Suchen und Finden
Service
InfoSecurity 2008 Threat Analysis
Craig Schiller, Seth Fogie, Colby DeRodeff
Verlag Elsevier Reference Monographs, 2007
ISBN 9780080558691 , 480 Seiten
Format PDF
Kopierschutz DRM
Geräte
Front Cover
1
Infosecurity 2008 Threat Analysis
4
Copyright Page
5
Contents
14
Foreword
24
Part I: Botnets
26
Chapter 1. Botnets: A Call to Action
28
Introduction
29
The Killer Web App
30
How Big Is the Problem?
31
The Industry Responds
45
Summary
47
Solutions Fast Track
48
Frequently Asked Questions
49
Chapter 2. Botnets Overview
50
What Is a Botnet?
51
The Botnet Life Cycle
51
What Does a Botnet Do?
61
Botnet Economics
79
Summary
85
Solutions Fast Track
85
Frequently Asked Questions
88
Part II: Cross Site Scripting Attacks
90
Chapter 3. Cross-site Scripting Fundamentals
92
Introduction
93
Web Application Security
95
XML and AJAX Introduction
97
Summary
102
Solutions Fast Track
102
Frequently Asked Questions
103
Chapter 4. XSS Theory
106
Introduction
107
Getting XSS'ed
107
DOM-based XSS in Detail
114
Redirection
125
CSRF
132
Flash, QuickTime, PDF, Oh My
136
HTTP Response Injection
162
Source vs. DHTML Reality
164
Bypassing XSS Length Limitations
170
XSS Filter Evasion
172
Summary
198
Solutions Fast Track
198
Frequently Asked Questions
201
Chapter 5. XSS Attack Methods
202
Introduction
203
History Stealing
203
Intranet Hacking
212
XSS Defacements
223
Summary
227
Solutions Fast Track
227
Frequently Asked Questions
228
References
229
Part III: Physical and Logical Security Convergence
230
Chapter 6. Protecting Critical Infrastructure: Process Control and SCADA
232
Introduction
233
Technology Background: Process Control Systems
234
Why Convergence?
248
Threats and Challenges
252
Conclusion
276
Chapter 7. Final Thoughts
278
Introduction
279
Final Thoughts from William Crower
279
Final Thoughts from Dan Dunkel
280
Final Thoughts from Brian Contos
281
Final Thoughts from Colby DeRodeoff
282
Part IV: PCI Compliance
284
Chapter 8. Why PCI Is Important
286
Introduction
287
What is PCI?
287
Overview of PCI Requirements
297
Risks and Consequences
299
Benefits of Compliance
301
Summary
302
Solutions Fast Track
302
Frequently Asked Questions
303
Chapter 9. Protect Cardholder Data
304
Protecting Cardholder Data
305
PCI Requirement 3: Protect Stored Cardholder Data
306
PCI Requirement 4—Encrypt Transmission of Cardholder Data Across Open, Public Networks
313
Using Compensating Controls
316
Mapping Out a Strategy
320
The Absolute Essentials
322
Summary
324
Solutions Fast Track
324
Frequently Asked Questions
326
Part V: Asterisk and VoIP Hacking
328
Chapter 10. Understanding and Taking Advantage of VoIP Protocols
330
Introduction
331
Your Voice to Data
331
Making Your Voice Smaller
332
Summary
357
Solutions Fast Track
357
Frequently Asked Questions
359
Chapter 11. Asterisk Hardware Ninjutsu
360
Introduction
361
Serial
361
Motion
373
Modems
379
Fun with Dialing
381
Legalities and Tips
395
Summary
397
Solutions Fast Track
397
Frequently Asked Questions
399
Part VI: Hack the Stack
400
Chapter 12. Social Engineering
402
Introduction
403
Attacking the People Layer
403
Defending the People Layer
426
Making the Case for Stronger Security
441
People Layer Security Project
447
Summary
449
Solutions Fast Track
449
Frequently Asked Questions
450
Index
452
Service
Shop