Syngress print books and ebooks | Elsevier | Elsevier Shop

Wireless Reconnaissance in Penetration Testing

1st Edition
October 29, 2012
Matthew Neely + 2 more
English
Paperback
9 7 8 1 5 9 7 4 9 7 3 1 2
eBook
9 7 8 1 5 9 7 4 9 7 3 2 9

In many penetration tests, there is a lot of useful information to be gathered from the radios used by organizations. These radios can include two-way radios used by guards, wireless headsets, cordless phones and wireless cameras. Wireless Reconnaissance in Penetration Testing describes the many ways that a penetration tester can gather and apply the information available from radio traffic. Stopping attacks means thinking like an attacker, and understanding all the ways that attackers gather information, or in industry terms profile, specific targets. With information from what equipment to use and how to find frequency information, to tips for reducing radio information leakage, to actual case studies describing how this information can be used to attack computer systems, this book is the go-to resource for penetration testing and radio profiling.

Information Security Risk Assessment Toolkit

1st Edition
October 17, 2012
Mark Talabis + 1 more
English
Paperback
9 7 8 1 5 9 7 4 9 7 3 5 0
eBook
9 7 8 1 5 9 7 4 9 9 7 5 0

In order to protect company’s information assets such as sensitive customer records, health care records, etc., the security practitioner first needs to find out: what needs protected, what risks those assets are exposed to, what controls are in place to offset those risks, and where to focus attention for risk treatment. This is the true value and purpose of information security risk assessments. Effective risk assessments are meant to provide a defendable analysis of residual risk associated with your key assets so that risk treatment options can be explored. Information Security Risk Assessment Toolkit gives you the tools and skills to get a quick, reliable, and thorough risk assessment for key stakeholders.

Client-Side Attacks and Defense

1st Edition
September 28, 2012
Sean-Philip Oriyano + 1 more
English
Paperback
9 7 8 1 5 9 7 4 9 5 9 0 5
eBook
9 7 8 1 5 9 7 4 9 5 9 1 2

Client-Side Attacks and Defense offers background networks against its attackers. The book examines the forms of client-side attacks and discusses different kinds of attacks along with delivery methods including, but not limited to, browser exploitation, use of rich internet applications, and file format vulnerabilities. It also covers defenses, such as antivirus and anti-spyware, intrusion detection systems, and end-user education. The book explains how to secure Web browsers, such as Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Apple Safari, and Opera. It discusses advanced Web attacks and advanced defenses against them. Moreover, it explores attacks on messaging, Web applications, and mobiles. The book concludes with a discussion on security measures against client-side attacks, starting from the planning of security. This book will be of great value to penetration testers, security consultants, system and network administrators, and IT auditors.

Practical Lock Picking

2nd Edition
September 24, 2012
Deviant Ollam
English
Paperback
9 7 8 1 5 9 7 4 9 9 8 9 7
eBook
9 7 8 1 5 9 7 4 9 9 9 0 3

Practical Lock Picking, Second Edition, is an instructional manual that covers everything from straightforward lockpicking to quick-entry techniques such as shimming, bumping, and bypassing. Written by Deviant Ollam, one of the security industry's best-known lockpicking teachers, and winner of the Best Book Bejtlich Read in 2010 award, this book contains detailed photos that make learning as easy as picking a lock. Material is offered in easy-to-follow lessons that allow even beginners to acquire the knowledge very quickly. Whether the student will be hired at some point to penetrate security or simply trying to harden his or her own defenses, this book is essential.This edition has been updated to reflect the changing landscape of tools and tactics which have emerged in recent years. It consists of 6 chapters that discuss topics such as the fundamentals of pin tumbler and wafer locks; the basics of picking, with emphasis on how to exploit weaknesses; tips for beginners on how to get very good and very fast in picking locks; advanced training; quick-entry tricks about shimming, bumping, and bypassing; and pin tumblers in other configurations.This book is geared specifically toward penetration testers, security consultants, IT security professionals, and hackers.

Keys to the Kingdom

1st Edition
September 24, 2012
Deviant Ollam
English
Paperback
9 7 8 1 5 9 7 4 9 9 8 3 5
eBook
9 7 8 0 1 2 3 9 7 9 3 0 8

Lockpicking has become a popular topic with many in the security community. While many have chosen to learn the fine art of opening locks without keys, few people explore the fascinating methods of attack that are possible WITH keys. Keys to the Kingdom addresses the topics of impressioning, master key escalation, skeleton keys, and bumping attacks that go well beyond any treatment of these topics in the author’s previous book, Practical Lock Picking. This material is all new and focuses on locks currently in use as well as ones that have recently emerged on the market. Hackers and pen testers or persons tasked with defending their infrastructure and property from invasion will find these techniques uniquely valuable. As with Deviant Ollam’s previous book, Practical Lock Picking, Keys to the Kingdom includes full-color versions of all diagrams and photographs. Check out the companion website which includes instructional videos that provide readers with a full-on training seminar from the author.

CISSP Study Guide

2nd Edition
August 29, 2012
Eric Conrad + 2 more
English
Paperback
9 7 8 1 5 9 7 4 9 9 6 1 3
eBook
9 7 8 1 5 9 7 4 9 9 6 8 2

The CISSP certification is the most prestigious, globally-recognized, vendor neutral exam for information security professionals. The newest edition of this acclaimed study guide is aligned to cover all of the material included in the newest version of the exam’s Common Body of Knowledge. The ten domains are covered completely and as concisely as possible with an eye to acing the exam. Each of the ten domains has its own chapter that includes specially designed pedagogy to aid the test-taker in passing the exam, including: Clearly stated exam objectives; Unique terms/Definitions; Exam Warnings; Learning by Example; Hands-On Exercises; Chapter ending questions. Furthermore, special features include: Two practice exams; Tiered chapter ending questions that allow for a gradual learning curve; and a self-test appendix

Hacking Web Apps

1st Edition
August 29, 2012
Mike Shema
English
Paperback
9 7 8 1 5 9 7 4 9 9 5 1 4
eBook
9 7 8 1 5 9 7 4 9 9 5 6 9

How can an information security professional keep up with all of the hacks, attacks, and exploits on the Web? One way is to read Hacking Web Apps. The content for this book has been selected by author Mike Shema to make sure that we are covering the most vicious attacks out there. Not only does Mike let you in on the anatomy of these attacks, but he also tells you how to get rid of these worms, trojans, and botnets and how to defend against them in the future. Countermeasures are detailed so that you can fight against similar attacks as they evolve. Attacks featured in this book include: • SQL Injection • Cross Site Scripting • Logic Attacks • Server Misconfigurations • Predictable Pages • Web of Distrust • Breaking Authentication Schemes • HTML5 Security Breaches • Attacks on Mobile Apps Even if you don’t develop web sites or write HTML, Hacking Web Apps can still help you learn how sites are attacked—as well as the best way to defend against these attacks. Plus, Hacking Web Apps gives you detailed steps to make the web browser – sometimes your last line of defense – more secure.

PCI Compliance

3rd Edition
August 13, 2012
Branden R. Williams + 1 more
English
Paperback
9 7 8 1 5 9 7 4 9 9 4 8 4
eBook
9 7 8 1 5 9 7 4 9 9 5 3 8

The credit card industry established the PCI Data Security Standards to provide a minimum standard for how vendors should protect data to ensure it is not stolen by fraudsters. PCI Compliance, 3e, provides the information readers need to understand the current PCI Data Security standards, which have recently been updated to version 2.0, and how to effectively implement security within your company to be compliant with the credit card industry guidelines and protect sensitive and personally identifiable information. Security breaches continue to occur on a regular basis, affecting millions of customers and costing companies millions of dollars in fines and reparations. That doesn’t include the effects such security breaches have on the reputation of the companies that suffer attacks. PCI Compliance, 3e, helps readers avoid costly breaches and inefficient compliance initiatives to keep their infrastructure secure.

Securing SQL Server

2nd Edition
July 17, 2012
Denny Cherry
English
eBook
9 7 8 1 5 9 7 4 9 9 5 2 1

SQL server is the most widely used database platform in the world, and a large percentage of these databases are not properly secured, exposing sensitive customer and business data to attack. In Securing SQL Server, 2e, readers learn about the potential attack vectors that can be used to break into SQL server databases as well as how to protect databases from these attacks. In this book written by Denny Cherry, a Microsoft SQL MVP and one of the biggest names in SQL server today, readers learn how to properly secure a SQL server database from internal and external threats using best practices as well as specific tricks the authors employ in their roles as database administrators for some of the largest SQL server deployments in the world. "Denny Cherry is what would happen if Bill Gates and AC/DC got together to create a sibling. He's a bare-knuckles, no holds-barred technologist, and you can bet that if he tells you that something does or doesn't work, he's speaking from experience. Active in the community, his passion is sharing. You'll enjoy this book."--Buck Woody, Senior Technology Specialist, Microsoft

Malware Forensics Field Guide for Windows Systems

1st Edition
May 11, 2012
Cameron H. Malin + 2 more
English
Paperback
9 7 8 1 5 9 7 4 9 4 7 2 4
eBook
9 7 8 1 5 9 7 4 9 4 7 3 1

Malware Forensics Field Guide for Windows Systems is a handy reference that shows students the essential tools needed to do computer forensics analysis at the crime scene. It is part of Syngress Digital Forensics Field Guides, a series of companions for any digital and computer forensic student, investigator or analyst. Each Guide is a toolkit, with checklists for specific tasks, case studies of difficult situations, and expert analyst tips that will aid in recovering data from digital media that will be used in criminal prosecution. This book collects data from all methods of electronic data storage and transfer devices, including computers, laptops, PDAs and the images, spreadsheets and other types of files stored on these devices. It is specific for Windows-based systems, the largest running OS in the world. The authors are world-renowned leaders in investigating and analyzing malicious code. Chapters cover malware incident response - volatile data collection and examination on a live Windows system; analysis of physical and process memory dumps for malware artifacts; post-mortem forensics - discovering and extracting malware and associated artifacts from Windows systems; legal considerations; file identification and profiling initial analysis of a suspect file on a Windows system; and analysis of a suspect program. This field guide is intended for computer forensic investigators, analysts, and specialists.

Life Sciences

Physical Sciences & Engineering

Social Sciences & Humanities

Health

Syngress