|
InfoSecurity 2008 Threat Analysis
|
|
Hits: 21 |
|
Date added: 12/14/2007 |
|
An all-star cast of authors analyze the top IT security threats for 2008 as selected by the editors and readers of Infosecurity Magazine. This book, compiled from the Syngress Security Library, is an essential reference for any IT professional managing enterprise security. It serves as an early warning system, allowing readers to assess vulnerabilities, design protection schemes and plan for disaster recovery should an attack occur. Topics include Botnets, Cross Site Scripting Attacks, Social Engineering, Physical and Logical Convergence, Payment Card Industry (PCI) Data Security Standards (DSS), Voice over IP (VoIP), and Asterisk Hacking. |
|
|
|
|
|
A Hacking Guide
|
|
Hits: 21 |
|
Date added: 03/12/2006 |
|
Breaking into computer networks from the Internet. An older but informative document. |
|
|
|
|
|
Applying XSS to Phishing Attacks
|
|
Hits: 22 |
|
Date added: 12/11/2007 |
|
|
|
|
|
|
|
|
Metasploit Toolkit
|
|
Hits: 37 |
|
Date added: 10/27/2007 |
|
This is the first book available for the Metasploit Framework (MSF), which is the attack platform of choice for one of the fastest growing careers in IT security: Penetration Testing. The book and companion Web site will provide professional penetration testers and security researchers with a fully integrated suite of tools for discovering, running, and testing exploit code. |
|
|
|
|
|
|
Bypass Testing of Web Applications
|
|
Hits: 37 |
|
Date added: 12/05/2007 |
|
Web software applications are increasingly being deployed
in sensitive situations. Web applications are used
to transmit, accept and store data that is personal, company
confidential and sensitive. Input validation testing
(IVT) checks user inputs to ensure that they conform to
the program’s requirements, which is particularly important
for software that relies on user inputs, including
Web applications. A common technique in Web applications
is to perform input validation on the client
with scripting languages such as JavaScript. An insidious
problem with client-side input validation is that end
users can bypass this validation. Bypassing validation
can reveal faults in the software, and can also break the
security on Web applications, leading to unauthorized
access to data, system failures, invalid purchases and
entry of bogus data. We are developing a strategy called
bypass testing to create IVT tests. This paper describes
the strategy, defines specific rules and adequacy criteria
for tests, describes a proof-of-concept automated tool,
and presents initial empirical results from applying bypass
testing. |
|
|
|
