I'm jealous. No seriously. If Cigital is actually ran as depicted in the book Software Security - Building Security In, I have to give kudos to Gary and the gang for making an impressive environment for software security.
I'm a fan of Gary's writing. If you are a regular reader, you know I loved both his books on Building Secure Software and Exploiting Software. This latest book is, in my mind at least, a balancing act between the two previous books on the topic. Gary calls it the "Ying and Yang". Which makes total sense, since the book cover is of exactly that, a white hat and a black hat (taken from the other two books), positioned in the chinese ying/yang symbol.
Source: EthicalHacker - Posted by Benjamin D. Thomas
It's as certain as death and taxes: hackers will mercilessly attack your Web sites, applications, and services. If you're vulnerable, you’d better discover these attacks yourself, before the black hats do. Now, there's a definitive, hands-on guide to security-testing any Web-based software: How to Break Web Software. Companion CD contains full source code for one testing tool you can modify and extend, free Web security testing tools, and complete code from a flawed Web site designed to give you hands-on practice in identifying security holes. This chapter contains a series of attacks dealing with the concept of state, or the ability to remember information as a user travels from page to page within a site.
Source: ZDNet.co.uk - Posted by Benjamin D. Thomas
Way back in the early 1980s, Robert Schifreen shot to notoriety as one of the hackers who broke into Prince Philip's mailbox on the Prestel service. It was this case that, after the Law Lords ruled that the forgery laws did not cover typing a user name and password into a computer screen, instigated the drafting and passage of the Computer Misuse Act in 1984. Schifreen has spent the intervening years being a respectable computer journalist, and his specialty -- as you might expect -- is security. Defeating the Hacker: A Non-Technical Guide to IT Security is the result of years of writing, research and speaking at conferences on security topics.
I’m a huge fan of IPCop. It’s a great firewall distro that makes administration a snap using a slick web interface. My goal was to use IPCop and an easy-to-use VPN client to allow access to my LAN while away from home. I ended up going with the ZERINA OpenVPN addon for IPCop and the OpenVPN GUI for Windows. If you’ve ever wanted full, secure, encrypted access to your LAN from any remote location, here is your guide.
(SWP) Sun Wah-PearL Linux Training and Development Centre has an ambitious aim to promote the use of Linux and related Open Source Software (OSS) and Standards. The vendor independent positioning of SWP has been very well perceived by the market. Throughout the last couple of years, SWP becomes the top leading OSS training and service provider in Hong Kong. And in fact we are leading the market direction in some ways.
Source: Slashdot.org - Posted by Benjamin D. Thomas
Given the remarkable popularity of PHP for developing dynamic Web sites, as well as the ever-increasing need for security on those same sites, one would think that there would be great demand for — and comparable supply of — books that explain how to create secure sites using PHP. However, such is not the case, and even the most extensive general purpose PHP books may only devote a single chapter to this critical topic, if that much. Essential PHP Security, written by PHP expert Chris Shiflett, aims to fill the gap.
Source: TheRegister.co.uk - Posted by Benjamin D. Thomas
Book review I'm not that keen on the word “hacker� in the modern, pejorative sense (I remember when it meant a good UNIX programmer) and I'm generally not that that impressed by hackers either - mostly they're not particularly clever and just got lucky. So, I came to this book in a not very positive frame of mind; except I do think that the famous Kevin Mitnick was unfairly demonised, and I'm not sure how much actual damage he did in the end. Although unauthorised intrusion into production systems is always bad, what chance is there they were tested for resilience during the sorts of things intruders do, for example.
Source: TaoSecurity - Posted by Benjamin D. Thomas
Today I received a copy of the new Syngress book Penetration Tester's Open Source Toolkit by Johnny Long, Chris Hurley, SensePost, Mark Wolfgang, Mike Petruzzi, et al. This book appears unnecessarily massive; it's probably 1/2 thicker than my first book, but at 704 pages it's nearly 100 pages shorter than Tao. I think Syngress used thicker, "softer" paper, if that makes sense to anyone.
O3 magazine is a free magazine distributed electronically in PDF format. O3 is published on a monthly basis. The focus of O3 is on the use of Free and Open Source (FOSS) software in Enterprise Data Networking environments. Some articles in O3 will introduce open source solutions, while some are designed to demonstrate how to integrate open source solutions with leading Enterprise Data Networking hardware from a wide variety of vendors.
Source: Insecure Magazine - Posted by Benjamin D. Thomas
The fourth issue of (IN)SECURE, a free digital security magazine published in PDF format, has been released.
Welcome to yet another issue of (IN)SECURE. The book contest we held in the previous issue was a great
success and here are the winners: Dominic White, Dr. Gary Hinson, Ronaldo Vasconcellos, Joey Ortiz,
Adrian St. Onge and Frantisek Holop.
To all of you that sent us insightful comments we thank you, (IN)SECURE will grow to be better because of
it. Expect more contests in the future and keep that feedback running, there’s always place for us to improve.
If you’re interested in writing for (IN)SECURE feel free to contact us, we take a look at all submissions
and ideas.
