Hacking Books - Page 5

Essential PHP Security

Chris Shiflett

Amazon Price: $19.77 List Price: $29.95 Usually ships in 24 hours By: O'Reilly Media, Inc. Amazon Marketplace: 49 new & used starting at $15.92

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Business & Culture -> Hacking
Subjects -> Computers & Internet -> Business & Culture -> Privacy
Subjects -> Computers & Internet -> Business & Culture -> Security

Customer Reviews:
Total reviews: 15 Average rating: 4.0 of 5

Editorial Review:

Being highly flexible in building dynamic, database-driven web applications makes the PHP programming language one of the most popular web development tools in use today. It also works beautifully with other open source tools, such as the MySQL database and the Apache web server. However, as more web sites are developed in PHP, they become targets for malicious attackers, and developers need to prepare for the attacks.

Security is an issue that demands attention, given the growing frequency of attacks on web sites. Essential PHP Security explains the most common types of attacks and how to write code that isn't susceptible to them. By examining specific attacks and the techniques used to protect against them, you will have a deeper understanding and appreciation of the safeguards you are about to learn in this book.

In the much-needed (and highly-requested) Essential PHP Security, each chapter covers an aspect of a web application (such as form processing, database programming, session management, and authentication). Chapters describe potential attacks with examples and then explain techniques to help you prevent those attacks.

Topics covered include:

• Preventing cross-site scripting (XSS) vulnerabilities
• Protecting against SQL injection attacks
• Complicating session hijacking attempts

You are in good hands with author Chris Shiflett, an internationally-recognized expert in the field of PHP security. Shiflett is also the founder and President of Brain Bulb, a PHP consultancy that offers a variety of services to clients around the world.

Guide to Computer Forensics and Investigations, Third Edition

Bill Nelson, Amelia Phillips, Frank Enfinger, Christopher Steuart

Amazon Price: $61.71 List Price: $97.95 Usually ships in 24 hours By: Course Technology Amazon Marketplace: 76 new & used starting at $50.00

Buy at Amazon.com

Browse similar items by category:
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General AAS
Subjects -> Computers & Internet -> Business & Culture -> Culture

Customer Reviews:
Total reviews: 8 Average rating: 2.0 of 5

Do not buy this book used! You won't be able to use the CD 1 out of 5 stars.
17 of 21 people found this review helpful.

This book represents the core of what is wrong with corporate America today. This book is packaged with a CD that has software on it used throughout the book. What they don't tell you anywhere is that you must register the software using a unique and one time only coupon in the cd pouch. Furthermore the software then expires in 120 days. To not mention this limitation that basically makes the book useless for resale is very deceitful on the part of the publisher and the company that supplied the software. Never have I seen such B.S. before as this when it comes for games that publishers play!!! THIS INFORMATION SHOULD HAVE BEEN IN BIG BOLD LETTERS -- YOU CANNOT RESELL THIS BOOK DUE TO THE ONE-TIME USE OF THE ENCLOSED CD SOFTWARE --

Editorial Review:

Master the skills necessary to launch and complete a successful computer investigation with the updated edition of this highly successful book, Guide to Computer Forensics and Investigations. This text will teach readers how to conduct a high-tech investigation, from acquiring digital evidence to reporting its findings. Coverage includes how to set up a forensics lab, how to acquire the proper and necessary tools, and how to conduct the investigation and subsequent digital analysis. The comprehensive coverage and detailed know-how led to the book being listed as recommended reading by the FBI Forensics Communications the United States Certified reading room. The book features free downloads of the latest forensic software, so students become familiar with the tools of the trade.

Incident Response: Investigating Computer Crime

Chris Prosise, Kevin Mandia

List Price: $39.99 By: McGraw-Hill Companies Amazon Marketplace: 34 new & used starting at $0.71

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Business & Culture -> Hacking
Subjects -> Computers & Internet -> Business & Culture -> Privacy
Subjects -> Computers & Internet -> Networking -> Networks, Protocols & APIs -> General

Customer Reviews:
Total reviews: 29 Average rating: 4.5 of 5

The Very Best Computer Forensics Primer Out There (1/04) 5 out of 5 stars.
14 of 16 people found this review helpful.

As an attorney and a formally-trained computer forensics examiner and instructor who has been tilling the fields of digital evidence for some time, I'm always on the prowl for the next great computer forensics tool or text that's going to help me find the next smoking gun...or at least be confident I haven't overlooked it. I've built a substantial library of books and articles on computer forensics, some very good and some a complete waste of money. But, this book is the best of the best.

From its step-by-step detail of the forensic process to its copious and helpful illustrations and screen shots to its unvarnished discussion of the tools in the marketplace, the second edition of Incident Response and Computer Forensics is, for my money, the most valuable resource any computer forensic examiner could have on their shelf. Many of the techniques and shortcuts detailed are "trade secrets" in that I've never seen them described in print. Unlike other forensic guides that assume the reader owns a costly forensic software suite, this book fairly splits its emphasis between Linux tools, shareware and the best software packages. That means the reader can begin the learning process at once, without investing anything more than their time and interest.

Another strength is that the book neither presupposes a too-high level of knowledge or experience nor dumbs down its content such that an expert wouldn't derive any value. There's something here for everyone who cares about computer forensics, from the neophyte to the grizzled veteran. When I paid $50.00 for this tome at a big box bookstore, I worried I was paying too much. Now, I'd think it cheap at twice the price.

As another reviewer pointed out, it doesn't devote a chapter to the law, but that is not to say that legal considerations are ignored. To the contrary, I think the authors do an excellent job of giving a useful "heads-up" where needed and not moving out of their depth.

I don't know these guys, but I'd sure like to shake their hands for a job well done! Thanks.

Craig Ball is an attorney and certified computer forensic examiner based in Montgomery, Texas, who teaches and consults with attorneys and the courts on matters of computer forensics and electronic discovery.

Editorial Review:

Incident response is a multidisciplinary science that resolves computer crime and complex legal issues, chronological methodologies and technical computer techniques. The commercial industry has embraced and adopted technology that detects hacker incidents. Companies are swamped with real attacks, yet very few have any methodology or knowledge to resolve these attacks. "Incident Response: Investigating Computer Crime" will be the only book on the market that provides the information on incident response that network professionals need to conquer attacks. "Incident Response: Investigating Computer Crime" picks up where "Hacking Exposed" leaves off, describing the methods and techniques necessary to perform a professional and successful response to computer security incidents. It provides an insider's perspective on the incident response process that has never been disclosed or published, including real case scenarios with insightful tips on how to respond to computer crime incidents.

Steal This Computer Book 4.0: What They Won't Tell You About the Internet

Wallace Wang

Amazon Price: $19.77 List Price: $29.95 Usually ships in 24 hours By: No Starch Press Amazon Marketplace: 50 new & used starting at $9.99

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Home Computing -> Internet -> General AAS
Subjects -> Computers & Internet -> Business & Culture -> File Sharing
Subjects -> Computers & Internet -> Business & Culture -> Hacking

Customer Reviews:
Total reviews: 48 Average rating: 3.0 of 5

This Book Is Basic. But very informative. 4 out of 5 stars.
2 of 2 people found this review helpful.

If you are looking to hack this book is for you. I found that visual basic is a good programming language. C++,Python,Java, and many more langs will have hacks. Its up to you to learn how to write them. You must learn the programming language before you start looking at hacking, because other wise you are wasting your time.Many hackers are self driven and want to create programs and discover flaws in programs. It is my personal experience that you will not find every thing you want to know from one book. If you are seriously into Networking and Security i sugeset learning from some one who will teach you and offers classes on it (this would be hands on learning) EcCouncil is a great reference and will teach you a lot.

Editorial Review:

This offbeat, non-technical book examines what hackers do, how they do it, and how readers can protect themselves. Informative, irreverent, and entertaining, the completely revised fourth edition of Steal This Computer Book contains new chapters that discuss the hacker mentality, lock picking, exploiting P2P file sharing networks, and how people manipulate search engines and pop-up ads. Includes a CD with hundreds of megabytes of hacking and security-related programs that tie in to each chapter in the book.

Nightwork: A History of Hacks and Pranks at MIT

Institute Historian T. F. Peterson

Amazon Price: $14.93 List Price: $21.95 Usually ships in 24 hours By: The MIT Press Amazon Marketplace: 62 new & used starting at $2.95

Buy at Amazon.com

Browse similar items by category:
Subjects -> Business & Investing -> Industries & Professions -> MIS
Subjects -> Business & Investing -> Reference -> Education
Subjects -> Computers & Internet -> Business & Culture -> Hacking

Customer Reviews:
Total reviews: 7 Average rating: 4.5 of 5

Editorial Review:

Before the term hacking became associated with computers, MIT undergraduates used it to describe any activity that took their minds off studying, suggested an unusual solution to a technical problem, or generally fostered nondestructive mischief. The MIT hacking culture has given us such treasures as police cars and cows on the Great Dome, a disappearing door to the President's office, and the commencement game of "Al Gore Buzzword Bingo." Hacks can be technical, physical, virtual, or verbal. Often the underlying motivation is to conquer the inaccessible and make possible the improbable. Hacks can express dissatisfaction with local culture or with administrative decisions, but mostly they are remarkably good-spirited. They are also by definition ephemeral. Fortunately, the MIT Museum has amassed a unique collection of hack-related pictures, reports, and remnants. Nightwork collects the best materials from this collection, to entertain innocent bystanders and inspire new generations of practitioners.

Hacking Exposed Windows: Microsoft Windows Security Secrets and Solutions, Third Edition (Hacking Exposed)

Joel Scambray

Amazon Price: $31.49 List Price: $49.99 Usually ships in 24 hours By: McGraw-Hill Osborne Media Amazon Marketplace: 48 new & used starting at $24.60

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Home Computing -> Internet -> Web Browsers
Subjects -> Computers & Internet -> Business & Culture -> Hacking
Subjects -> Computers & Internet -> Business & Culture -> Privacy

Customer Reviews:
Total reviews: 4 Average rating: 5.0 of 5

Editorial Review:

The latest Windows security attack and defense strategies

"Securing Windows begins with reading this book." --James Costello (CISSP) IT Security Specialist, Honeywell

Meet the challenges of Windows security with the exclusive Hacking Exposed "attack-countermeasure" approach. Learn how real-world malicious hackers conduct reconnaissance of targets and then exploit common misconfigurations and software flaws on both clients and servers. See leading-edge exploitation techniques demonstrated, and learn how the latest countermeasures in Windows XP, Vista, and Server 2003/2008 can mitigate these attacks. Get practical advice based on the authors' and contributors' many years as security professionals hired to break into the world's largest IT infrastructures. Dramatically improve the security of Microsoft technology deployments of all sizes when you learn to:

• Establish business relevance and context for security by highlighting real-world risks
• Take a tour of the Windows security architecture from the hacker's perspective, exposing old and new vulnerabilities that can easily be avoided
• Understand how hackers use reconnaissance techniques such as footprinting, scanning, banner grabbing, DNS queries, and Google searches to locate vulnerable Windows systems
• Learn how information is extracted anonymously from Windows using simple NetBIOS, SMB, MSRPC, SNMP, and Active Directory enumeration techniques
• Prevent the latest remote network exploits such as password grinding via WMI and Terminal Server, passive Kerberos logon sniffing, rogue server/man-in-the-middle attacks, and cracking vulnerable services
• See up close how professional hackers reverse engineer and develop new Windows exploits
• Identify and eliminate rootkits, malware, and stealth software
• Fortify SQL Server against external and insider attacks
• Harden your clients and users against the latest e-mail phishing, spyware, adware, and Internet Explorer threats
• Deploy and configure the latest Windows security countermeasures, including BitLocker, Integrity Levels, User Account Control, the updated Windows Firewall, Group Policy, Vista Service Refactoring/Hardening, SafeSEH, GS, DEP, Patchguard, and Address Space Layout Randomization

Certified Ethical Hacker Exam Prep (Exam Prep 2 (Que Publishing))

Michael Gregg

Amazon Price: $34.64 List Price: $54.99 Usually ships in 24 hours By: Que Amazon Marketplace: 40 new & used starting at $27.96

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Business & Culture -> Hacking
Subjects -> Computers & Internet -> Certification Central -> Publisher -> Que
Subjects -> Computers & Internet -> Certification Central -> General

Customer Reviews:
Total reviews: 15 Average rating: 4.5 of 5

Very effective book 4 out of 5 stars.
25 of 25 people found this review helpful.

The previous poster did bring up a good point: this book will not teach you how to hack. It WILL help you pass the CEH exam. It lays a very good foundation, and the only reason I give it 4 stars was because it was lacking the detail and depth to be fully comprehensive.

Keep in mind, that this book is meant for people who do have an administration background and who happen to be pretty familiar with Linux and Windows. The book is written for that group of people because without that experience, you probably won't have the experience necessary to be a CEH.

I happen to read all 3 books for the CEH that are listed on Amazon. The Sybex book, the EC-council book, and this book. By far, this book was the best out of the 3. The Sybex book was a waste of money as it wasn't as good as this book and it had even less depth. The EC-council book had a bit more detail in some topics, although it lacked cohesion and was poor at presenting the thought behind it. I think this book and the EC-council book compliment each other, and give you a pretty good idea of what you actually need to know. I would start with this book and finish up with the EC-council book and/or courseware. My reasoning is that you should set the foundation first and this book does that.

Also, as with hacking, google is an excellent resource. These two books won't be enough to fill all the holes, but the internet is a damned good filler.

In conclusion this book provides for pretty good preparation for the actual test, and is a comfortable read.

ABOUT THE TEST:

150 questions, you have 4 hours. I took only 2 and scored an 86%. 70% is passing. I studied for only two weeks, but have extensive background in the subject area.

The test is very specific, and you are expected to know the material in detail - NOT just concepts. The test is geared towards people with security experience, and the test questions are true to that purpose. It will be very difficult to pass if you:
1) Don't know linux
2) Don't understand Microsoft's OS and operations
3) never actually used any of the hacking tools

Linux is not a MAJOR part of the test, but there are enough questions on linux command line operations to make a difference.

Keep in mind, just reading alone will not let you pass this test. It is very important that you try out the most popular and important tools (firsthand!). You will be asked about specific commands, and be expected to know them. Know nmap, snort, hping2, tracert and tcpdump down cold. Know the ICMP codes and types. The only way you learn this stuff is to actually practice it.

This really isn't an entry level test at all. Even if you know all your stuff, the test isn't easy to pass. I'd strongly encourage that people take some practice with actual pen testing before they try this test (use vmware to simulate a target if you cant throw a home made lab together). If you don't actually try this stuff out, your odds of passing will plummet.

About 10% of the questions are what I'd consider bad questions - either they are unclear, or ambiguous or poorly word... Without violating the NDA - one of the questions parallel the following examples: Can you establish tcp sessions while spoofing your ip address? The answer is: it depends - are you sniffing the outgoing traffic? If so, then it is certainly possible.. otherwise there is no way you'll establish a tcp connection. What if the question doesn't specify, and the answer hinges on this? This type of ambiguous situation happened on at least 10 questions. This will lose you points right off the bat, because to no fault of your own you won't be able to determine the valid answers.

Good luck!

Editorial Review:

The CEH certification shows knowledge of network penetration testing skills. The CEH exam takes three hours and 125 questions, requiring a broad and deep knowledge of network security issues. The CEH Exam Prep is the perfect solution for this challenge, giving you the solid, in-depth coverage you'll need to score higher on the exam.

 

Along with the most current CEH content, the book also contains the elements that make Exam Preps such strong study aides: comprehensive coverage of exam topics, end-of-chapter review, practice questions, Exam Alerts, Fast Facts, plus an entire practice exam to test your understanding of the material. The book also features MeasureUp's innovative testing software, to help you drill and practice your way to higher scores.

Linux Server Hacks, Volume Two: Tips & Tools for Connecting, Monitoring, and Troubleshooting (Hacks)

William von Hagen, Brian Jones

Amazon Price: $19.77 List Price: $29.95 Usually ships in 24 hours By: O'Reilly Media, Inc. Amazon Marketplace: 49 new & used starting at $7.00

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Business & Culture -> Hacking
Subjects -> Computers & Internet -> Business & Culture -> Security
Subjects -> Computers & Internet -> Networking -> Data in the Enterprise -> Client-Server Systems

Customer Reviews:
Total reviews: 7 Average rating: 5.0 of 5

Editorial Review:

Today's system administrators deal with a vast number of situations, operating systems, software packages, and problems. Those who are in the know have kept their copy of Linux Server Hacks close at hand to ease their burden. And while this helps, it's not enough: any sys admin knows there are many more hacks, cool tips, and ways of solving problems than can fit in a single volume (one that mere mortals can lift, that is).

Which is why we created Linux Server Hacks, Volume Two, a second collection of incredibly useful tips and tricks for finding and using dozens of open source tools you can apply to solve your sys admin problems. The power and flexibility of Linux and Open Source means that there is an astounding amount of great software out there waiting to be applied to your sys admin problems -- if only you knew about it and had enough information to get started. Hence, Linux Server Hacks, Volume Two.

This handy reference offers 100 completely new server management tips and techniques designed to improve your productivity and sharpen your administrative skills. Each hack represents a clever way to accomplish a specific task, saving you countless hours of searching for the right answer. No more sifting through man pages, HOWTO websites, or source code comments -- the only resource you need is right here. And you don't have to be a system administrator with hundreds of boxen to get something useful from this book as many of the hacks apply equally well to a single system or a home network.

Compiled by experts, these hacks not only give you the step-by-step instructions necessary to implement the software, but they also provide the context to truly enable you to learn the technology. Topics include:

• Authentication
• Remote GUI connectivity
• Storage management
• File sharing and synchronizing resources
• Security/lockdown instruction
• Log files and monitoring
• Troubleshooting
• System rescue, recovery, and repair

Whether they help you recover lost data, collect information from distributed clients, or synchronize administrative environments, the solutions found in Linux Server Hacks, Volume Two will simplify your life as a system administrator.

Hacking Ubuntu: Serious Hacks Mods and Customizations (ExtremeTech)

Neal Krawetz

Amazon Price: $19.79 List Price: $29.99 Usually ships in 24 hours By: Wiley Amazon Marketplace: 67 new & used starting at $4.08

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Business & Culture -> Hacking
Subjects -> Computers & Internet -> Operating Systems -> Linux -> General
Subjects -> Computers & Internet -> Operating Systems -> Linux -> General AAS

Customer Reviews:
Total reviews: 12 Average rating: 4.0 of 5

Not comprehensive enough for me 3 out of 5 stars.
4 of 6 people found this review helpful.

I hope for the book that will clearly tell me step by step how to hack/customize things in Ubuntu. This book tries to cover too many topics thus not details enough to be successful on the first try. I still have to go to various forum to read more. It is only introduce me to various topics. For the really confusing things such as network sharing, it doesn't go into details at all. Very disappointing.

Comprehensive and Clear 5 out of 5 stars.
1 of 2 people found this review helpful.

The popularity of Ubuntu has given rise to a deluge of Ubuntu books. Most are of an introductory nature; this is one of the few that rises to the level of a system administrator's needs.

The choice of content is excellent and, perhaps more importantly, the narrative is effective in building a cohesive understanding of the software systems that comprise Ubuntu. In this, it is clear that this book has benefited from having a single, expert author following a rational path of exposition.

Editorial Review:

Ubuntu, an African word meaning “humanity to others,” is the hottest thing in Linux today. This down-and-dirty book shows you how they can blow away the default system settings and get Ubuntu to behave however you want. You’ll learn how to optimize its appearance, speed, usability, and security and get the low-down on hundreds of hacks such as running Ubuntu from a USB drive, installing it on a Mac, enabling multiple CPUs, and putting scripts in menus and panels.

Google Hacks: 100 Industrial-Strength Tips & Tools

Tara Calishain

Amazon Price: $18.21 List Price: $24.95 Usually ships in 24 hours By: O'Reilly Amazon Marketplace: 85 new & used starting at $0.01

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Home Computing -> Internet -> General AAS
Subjects -> Computers & Internet -> Business & Culture -> Hacking
Subjects -> Computers & Internet -> Programming -> General

Customer Reviews:
Total reviews: 62 Average rating: 4.5 of 5

Editorial Review:

The Internet puts a wealth of information at your fingertips, and all you have to know is how to find it. Google is your ultimate research tool--a search engine that indexes more than 2.4 billion web pages, in more than 30 languages, conducting more than 150 million searches a day. The more you know about Google, the better you are at pulling data off the Web. You've got a cadre of techniques up your sleeve--tricks you've learned from practice, from exchanging ideas with others, and from plain old trial and error--but you're always looking for better ways to search. It's the "hacker" in you: not the troublemaking kind, but the kind who really drives innovation by trying new ways to get things done. If this is you, then you'll find new inspiration (and valuable tools, too) in Google Hacks from O'Reilly's new Hacks Series. Google Hacks is a collection of industrial-strength, real-world, tested solutions to practical problems. The book offers a variety of interesting ways for power users to mine the enormous amount of information that Google has access to, and helps you have fun while doing it. You'll learn clever and powerful methods for using the advanced search interface and the new Google API, including how to build and modify scripts that can become custom business applications based on Google. Google Hacks contains 100 tips, tricks and scripts that you can use to become instantly more effective in your research. Each hack can be read in just a few minutes, but can save hours of searching for the right answers. Written by experts for intelligent, advanced users, O'Reilly's new Hacks Series have begun to reclaim the term "hacking" for the good guys. In recent years the term "hacker" has come to be associated with those nefarious black hats who break into other people's computers to snoop, steal information, or disrupt Internet traffic. But the term originally had a much more benign meaning, and you'll still hear it used this way whenever developers get together. Our new Hacks Series is written in the spirit of true hackers--the people who drive innovation. If you're a Google power user, you'll find the technical edge you're looking for in Google Hacks.