Bookstore

Suitable for IT professionals managing enterprise security, this book allows readers to assess vulnerabilities, design protection schemes and plan for disaster recovery should an attack occur. It includes topics such as: Botnets, Cross Site Scripting Attacks, Social Engineering, Physical and Logical Convergence and Payment Card Industry (PCI).

InfoSecurity 2008 Threat Analysis

Foreword

Part I: Botnets

Chapter 1 Botnets: A Call to Action

Introduction

The Killer Web App

How Big is the Problem?

The Industry Responds

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 2 Botnets Overview

What is a Botnet?

The Botnet Life Cycle

What Does a Botnet Do?

Botnet Economic

Summary

Solutions Fast Track

Frequently Asked Questions

Part II Cross Site Scripting Attacks

Chapter 3 Cross-site Scripting Fundamentals

Introduction

Web Application Security

XML and AJAX Introduction

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 4 XSS Theory

Introduction

Getting XSS'ed

DOM-based XSS in Detail

Redirection

CSRF

Flash, QuickTime, PDF, Oh My

HTTP Response Injection

Source vs. DHTML Reality

Bypassing XSS Length Limitations

XSS Filter Evasion

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 5 XSS Attack Methods

Introduction

History Stealing

Intranet Hacking

XSS Defacements

Summary

Solutions Fast Track

Frequently Asked Questions

References

Part III Physical and Logical Security Convergence

Chapter 6 Protecting Critical

Infrastructure: Process Control and SCADA

Introduction

Technology Background: Process Control Systems

Why Convergence?

Threats and Challenges

Conclusion

Chapter 7 Final Thought

Introduction

Final Thoughts from William Crower

Final Thoughts from Dan Dunkel

Final Thoughts from Brian Contos

Final Thoughts from Colby DeRodeoff

Part IV PCI Compliance

Chapter 8 Why PCi is Important

Introduction

What is PCI?

Overview of PCI Requirements

Risks and Consequences

Benefits of Compliance

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 9 Protect Cardholder Data

Protecting Cardholder Data

PCI Requirement 3: Protect Stored Cardholder Data

PCI Requirement 4~Encrypt Transmission of Cardholder Data Across Open, Public Networks

Using Compensating Controls

Mapping Out a Strategy

The Absolute Essentials

Summary

Solutions Fast Track

Frequently Asked Questions

Part V Asterisk and VolP Hacking

Chapter 10 Understanding and Taking Advantage of VolP Protocols

Introduction

Your Voice to Data

Making Your Voice Smaller

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 11 Asterisk Hardware Ninjutsu

Introduction

Serial

Motion

Modems

Fun with Dialing

Legalities and Tips

Summary

Solutions Fast Track

Frequently Asked Questions

Part VI Hack the Stack

Chapter 12 Social Engineering

Introduction

Attacking the People Layer

Defending the People Layer

Making the Case for Stronger Security

People Layer Security Project

Summary

Solutions Fast Track

Frequently Asked Questions

Index