HACKING EXPOSED WEB APPLICATIONS, 3rd Edition

HACKING EXPOSED WEB APPLICATIONS, 3rd Edition
Joel Scambray | McGraw-Hill Osborne Media | 2011-10-07 | 482 pages | English | PDF

The latest Web app attacks and countermeasures from world-renowned practitioners

Protect your Web applications from malicious attacks by mastering the weapons and thought processes of today's hacker. Written by recognized security practitioners and thought leaders, Hacking Exposed Web Applications, Third Edition is fully updated to cover new infiltration methods and countermeasures. Find out how to reinforce authentication and authorization, plug holes in Firefox and IE, reinforce against injection attacks, and secure Web 2.0 features. Integrating security into the Web development lifecycle (SDL) and into the broader enterprise information security program is also covered in this comprehensive resource.

• Get full details on the hacker's footprinting, scanning, and profiling tools, including SHODAN, Maltego, and OWASP DirBuster
• See new exploits of popular platforms like Sun Java System Web Server and Oracle WebLogic in operation
• Understand how attackers defeat commonly used Web authentication technologies
• See how real-world session attacks leak sensitive data and how to fortify your applications
• Learn the most devastating methods used in today's hacks, including SQL injection, XSS, XSRF, phishing, and XML injection techniques
• Find and fix vulnerabilities in ASP.NET, PHP, and J2EE execution environments
• Safety deploy XML, social networking, cloud computing, and Web 2.0 services
• Defend against RIA, Ajax, UGC, and browser-based, client-side exploits
• Implement scalable threat modeling, code review, application scanning, fuzzing, and security testing procedures

Download here:

http://www.megaupload.com/?d=7KFS73P0

Share

Recover My Files 4.6.6 Build 830

--> Recover deleted files emptied from the recycle bin or deleted due to a virus infection, the format of a hard drive or software crash. Recover My Files data recovery software will easily recover deleted files emptied from the Windows Recycle Bin, or lost due to the format or corruption of a hard drive, virus or Trojan infection, unexpected system shutdown or software failure. It has full options to search Windows temporary folders and can even locate and recover files that have never been saved! Recover My Files data recovery software requires no special technical skill.

Recover My Files data recovery software will find any type of file, but includes specific support for more than 300 file types in the following broad categories:
? Recover deleted email
? Recover deleted documents
? Recover deleted archives
? Digital Photo recovery
? Recover deleted music and video

Recover My Files is compatible with Windows 98/ME/2000/2003/XP and Vista and works with FAT 12, FAT 16, FAT 32, NTFS and NTFS5 file-systems.

With a deleted file the data content of the file is rarely destroyed. Even if Windows file reference information has been destroyed, Recover My Files scans the data at a low level to locate "Lost Files" by their internal file structure. This allows Recover My Files to recover deleted files that other data recovery software can never know exist.

Professional data recovery software for:
? Deleted Files;
? Lost Files;
? Formatted Disks;
? RAW Disks;
? Missing Drive Letters;
? Windows Reinstalls.

Safe, secure and reliable. Designed specifically to allow home and business users to quickly and simply recover data. Simple to use, with a full file preview window for recovered files.

Recover My Files is the perfect recovery tool for:
? Hard drives
? USB drives
? External storage units
? Digital camera storage media
? CDs and DVDs

Recover My Files V4 supports recovery from a wide range of Filesystems:
? FAT16 - an early version of the FAT Filesystem, now rarely used
? FAT32 - common for external storage media and digital camera equipment
? exFAT - (Extended File Allocation Table), a proprietary file system suited especially for flash drives
? GPT - GUID Partition Table, a standard for the layout of the partition table on a physical hard disk
? NTFS - Standard files system for Windows Vista, Windows 7
? CDFS - CD/DVD file systems (Coming Soon)
? MAC - HFS (Coming Soon)
? EXT2 - Linux (Coming Soon)
? RAID - RAID JBOD, 0, 1, 5, hardware and software

Download here:

http://www.megaupload.com/?d=ERIHNP8F
OR
http://www.mediafire.com/?nvtvb6isily21vy
OR
http://uploading.com/files/ce96mf5d/GD.RecoverMyFiles.4.6.6.830.rar/

OR
http://www.filesonic.vn/file/53069025/GD.RecoverMyFiles.4.6.6.830.rar

Share

K-Lite Codec Pack 7.10

The K-Lite Codec Pack is a collection of DirectShow filters, VFW/ACM codecs, and tools. Codecs and DirectShow filters are needed for encoding and decoding audio and video formats. The K-Lite Codec Pack is designed as a user-friendly solution for playing all your audio and movie files.

With the K-Lite Codec Pack you should be able to play all the popular audio and video formats and even several less common formats.

The K-Lite Codec Pack has a couple of major advantages compared to other codec packs:

• It is updated frequently. So it is always up-to-date with the newest and/or best components.
• All components have been carefully selected for specific purposes. It is not just a random bunch of stuff thrown together.
• It is very user-friendly and easy to use.
• The installation is fully customizable, meaning that you are able to install just those components that you really want.
• The customization abilities even go beyond the component level. Some components are able to handle multiple formats. You can specify exactly which components should handle which formats. The pack can thus be fully tweaked to your own specific needs and preferences.
• Uninstallation removes everything that was installed by the pack. Including all registry keys.
• It is extremely easy to make a fully customized unattended installation with the integrated wizard.
• It does not contain any bad, buggy or unstable codecs.

Title:	K-Lite Codec Pack 7.10 (Full)
Filename:	K-Lite_Codec_Pack_710_Full.exe
File size:	14.08MB (14,759,021 bytes)
Requirements:	Windows 2000 / XP / 2003 / Vista / Windows7 / XP64 / Vista64 / Windows7 64
Languages:	en-US
License:	Freeware
Date added:	April 6, 2011

Download here:

http://www.megaupload.com/?d=6PGU7PVR

Share

Google Hacking for Penetration Testers, Volume 2

Product Description

Google, the most popular search engine worldwide, provides web surfers with an easy-to-use guide to the Internet, with web and image searches, language translation, and a range of features that make web navigation simple enough for even the novice user. What many users don't realize is that the deceptively simple components that make Google so easy to use are the same features that generously unlock security flaws for the malicious hacker. Vulnerabilities in website security can be discovered through Google hacking, techniques applied to the search engine by computer criminals, identity thieves, and even terrorists to uncover secure information. This book beats Google hackers to the punch, equipping web administrators with penetration testing applications to ensure their site is invulnerable to a hacker's search. 




Penetration Testing with Google Hacks explores the explosive growth of a technique known as "Google Hacking." When the modern security landscape includes such heady topics as "blind SQL injection" and "integer overflows," it's refreshing to see such a deceptively simple tool bent to achieve such amazing results; this is hacking in the purest sense of the word. Readers will learn how to torque Google to detect SQL injection points and login portals, execute port scans and CGI scans, fingerprint web servers, locate incredible information caches such as firewall and IDS logs, password databases, SQL dumps and much more - all without sending a single packet to the target! Borrowing the techniques pioneered by malicious "Google hackers," this talk aims to show security practitioners how to properly protect clients from this often overlooked and dangerous form of information leakage.



*First book about Google targeting IT professionals and security leaks through web browsing.



*Author Johnny Long, the authority on Google hacking, will be speaking about "Google Hacking" at the Black

Hat 2004 Briefing. His presentation on penetrating security flaws with Google is expected to create a lot of buzz and exposure for the topic.



*Johnny Long's Web site hosts the largest repository of Google security exposures and is the most popular destination for security professionals who want to learn about the dark side of Google.

About the Author

Johnny Long is a Christian by grace, a professional hacker by trade, a pirate by blood, a ninja in training, a security researcher and author. He can be found lurking at his website (http://johnny.ihackstuff.com). He is the founder of Hackers For Charity(http://ihackcharities.org), an organization that provides hackers with job experience while leveraging their skills for charities that need those skills.

Download here:

http://www.megaupload.com/?d=9LAW63AX

Share

Web Security, Privacy and Commerce, 2nd Edition

Product Description

Since the first edition of this classic reference was published, World Wide Web use has exploded and e-commerce has become a daily part of business and personal life. As Web use has grown, so have the threats to our security and privacy--from credit card fraud to routine invasions of privacy by marketers to web site defacements to attacks that shut down popular web sites.
Web Security, Privacy & Commerce goes behind the headlines, examines the major security risks facing us today, and explains how we can minimize them. It describes risks for Windows and Unix, Microsoft Internet Explorer and Netscape Navigator, and a wide range of current programs and products. In vast detail, the book covers:

• Web technology--The technological underpinnings of the modern Internet and the cryptographic foundations of e-commerce are discussed, along with SSL (the Secure Sockets Layer), the significance of the PKI (Public Key Infrastructure), and digital identification, including passwords, digital signatures, and biometrics.
• Web privacy and security for users--Learn the real risks to user privacy, including cookies, log files, identity theft, spam, web logs, and web bugs, and the most common risk, users' own willingness to provide e-commerce sites with personal information. Hostile mobile code in plug-ins, ActiveX controls, Java applets, and JavaScript, Flash, and Shockwave programs are also covered.
• Web server security--Administrators and service providers discover how to secure their systems and web services. Topics include CGI, PHP, SSL certificates, law enforcement issues, and more.
• Web content security--Zero in on web publishing issues for content providers, including intellectual property, copyright and trademark issues, P3P and privacy policies, digital payments, client-side digital signatures, code signing, pornography filtering and PICS, and other controls on web content.

Nearly double the size of the first edition, this completely updated volume is destined to be the definitive reference on Web security risks and the techniques and technologies you can use to protect your privacy, your organization, your system, and your network.

About the Author

Simson Garfinkel, CISSP, is a journalist, entrepreneur, and international authority on computer security. Garfinkel is chief technology officer at Sandstorm Enterprises, a Boston-based firm that develops state-of-the-art computer security tools. Garfinkel is also a columnist for Technology Review Magazine and has written for more than 50 publications, including Computerworld, Forbes, and The New York Times. He is also the author of Database Nation; Web Security, Privacy, and Commerce; PGP: Pretty Good Privacy; and seven other books. Garfinkel earned a master's degree in journalism at Columbia University in 1988 and holds three undergraduate degrees from MIT. He is currently working on his doctorate at MIT's Laboratory for Computer Science.


Gene Spafford, Ph.D., CISSP, is an internationally renowned scientist and educator who has been working in information security, policy, cybercrime, and software engineering for nearly two decades. He is a professor at Purdue University and is the director of CERIAS, the world's premier multidisciplinary academic center for information security and assurance. Professor Spafford and his students have pioneered a number of technologies and concepts well-known in security today, including the COPS and Tripwire tools, two-stage firewalls, and vulnerability databases. Spaf, as he is widely known, has achieved numerous professional honors recognizing his teaching, his research, and his professional service. These include being named a fellow of the AAAS, the ACM, and the IEEE; receiving the National Computer Systems Security Award; receiving the William Hugh Murray Medal of the NCISSE; election to the ISSA Hall of Fame; and receiving the Charles Murphy Award at Purdue. He was named a CISSP, honoris causa in 2000. In addition to over 100 technical reports and articles on his research, Spaf is also the coauthor of Web Security, Privacy, and Commerce, and was the consulting editor for Computer Crime: A Crimefighters Handbook (both from O'Reilly).

Download here:

http://www.megaupload.com/?d=E9VB92QL

Share