Web Security - Books On Amazon.com _{Check eBay.com!}

BOOK
Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions
Zane Lackey
$24.35

About this product:

Lock down next-generation Web services

"This book concisely identifies the types of attacks which are faced daily by Web 2.0 sites, and the authors give solid, practical advice on how to identify and mitigate these threats." --Max Kelly, CISSP, CIPP, CFCE, Senior Director of Security, Facebook

Protect your Web 2.0 architecture against the latest wave of cybercrime using expert tactics from Internet security professionals. Hacking Exposed Web 2.0 shows how hackers perform reconnaissance, choose their entry point, and attack Web 2.0-based services, and reveals detailed countermeasures and defense techniques. You'll learn how to avoid injection and buffer overflow attacks, fix browser and plug-in flaws, and secure AJAX, Flash, and XML-driven applications. Real-world case studies illustrate social networking site weaknesses, cross-site attack methods, migration vulnerabilities, and IE7 shortcomings.

• Plug security holes in Web 2.0 implementations the proven Hacking Exposed way
• Learn how hackers target and abuse vulnerable Web 2.0 applications, browsers, plug-ins, online databases, user inputs, and HTML forms
• Prevent Web 2.0-based SQL, XPath, XQuery, LDAP, and command injection attacks
• Circumvent XXE, directory traversal, and buffer overflow exploits
• Learn XSS and Cross-Site Request Forgery methods attackers use to bypass browser security controls
• Fix vulnerabilities in Outlook Express and Acrobat Reader add-ons
• Use input validators and XML classes to reinforce ASP and .NET security
• Eliminate unintentional exposures in ASP.NET AJAX (Atlas), Direct Web Remoting, Sajax, and GWT Web applications
• Mitigate ActiveX security exposures using SiteLock, code signing, and secure controls
• Find and fix Adobe Flash vulnerabilities and DNS rebinding attacks 
  
  

BOOK
Developer's Guide to Web Application Security
Michael Cross
$24.95

About this product:
Over 75% of network attacks are targeted at the web application layer. This book provides explicit hacks, tutorials, penetration tests, and step-by-step demonstrations for security professionals and Web application developers to defend their most vulnerable applications.

This book defines Web application security, why it should be addressed earlier in the lifecycle in development and quality assurance, and how it differs from other types of Internet security. Additionally, the book examines the procedures and technologies that are essential to developing, penetration testing and releasing a secure Web application. Through a review of recent Web application breaches, the book will expose the prolific methods hackers use to execute Web attacks using common vulnerabilities such as SQL Injection, Cross-Site Scripting and Buffer Overflows in the application layer. By taking an in-depth look at the techniques hackers use to exploit Web applications, readers will be better equipped to protect confidential.

* The Yankee Group estimates the market for Web application-security products and services will grow to $1.74 billion by 2007 from $140 million in 2002

* Author Matt Fisher is a highly sought after speaker who regularly delivers Web Application presentations at leading conferences including: Black Hat, TechnoSecurity, CanSec West, Shmoo Con, Information Security, RSA Conferences, and more

* The Companion Web site will have downloadable code and scripts presented in the book

BOOK
How to Break Web Software: Functional and Security Testing of Web Applications and Web Services. Book & CD
James A. Whittaker
$19.98

About this product:
Since its early days as an information exchange tool limited to academe, researchers, and the military, the web has grown into a commerce engine that is now omnipresent in all facets of our lifes. More websites are created daily and more applications are developed to allow users to learn, research, and purchase online. As a result, web development is often rushed, which increases the risk of attacks from hackers. Furthermore, the need for secure applications has to be balanced with the need for usability, performance, and reliability. In this book, Whittaker and Andrews demonstrate how rigorous web testing can help prevent and prepare for such attacks. They point out that methodical testing must include identifying threats and attack vectors to establish and then implement the appropriate testing techniques, manual or automated.

BOOK
Web Security, Privacy and Commerce, 2nd Edition
Simson Garfinkel
$17.90

About this product:
Since the first edition of Web Security, Privacy, & Commerce, web use has exploded, and so have the threats to our security and privacy--from credit card fraud to marketing spam to web site defacements to attacks that shut down popular web sites. Nearly double the amount of information, this completely updated volume explains the techniques you can use to protect your privacy, organization, system, and network. Topics include:

Web technology--Cryptography, the Secure Sockets Layer (SSL), the Public Key Infrastructure (PKI), passwords, digital signatures, and biometrics.User privacy and security--Cookies, log files, identity theft, spam, web logs, and web bugs, as well as hostile mobile code in plug-ins, ActiveX controls, Java applets, and JavaScript, Flash, and Shockwave programs. Web server security for administrators and content providers--CGI, PHP, and SSL certificates, intellectual property, P3P and privacy policies, digital payments, client-side signatures, code signing, pornography filtering, and PICS.

BOOK
Web Services Security
Mark O'Neill
$13.03

About this product:
Explains how to implement secure Web services and includes coverage of trust, confidentiality, cryptography, authentication, authorization, and Kerberos. You'll also find details on Security Assertion Markup Language (SAML), XML Key Management Specification (XKMS), XML Encryption, Hypertext Transfer Protocol-Reliability (HTTP-R) and more.

BOOK
Web Security for Network and System Administrators
David Mackey
$68.82

About this product:
Designed to educate students about the concepts and techniques of Internet Security and help prepare them for the CIW Security Professional exam.

BOOK
Security for Web Services and Service-Oriented Architectures
Anna Squicciarini
$58.36

About this product:

Web services based on the eXtensible Markup Language (XML), the Simple Object Access Protocol (SOAP), and related standards, and deployed in Service-Oriented Architectures (SOA), are the key to Web-based interoperability for applications within and across organizations. It is crucial that the security of services and their interactions with users is ensured if Web services technology is to live up to its promise. However, the very features that make it attractive – such as greater and ubiquitous access to data and other resources, dynamic application configuration and reconfiguration through workflows, and relative autonomy – conflict with conventional security models and mechanisms.

Elisa Bertino and her coauthors provide a comprehensive guide to security for Web services and SOA. They cover in detail all recent standards that address Web service security, including XML Encryption, XML Signature, WS-Security, and WS-SecureConversation, as well as recent research on access control for simple and conversation-based Web services, advanced digital identity management techniques, and access control for Web-based workflows. They explain how these implement means for identification, authentication, and authorization with respect to security aspects such as integrity, confidentiality, and availability.

This book will serve practitioners as a comprehensive critical reference on Web service standards, with illustrative examples and analyses of critical issues; researchers will use it as a state-of-the-art overview of ongoing research and innovative new directions; and graduate students will use it as a textbook on advanced topics in computer and system security.

BOOK
Joomla! Web Security
Tom Canavan
$22.65

About this product:

In Detail

Joomla! is one of the most powerful open-source content management systems used to build websites and other powerful online applications. While Joomla! itself is inherently safe, misconfigurations, vulnerable components, poorly configured hosts, and weak passwords can all contribute to the downfall of your site. So, you need to know how to secure your website from security threats.

Today every website needs to take security into consideration. Using the knowledge here, your Joomla! site can be ahead of the security threats so prevalent today.

This book will take you all the way from the most basic steps of preparation to the nuts and bolts of actual protection. It is packed full of relevant and real-world topics such as security tools, configuration suggestions, setting up your test and development environment, reading and interpreting log files, and techniques used by bad hackers on the Internet. In addition to this you will learn how to respond to a site emergency should one occur and how to collect the evidence needed to pursue law enforcement action. The book provides a concise overview of all the parts needed to construct a defence-in-depth strategy for your Joomla! site.

At the end of the book you will have a solid security foundation to take your Joomla! website to a higher level of security than the basic site setup.

What you will learn from this book?

• Implementing steps for successful Joomla! website architecture
• Setting up metrics to measure security
• Exploring the test and development environment; developing your test plan to make sure everything will work as planned
• Utilizing your test and development site for disaster recovery
• Measuring the performance of your software development projects using a software development management system
• Exploring several tools to help protect your website
• Diving into security vulnerabilities: why they exist; some typical counter measures
• Exploring SQL Injections - how they can hurt you and how to prevent them
• Mastering the two important security layers - php.ini and .htaccess
• Reading and analyzing logs relevant to protecting your Joomla! site
• Handling Security Incidents in a professional manner
• Blocking nuisance IP addresses

Approach

This book will give you a strong, hands-on approach to security. It starts out with the most basic of considerations such as choosing the right hosting sites then moves quickly into securing the Joomla! site and servers. This is a security handbook for Joomla! sites. It is an easy-to-use guide that will take you step by step into the world of secured websites.

Who this book is written for?

This book is a must-read for anyone seriously using Joomla! for any kind of business, ranging from small retailers to larger businesses. With this book they will be able to secure their sites, understand the attackers, and more, without the drudging task of looking up in forums, only to be flamed, or not even find the answers.

Prior knowledge of Joomla! is expected but no prior knowledge of securing websites is needed for this book. The reader will gain a moderate to strong level of knowledge on strengthening their sites against hackers.