Skip to main content
Elsevier

Syngress

  • Information Security Risk Assessment Toolkit

    Practical Assessments through Data Collection and Data Analysis
    • 1st Edition
    • Mark Talabis + 1 more
    • English
    In order to protect company’s information assets such as sensitive customer records, health care records, etc., the security practitioner first needs to find out: what needs protected, what risks those assets are exposed to, what controls are in place to offset those risks, and where to focus attention for risk treatment. This is the true value and purpose of information security risk assessments. Effective risk assessments are meant to provide a defendable analysis of residual risk associated with your key assets so that risk treatment options can be explored. Information Security Risk Assessment Toolkit gives you the tools and skills to get a quick, reliable, and thorough risk assessment for key stakeholders.

  • Client-Side Attacks and Defense

    • 1st Edition
    • Sean-Philip Oriyano + 1 more
    • English
    Client-Side Attacks and Defense offers background networks against its attackers. The book examines the forms of client-side attacks and discusses different kinds of attacks along with delivery methods including, but not limited to, browser exploitation, use of rich internet applications, and file format vulnerabilities. It also covers defenses, such as antivirus and anti-spyware, intrusion detection systems, and end-user education. The book explains how to secure Web browsers, such as Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Apple Safari, and Opera. It discusses advanced Web attacks and advanced defenses against them. Moreover, it explores attacks on messaging, Web applications, and mobiles. The book concludes with a discussion on security measures against client-side attacks, starting from the planning of security. This book will be of great value to penetration testers, security consultants, system and network administrators, and IT auditors.

  • Practical Lock Picking

    A Physical Penetration Tester's Training Guide
    • 2nd Edition
    • Deviant Ollam
    • English
    Practical Lock Picking, Second Edition, is an instructional manual that covers everything from straightforward lockpicking to quick-entry techniques such as shimming, bumping, and bypassing. Written by Deviant Ollam, one of the security industry's best-known lockpicking teachers, and winner of the Best Book Bejtlich Read in 2010 award, this book contains detailed photos that make learning as easy as picking a lock. Material is offered in easy-to-follow lessons that allow even beginners to acquire the knowledge very quickly. Whether the student will be hired at some point to penetrate security or simply trying to harden his or her own defenses, this book is essential.This edition has been updated to reflect the changing landscape of tools and tactics which have emerged in recent years. It consists of 6 chapters that discuss topics such as the fundamentals of pin tumbler and wafer locks; the basics of picking, with emphasis on how to exploit weaknesses; tips for beginners on how to get very good and very fast in picking locks; advanced training; quick-entry tricks about shimming, bumping, and bypassing; and pin tumblers in other configurations.This book is geared specifically toward penetration testers, security consultants, IT security professionals, and hackers.

  • Keys to the Kingdom

    Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks
    • 1st Edition
    • Deviant Ollam
    • English
    Lockpicking has become a popular topic with many in the security community. While many have chosen to learn the fine art of opening locks without keys, few people explore the fascinating methods of attack that are possible WITH keys. Keys to the Kingdom addresses the topics of impressioning, master key escalation, skeleton keys, and bumping attacks that go well beyond any treatment of these topics in the author’s previous book, Practical Lock Picking. This material is all new and focuses on locks currently in use as well as ones that have recently emerged on the market. Hackers and pen testers or persons tasked with defending their infrastructure and property from invasion will find these techniques uniquely valuable. As with Deviant Ollam’s previous book, Practical Lock Picking, Keys to the Kingdom includes full-color versions of all diagrams and photographs. Check out the companion website which includes instructional videos that provide readers with a full-on training seminar from the author.

  • Hacking Web Apps

    Detecting and Preventing Web Application Security Problems
    • 1st Edition
    • Mike Shema
    • English
    How can an information security professional keep up with all of the hacks, attacks, and exploits on the Web? One way is to read Hacking Web Apps. The content for this book has been selected by author Mike Shema to make sure that we are covering the most vicious attacks out there. Not only does Mike let you in on the anatomy of these attacks, but he also tells you how to get rid of these worms, trojans, and botnets and how to defend against them in the future. Countermeasures are detailed so that you can fight against similar attacks as they evolve. Attacks featured in this book include: • SQL Injection • Cross Site Scripting • Logic Attacks • Server Misconfigurations • Predictable Pages • Web of Distrust • Breaking Authentication Schemes • HTML5 Security Breaches • Attacks on Mobile Apps Even if you don’t develop web sites or write HTML, Hacking Web Apps can still help you learn how sites are attacked—as well as the best way to defend against these attacks. Plus, Hacking Web Apps gives you detailed steps to make the web browser – sometimes your last line of defense – more secure.

  • Malware Forensics Field Guide for Windows Systems

    Digital Forensics Field Guides
    • 1st Edition
    • Cameron H. Malin + 2 more
    • English
    Malware Forensics Field Guide for Windows Systems is a handy reference that shows students the essential tools needed to do computer forensics analysis at the crime scene. It is part of Syngress Digital Forensics Field Guides, a series of companions for any digital and computer forensic student, investigator or analyst. Each Guide is a toolkit, with checklists for specific tasks, case studies of difficult situations, and expert analyst tips that will aid in recovering data from digital media that will be used in criminal prosecution. This book collects data from all methods of electronic data storage and transfer devices, including computers, laptops, PDAs and the images, spreadsheets and other types of files stored on these devices. It is specific for Windows-based systems, the largest running OS in the world. The authors are world-renowned leaders in investigating and analyzing malicious code. Chapters cover malware incident response - volatile data collection and examination on a live Windows system; analysis of physical and process memory dumps for malware artifacts; post-mortem forensics - discovering and extracting malware and associated artifacts from Windows systems; legal considerations; file identification and profiling initial analysis of a suspect file on a Windows system; and analysis of a suspect program. This field guide is intended for computer forensic investigators, analysts, and specialists.

  • The Basics of Digital Forensics

    The Primer for Getting Started in Digital Forensics
    • 1st Edition
    • John Sammons
    • English
    The Basics of Digital Forensics provides a foundation for people new to the field of digital forensics. This book teaches you how to conduct examinations by explaining what digital forensics is, the methodologies used, key technical concepts and the tools needed to perform examinations. Details on digital forensics for computers, networks, cell phones, GPS, the cloud, and Internet are discussed. Readers will also learn how to collect evidence, document the scene, and recover deleted data. This is the only resource your students need to get a jump-start into digital forensics investigations. This book is organized into 11 chapters. After an introduction to the basics of digital forensics, the book proceeds with a discussion of key technical concepts. Succeeding chapters cover labs and tools; collecting evidence; Windows system artifacts; anti-forensics; Internet and email; network forensics; and mobile device forensics. The book concludes by outlining challenges and concerns associated with digital forensics. PowerPoint lecture slides are also available. This book will be a valuable resource for entry-level digital forensics professionals as well as those in complimentary fields including law enforcement, legal, and general information security.

  • Windows Forensic Analysis Toolkit

    Advanced Analysis Techniques for Windows 7
    • 3rd Edition
    • Harlan Carvey
    • English
    Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 7 provides an overview of live and postmortem response collection and analysis methodologies for Windows 7. It considers the core investigative and analysis concepts that are critical to the work of professionals within the digital forensic analysis community, as well as the need for immediate response once an incident has been identified. Organized into eight chapters, the book discusses Volume Shadow Copies (VSCs) in the context of digital forensics and explains how analysts can access the wealth of information available in VSCs without interacting with the live system or purchasing expensive solutions. It also describes files and data structures that are new to Windows 7 (or Vista), Windows Registry Forensics, how the presence of malware within an image acquired from a Windows system can be detected, the idea of timeline analysis as applied to digital forensic analysis, and concepts and techniques that are often associated with dynamic malware analysis. Also included are several tools written in the Perl scripting language, accompanied by Windows executables. This book will prove useful to digital forensic analysts, incident responders, law enforcement officers, students, researchers, system administrators, hobbyists, or anyone with an interest in digital forensic analysis of Windows 7 systems.

  • Low Tech Hacking

    Street Smarts for Security Professionals
    • 1st Edition
    • Terry Gudaitis + 4 more
    • English
    Low Tech Hacking teaches your students how to avoid and defend against some of the simplest and most common hacks. Criminals using hacking techniques can cost corporations, governments, and individuals millions of dollars each year. While the media focuses on the grand-scale attacks that have been planned for months and executed by teams and countries, there are thousands more that aren't broadcast. This book focuses on the everyday hacks that, while simple in nature, actually add up to the most significant losses. It provides detailed descriptions of potential threats and vulnerabilities, many of which the majority of the information systems world may be unaware. It contains insider knowledge of what could be your most likely low-tech threat, with timely advice from some of the top security minds in the world. Author Jack Wiles spent many years as an inside penetration testing team leader, proving that these threats and vulnerabilities exist and their countermeasures work. His contributing authors are among the best in the world in their respective areas of expertise. The book is organized into 8 chapters covering social engineering; locks and ways to low tech hack them; low tech wireless hacking; low tech targeting and surveillance; low tech hacking for the penetration tester; the law on low tech hacking; and information security awareness training as a countermeasure to employee risk. This book will be a valuable resource for penetration testers, internal auditors, information systems auditors, CIOs, CISOs, risk managers, fraud investigators, system administrators, private investigators, ethical hackers, black hat hackers, corporate attorneys, and members of local, state, and federal law enforcement.

  • Moving To The Cloud

    Developing Apps in the New World of Cloud Computing
    • 1st Edition
    • Geetha Manjunath + 1 more
    • English
    Moving to the Cloud provides an in-depth introduction to cloud computing models, cloud platforms, application development paradigms, concepts and technologies. The authors particularly examine cloud platforms that are in use today. They also describe programming APIs and compare the technologies that underlie them. The basic foundations needed for developing both client-side and cloud-side applications covering compute/storage scaling, data parallelism, virtualization, MapReduce, RIA, SaaS and Mashups are covered. Approaches to address key challenges of a cloud infrastructure, such as scalability, availability, multi-tenancy, security and management are addressed. The book also lays out the key open issues and emerging cloud standards that will drive the continuing evolution of cloud computing.

Browse by Publisher