Postati aici linkuri catre carti/reviste securitate IT

[begood]

Cu mentiunea : doar carti sau reviste noi, publicate din 2009 in colo.

Daca gasiti gasiti carti noi si ati postat deja, dar postul e vechi de cel mult 2 saptamani, atunci EDITATI pentru a evita postul dublu, in caz contrar aveti voie la post dublu pentru a invia topicul.

*aceasta regula se aplica doar la acest thread.

Cum as recomanda sa postati :

Imagine coperta, ISBN-10 sau ISBN-13.

Exemplu :

Attack Simulation and Threat Modeling

PREFACE
“The purpose of computing is insight not numbers”
I wrote this book as a direct consequence of Security Analysis and Data Visualization1. A lot of
ground rules were laid there - we simply follow up here. Attack Simulation and Threat
Modeling explores the abundant resources available in advanced security data collection,
processing and mining. It is often the case that the essential value inherent in any data
collection method is only as good as the processing and mining technique used. Therefore,
this book attempts to give insight into a number of alternative security and attack analysis
methods that leverage techniques adopted from such subject areas as statistics, AI, data
mining, graphics design, pattern recognition and to some extent psychology and economics.
As security design and implementation become major components of the overall enterprise
architecture and data collection tools improve and evolve, the ability to collect data will no
doubt increase dramatically. This then brings us to the value of the data which is often only
as useful as what the analysis can shape it into. Whilst the security process itself is key, the
collection, processing and mining techniques used to analyze the data are even more
important.
As much as information security is a unique and evolving field with particular needs,
analysis techniques typically span the boundaries of different disciplines. Analysts that limit
themselves to the boundaries imposed by one field may unnecessarily miss out all the
possibilities that may exist in the multitude of disciplines that exists outside of it. This is by
no means different with information security: by aligning it with different disciplines, we
expand the possibilities exponentially. This book examines various tools and techniques from
these other disciplines in extracting valuable findings to support security research and
decision making.
The objective of Attack Simulation and Threat Modeling is essentially to serve as an eye
opener for security analysts and practitioners that there are many more techniques, tools and
options beyond the security research field that can be used and are fit-for-purpose.
Hopefully, this will lay the foundation for a cross-discipline concerted and collaborative
effort that will help identify more techniques for security research and modeling.
1http://inverse.com.ng/sadv/Security_Analysis_and_Data_Visualization.pdf
iii
On a final note, this book is also heavy on the use of free and open source tools (both on
Microsoft Windows and Linux platforms). Part of the rationale for this is to bring the analyst
up to speed with the concepts and techniques of computer (security) simulation and
modeling without having a recourse to proprietary tools and applications. I think in my
humble estimation, it bridges the knowledge gap quicker whilst bringing the core subject
matter to the fore.

http://inverse.com.ng/book2/Attack_Simulation_and_Threat_Modeling.pdf

//nu are ISBN.

[sonyx]

Security Analysis and Data Visualization

As security professionals will no doubt allude to, trying to make sense of tons of security data from different tools and applications can be a bit challenging. I have faced it too and this led to my writing this book.

Security Analysis and Data Visualization is an attempt to help give some meaning to this seemingly multifaceted Gordian knot. End to end security assessment is explored as it follows the Capture -> Process -> Visualize -> Govern model. It is highly practical oriented with 38 case studies and a number of graphical illustrations.

Link : http://inverse.com.ng/sadv/Security_Analysis_and_Data_Visualization.pdf

Fara ISBN

[begood]

(IN)SECURE MAGAZINE issue 25 (APRIL 2010)

* The changing face of penetration testing: Evolve or die!

* Review: SmartSwipe

* Unusual SQL injection vulnerabilities and how to exploit them

* Take note of new data notification rules

* RSA Conference 2010 coverage

* Corporate monitoring: Addressing security, privacy, and temptation in the workplace

* Cloud computing and recovery, not just backup

* EJBCA: Make your own certificate authority

* Advanced attack detection using OSSIM

* AND MORE!

http://www.net-security.org/dl/insecure/INSECURE-Mag-25.pdf

//fara isbn

[begood]

Hakin9 magazine

#

Firewalls for Beginners

Firewalls are often overlooked, but are actually one of the best deterrents against unauthorized accesses. Learn how to build a low-cost firewall with iptables. Whenever people ask me how they can be sure no one can have unauthorized remote access to their PC, my first answer is: disconnect your PC!

- Antonio Fanelli

#

Pwning Embedded ADSL Routers

This paper sheds light on the hierarchical approach of pen testing and finding security related issues in the small embedded devices that are used for local area networks. The paper is restricted to not only testing but also discusses the kinds of software and firmware used and incessant vulnerabilities that should be scrutinized while setting up a local network.

- Aditya K Sood

#

Writing WIN32 shellcode with a C-compiler

Shellcode is hard to write. That is why I worked out the method presented here to generate WIN32 shellcode with a C-compiler. To fully benefit from the content of this article, you should have some experience writing WIN32 programs in C/C++ and WIN32 shellcode, and understand the differences between both approaches.

- Didier Stevens

#

Flash Memory Mobile Forensic

This paper is an introduction to flash memory forensic with a special focus on completeness of evidences acquired from mobile phones. Moving through academic papers and industrial documents will be introduced the particular nature of non-volatile memories present in nowadays mobile phones; how they really work and which challenges they pose to forensic investigators.

- Salvatore Fiorillo

#

Threat Modeling Basics

In the world of software, security is thrown into a system somewhere at the end of the project. For many developers adding security to a system is using a login with SSL/TLS; but sadly, these two are not the security silver bullet developers are led to believe.

- Timothy Kulp

#

ID fraud expert says...

Identity Theft Protection Services – a new industry is born

- Julian Evans

#

Interview

Interview with Victor Julien, lead coder for the Open Information Security Foundation

Hakin9 :: Magazine

http://download.hakin9.org/en/hakin9_04_2010_EN.pdf