fluidly with the Metasploit Framework.

.
Price: $37.50 [Notify me when price goes down.]

FUZZING

Master One of Today’s Most Powerful Techniques for Revealing Security Flaws!

Fuzzing has evolved into one of today’s most effective approaches to test software security. To “fuzz,” you attach a program’s inputs to a source of random data, and then systematically identify the failures that arise. Hackers have

relied on fuzzing for years: Now, it’s your turn. In this book, renowned fuzzing experts show you how to use fuzzing to reveal weaknesses in your software before someone else does.

 

Fuzzing is the first and only book to cover fuzzing from start to finish, bringing disciplined best practices to a technique that has traditionally been implemented informally. The authors begin by reviewing how fuzzing works and outlining its crucial advantages over other security testing methods. Next, they introduce state-of-the-art fuzzing techniques for finding vulnerabilities in network protocols, file formats, and web applications; demonstrate the use of automated fuzzing tools; and present several insightful case histories showing fuzzing at work. Coverage includes:

 

• Why fuzzing simplifies test design and catches flaws other methods miss

• The fuzzing process: from identifying inputs to assessing “exploitability”

• Understanding the requirements for effective fuzzing

• Comparing mutation-based and generation-based fuzzers

• Using and automating environment variable and argument fuzzing

• Mastering in-memory fuzzing techniques

• Constructing custom fuzzing frameworks and tools

• Implementing intelligent fault detection

 

Attackers are already using fuzzing. You should, too. Whether you’re a developer, security engineer, tester, or QA specialist, this book teaches you how to build secure software.

 

Foreword     xix

Preface        xxi

Acknowledgments  xxv

About the Author   xxvii

PARTI         BACKGROUND     1

Chapter 1    Vulnerability Discovery Methodologies  3

Chapter 2    What Is Fuzzing?   21

Chapter 3    Fuzzing Methods and Fuzzer Types     33

Chapter 4    Data Representation and Analysis        45

Chapter 5    Requirements for Effective Fuzzing      61

PART II      TARGETS AND AUTOMATION          71

Chapter 6    Automation and Data Generation        73

Chapter 7    Environment Variable and Argument Fuzzing 89

Chapter 8    Environment Variable and Argument Fuzzing: Automation 103

Chapter 9    Web Application and Server Fuzzing     113

Chapter 10  Web Application and Server Fuzzing: Automation    137

Chapter 11  File Format Fuzzing         169

Chapter 12  File Format Fuzzing: Automation on UNIX     181

Chapter 13  File Format Fuzzing: Automation on Windows         197

Chapter 14  Network Protocol Fuzzing         223

Chapter 15  Network Protocol Fuzzing: Automation on UNIX     235

Chapter 16  Network Protocol Fuzzing: Automation on Windows         249

Chapter 17  Web Browser Fuzzing      267

Chapter 18  Web Browser Fuzzing: Automation     283

Chapter 19  In-Memory Fuzzing         301

Chapter 20  In-Memory Fuzzing: Automation         315

PART III    ADVANCED FUZZING TECHNOLOGIES      349

Chapter 21  Fuzzing Frameworks       351

Chapter 22  Automated Protocol Dissection  419

Chapter 23  Fuzzer Tracking     437

Chapter 24  Intelligent Fault Detection 471

PART IV     LOOKING FORWARD    495

Chapter 25  Lessons Learned    497

Chapter 26  Looking Forward    507

Index 519

 

 

.
Price: $31.39 [Notify me when price goes down.]

“There are a number of secure programming books on the market, but none that go as deep as this one. The depth and detail exceeds all books that I know about by an order of magnitude ”

—Halvar Flake, CEO and head of research, SABRE Security GmbH

 

The Definitive Insider’s Guide to Auditing Software Security

 

This is one of the most detailed, sophisticated, and useful guides to software security auditing ever written. The authors are leading security consultants and researchers who have personally uncovered vulnerabilities in applications ranging from sendmail to Microsoft Exchange, Check Point VPN to Internet Explorer. Drawing on their extraordinary experience, they introduce a start-to-finish methodology for “ripping apart” applications to reveal even the most subtle and well-hidden security flaws.

 

The Art of Software Security Assessment covers the full spectrum of software vulnerabilities in both UNIX/Linux and Windows environments. It demonstrates how to audit security in applications of all sizes and functions, including network and Web software. Moreover, it teaches using extensive examples of real code drawn from past flaws in many of the industry's highest-profile applications.

 

Coverage includes

 

• Code auditing: theory, practice, proven methodologies, and secrets of the trade

• Bridging the gap between secure software design and post-implementation review

• Performing architectural assessment: design review, threat modeling, and operational review

• Identifying vulnerabilities related to memory management, data types, and malformed data

• UNIX/Linux assessment: privileges, files, and processes

• Windows-specific issues, including objects and the filesystem

• Auditing interprocess communication, synchronization, and state

• Evaluating network software: IP stacks, firewalls, and common application protocols

• Auditing Web applications and technologies

 

This book is an unprecedented resource for everyone who must deliver secure software or assure the safety of existing software: consultants, security specialists, developers, QA staff, testers, and administrators alike.

 

Contents

ABOUT THE AUTHORS     xv

PREFACE     xvii

ACKNOWLEDGMENTS    xxi

I Introduction to Software Security Assessment

1 SOFTWARE VULNERABILITY FUNDAMENTALS    3

2 DESIGN REVIEW     25

3 OPERATIONAL REVIEW    67

4 APPLICATION REVIEW PROCESS    91

II Software Vulnerabilities

5 MEMORY CORRUPTION    167

6 C LANGUAGE ISSUES     203

7 PROGRAM BUILDING BLOCKS     297

8 STRINGS ANDMETACHARACTERS    387

9 UNIX I: PRIVILEGES AND FILES     459

10 UNIX II: PROCESSES     559

11 WINDOWS I: OBJECTS AND THE FILE SYSTEM     625

12 WINDOWS II: INTERPROCESS COMMUNICATION     685

13 SYNCHRONIZATION AND STATE    755

III Software Vulnerabilities in Practice

14 NETWORK PROTOCOLS    829

15 FIREWALLS    891

16 NETWORK APPLICATION PROTOCOLS    921

17 WEB APPLICATIONS    1007

18 WEB TECHNOLOGIES     1083

BIBLIOGRAPHY     1125

INDEX     1129

.
Price: $38.00 [Notify me when price goes down.]

This is the first fully integrated Penetration Testing book and bootable Linux CD containing the Auditor Security Collection which includes over 300 of the most effective and commonly used open source attack and penetration testing tools. This powerful tool kit and authoritative reference is written by the security industry's foremost penetration testers including HD Moore, Jay Beale, and SensePost. This unique package provides you with a completely portable and bootable Linux attack distribution and authoritative reference to the toolset included and the required methodology.

Penetration testing a network requires a delicate balance of art and science. A penetration tester must be creative enough to think outside of the box to determine all possible attack vector into his own network, and also be expert in using the literally hundreds of tools required to execute the plan and meticulously document their results. This book provides both the art and the science. The authors of the book are expert penetration testers who have developed many of the leading pen testing tools; such as the Metasploit framework. The authors allow the reader inside their heads to unravel the mysteries of thins like identifying targets, enumerating hosts, application fingerprinting, cracking passwords, and attacking exposed vulnerabilities. Along the way, the authors provide an invaluable reference to the hundreds of hijacking tools; sniffers; scanners; Web application; and vulnerability assessment tools from the bootable-Linux CD including the Metasploit Framework; ettercap, dsniff, Ethereal, Nmap, Paketto, Scanrand, Hydra, Paros, Nessus, and many more.

.
Price: $40.00 [Notify me when price goes down.]

The Climate Change 2007 volumes of the Fourth Assessment Report of the Intergovernmental Panel on Climate Change (IPCC) provide the most comprehensive and balanced assessment of climate change available. This IPCC Working Group II volume brings us completely up-to-date on the vulnerability of socio-economic and natural systems to climate change. Written by the world's leading experts, the IPCC volumes will again prove to be invaluable for researchers, students, and policymakers, and will form the standard reference works for policy decisions for government and industry worldwide..
Price: $69.03 [Notify me when price goes down.]