begood Posted March 21, 2010 Report Share Posted March 21, 2010 Cu mentiunea : doar carti sau reviste noi, publicate din 2009 in colo.Daca gasiti gasiti carti noi si ati postat deja, dar postul e vechi de cel mult 2 saptamani, atunci EDITATI pentru a evita postul dublu, in caz contrar aveti voie la post dublu pentru a invia topicul. *aceasta regula se aplica doar la acest thread.Cum as recomanda sa postati :Imagine coperta, ISBN-10 sau ISBN-13.Exemplu :Attack Simulation and Threat ModelingPREFACE“The purpose of computing is insight not numbers”I wrote this book as a direct consequence of Security Analysis and Data Visualization1. A lot ofground rules were laid there - we simply follow up here. Attack Simulation and ThreatModeling explores the abundant resources available in advanced security data collection,processing and mining. It is often the case that the essential value inherent in any datacollection method is only as good as the processing and mining technique used. Therefore,this book attempts to give insight into a number of alternative security and attack analysismethods that leverage techniques adopted from such subject areas as statistics, AI, datamining, graphics design, pattern recognition and to some extent psychology and economics.As security design and implementation become major components of the overall enterprisearchitecture and data collection tools improve and evolve, the ability to collect data will nodoubt increase dramatically. This then brings us to the value of the data which is often onlyas useful as what the analysis can shape it into. Whilst the security process itself is key, thecollection, processing and mining techniques used to analyze the data are even moreimportant.As much as information security is a unique and evolving field with particular needs,analysis techniques typically span the boundaries of different disciplines. Analysts that limitthemselves to the boundaries imposed by one field may unnecessarily miss out all thepossibilities that may exist in the multitude of disciplines that exists outside of it. This is byno means different with information security: by aligning it with different disciplines, weexpand the possibilities exponentially. This book examines various tools and techniques fromthese other disciplines in extracting valuable findings to support security research anddecision making.The objective of Attack Simulation and Threat Modeling is essentially to serve as an eyeopener for security analysts and practitioners that there are many more techniques, tools andoptions beyond the security research field that can be used and are fit-for-purpose.Hopefully, this will lay the foundation for a cross-discipline concerted and collaborativeeffort that will help identify more techniques for security research and modeling.1http://inverse.com.ng/sadv/Security_Analysis_and_Data_Visualization.pdfiiiOn a final note, this book is also heavy on the use of free and open source tools (both onMicrosoft Windows and Linux platforms). Part of the rationale for this is to bring the analystup to speed with the concepts and techniques of computer (security) simulation andmodeling without having a recourse to proprietary tools and applications. I think in myhumble estimation, it bridges the knowledge gap quicker whilst bringing the core subjectmatter to the fore.http://inverse.com.ng/book2/Attack_Simulation_and_Threat_Modeling.pdf//nu are ISBN. Quote Link to comment Share on other sites More sharing options...
sonyx Posted March 21, 2010 Report Share Posted March 21, 2010 Security Analysis and Data Visualization As security professionals will no doubt allude to, trying to make sense of tons of security data from different tools and applications can be a bit challenging. I have faced it too and this led to my writing this book. Security Analysis and Data Visualization is an attempt to help give some meaning to this seemingly multifaceted Gordian knot. End to end security assessment is explored as it follows the Capture -> Process -> Visualize -> Govern model. It is highly practical oriented with 38 case studies and a number of graphical illustrations.Link : http://inverse.com.ng/sadv/Security_Analysis_and_Data_Visualization.pdfFara ISBN Quote Link to comment Share on other sites More sharing options...
begood Posted April 12, 2010 Author Report Share Posted April 12, 2010 (IN)SECURE MAGAZINE issue 25 (APRIL 2010) * The changing face of penetration testing: Evolve or die! * Review: SmartSwipe * Unusual SQL injection vulnerabilities and how to exploit them * Take note of new data notification rules * RSA Conference 2010 coverage * Corporate monitoring: Addressing security, privacy, and temptation in the workplace * Cloud computing and recovery, not just backup * EJBCA: Make your own certificate authority * Advanced attack detection using OSSIM * AND MORE!http://www.net-security.org/dl/insecure/INSECURE-Mag-25.pdf//fara isbn Quote Link to comment Share on other sites More sharing options...
begood Posted April 30, 2010 Author Report Share Posted April 30, 2010 Hakin9 magazine#Firewalls for BeginnersFirewalls are often overlooked, but are actually one of the best deterrents against unauthorized accesses. Learn how to build a low-cost firewall with iptables. Whenever people ask me how they can be sure no one can have unauthorized remote access to their PC, my first answer is: disconnect your PC!- Antonio Fanelli#Pwning Embedded ADSL RoutersThis paper sheds light on the hierarchical approach of pen testing and finding security related issues in the small embedded devices that are used for local area networks. The paper is restricted to not only testing but also discusses the kinds of software and firmware used and incessant vulnerabilities that should be scrutinized while setting up a local network.- Aditya K Sood#Writing WIN32 shellcode with a C-compilerShellcode is hard to write. That is why I worked out the method presented here to generate WIN32 shellcode with a C-compiler. To fully benefit from the content of this article, you should have some experience writing WIN32 programs in C/C++ and WIN32 shellcode, and understand the differences between both approaches.- Didier Stevens#Flash Memory Mobile ForensicThis paper is an introduction to flash memory forensic with a special focus on completeness of evidences acquired from mobile phones. Moving through academic papers and industrial documents will be introduced the particular nature of non-volatile memories present in nowadays mobile phones; how they really work and which challenges they pose to forensic investigators.- Salvatore Fiorillo#Threat Modeling BasicsIn the world of software, security is thrown into a system somewhere at the end of the project. For many developers adding security to a system is using a login with SSL/TLS; but sadly, these two are not the security silver bullet developers are led to believe.- Timothy Kulp#ID fraud expert says...Identity Theft Protection Services – a new industry is born- Julian Evans#InterviewInterview with Victor Julien, lead coder for the Open Information Security FoundationHakin9 :: Magazinehttp://download.hakin9.org/en/hakin9_04_2010_EN.pdf Quote Link to comment Share on other sites More sharing options...
