BN.com Gift Guide

Hacking: The Next Generation

Overview

With the advent of rich Internet applications, the explosion of social media, and the increased use of powerful cloud computing infrastructures, a new generation of attackers has added cunning new techniques to its arsenal. For anyone involved in defending an application or a network of systems, Hacking: The Next Generation is one of the few books to identify a variety of emerging attack vectors.

You'll not only find valuable information on new hacks that attempt to exploit ...

See more details below
Paperback
$29.59
BN.com price
(Save 26%)$39.99 List Price

Pick Up In Store

Reserve and pick up in 60 minutes at your local store

Other sellers (Paperback)
  • All (27) from $1.99   
  • New (12) from $20.33   
  • Used (15) from $1.99   
Hacking: The Next Generation: The Next Generation

Available on NOOK devices and apps  
  • NOOK Devices
  • Samsung Galaxy Tab 4 NOOK 7.0
  • Samsung Galaxy Tab 4 NOOK 10.1
  • NOOK HD Tablet
  • NOOK HD+ Tablet
  • NOOK eReaders
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK for Web

Want a NOOK? Explore Now

NOOK Book (eBook)
$17.99
BN.com price
(Save 43%)$31.99 List Price

Overview

With the advent of rich Internet applications, the explosion of social media, and the increased use of powerful cloud computing infrastructures, a new generation of attackers has added cunning new techniques to its arsenal. For anyone involved in defending an application or a network of systems, Hacking: The Next Generation is one of the few books to identify a variety of emerging attack vectors.

You'll not only find valuable information on new hacks that attempt to exploit technical flaws, you'll also learn how attackers take advantage of individuals via social networking sites, and abuse vulnerabilities in wireless technologies and cloud infrastructures. Written by seasoned Internet security professionals, this book helps you understand the motives and psychology of hackers behind these attacks, enabling you to better prepare and defend against them.

  • Learn how "inside out" techniques can poke holes into protected networks
  • Understand the new wave of "blended threats" that take advantage of multiple application vulnerabilities to steal corporate data
  • Recognize weaknesses in today's powerful cloud infrastructures and how they can be exploited
  • Prevent attacks against the mobile workforce and their devices containing valuable data
  • Be aware of attacks via social networking sites to obtain confidential information from executives and their assistants
  • Get case studies that show how several layers of vulnerabilities can be used to compromise multinational corporations


Read More Show Less

Product Details

  • ISBN-13: 9780596154578
  • Publisher: O'Reilly Media, Incorporated
  • Publication date: 9/28/2009
  • Series: Animal Guide Series
  • Edition number: 1
  • Pages: 279
  • Sales rank: 935,537
  • Product dimensions: 6.90 (w) x 9.10 (h) x 0.80 (d)

Meet the Author

Nitesh Dhanjani is a well known security researcher, author, and speaker. Dhanjani is currently Senior Manager at a large consulting firm where he advises some of the largest corporations around the world on how to establish enterprise wide information security programs and solutions. Dhanjani is also responsible for evangelizing brand new technology service lines around emerging technologies and trends such as cloud computing and virtualization.

Prior to his current job, Dhanjani was Senior Director of Application Security and Assessments at a major credit bureau where he spearheaded brand new security efforts into enhancing the enterprise SDLC, created a process for performing source code security reviews & Threat Modeling, and managed the Attack & Penetration team.

Dhanjani is the author of "Network Security Tools: Writing, Hacking, and Modifying Security Tools" (O'Reilly) and "HackNotes: Linux and Unix Security" (Osborne McGraw-Hill). He is also a contributing author to "Hacking Exposed 4" (Osborne McGraw-Hill) and "HackNotes: Network Security". Dhanjani has been invited to talk at various information security events such as the Black Hat Briefings, RSA, Hack in the Box, Microsoft Blue Hat, and OSCON.

Dhanjani graduated from Purdue University with both a Bachelors and Masters degree in Computer Science.

Dhanjani's personal blog is located at dhanjani.com.

Billy Rios is currently a Security Engineer for Microsoft where he studies emerging risks and cutting edge security attacks and defenses. Before his current role as a Security Engineer, Billy was a Senior Security Consultant for various consulting firms including VeriSign and Ernst and Young. As a consultant, Billy performed network, application, and wireless vulnerability assessments as well as tiger team/full impact risk assessments against numerous clients in the Fortune 500.
Before his life as a consultant, Billy helped defend US Department of Defense networks as an Intrusion Detection Analyst for the Defense Information Systems Agency (DISA) and was an active duty Officer in the US Marine Corps (deployed in support of OIF in 2003). Billy s thought leadership includes speaking engagements at numerous security conferences including: Blackhat Briefings, RSA, Microsoft Bluehat, DEFCON, PacSec, HITB, the Annual Symposium on Information Assurance (ASIA), as well as several other security related conferences. Billy holds a Master of Science degree in Information Systems, a Master of Business Administration degree, and an undergraduate degree in Business Administration

Brett Hardin is a Security Research Lead with McAfee. At McAfee, Brett bridges security and business perspectives to aid upper management in understanding security issues. Before joining McAfee, Brett was a penetration tester for Ernst and Young's Advanced Security Center assessing web application and intranet security for Fortune 500 companies.
In addition, Brett also is the author of misc-security.com. A blog dedicated to focusing on security topics from a high-level or business-level perspective.

Brett holds a bachelor of science in Computer Science from California State University at Chico.

Read More Show Less

Table of Contents

Preface;
Audience;
Assumptions This Book Makes;
Contents of This Book;
Conventions Used in This Book;
Using Code Examples;
We’d Like to Hear from You;
Safari® Books Online;
Acknowledgments;
Chapter 1: Intelligence Gathering: Peering Through the Windows to Your Organization;
1.1 Physical Security Engineering;
1.2 Google Earth;
1.3 Social Engineering Call Centers;
1.4 Search Engine Hacking;
1.5 Leveraging Social Networks;
1.6 Tracking Employees;
1.7 What Information Is Important?;
1.8 Summary;
Chapter 2: Inside-Out Attacks: The Attacker Is the Insider;
2.1 Man on the Inside;
2.2 Cross-Site Scripting (XSS);
2.3 Cross-Site Request Forgery (CSRF);
2.4 Content Ownership;
2.5 Advanced Content Ownership Using GIFARs;
2.6 Stealing Files from the Filesystem;
2.7 Summary;
Chapter 3: The Way It Works: There Is No Patch;
3.1 Exploiting Telnet and FTP;
3.2 Abusing SMTP;
3.3 Abusing ARP;
3.4 Summary;
Chapter 4: Blended Threats: When Applications Exploit Each Other;
4.1 Application Protocol Handlers;
4.2 Blended Attacks;
4.3 Finding Blended Threats;
4.4 Summary;
Chapter 5: Cloud Insecurity: Sharing the Cloud with Your Enemy;
5.1 What Changes in the Cloud;
5.2 Attacks Against the Cloud;
5.3 Summary;
Chapter 6: Abusing Mobile Devices: Targeting Your Mobile Workforce;
6.1 Targeting Your Mobile Workforce;
6.2 Summary;
Chapter 7: Infiltrating the Phishing Underground: Learning from Online Criminals?;
7.1 The Fresh Phish Is in the Tank;
7.2 Examining the Phishers;
7.3 The Loot;
7.4 Infiltrating the Underground;
7.5 Summary;
Chapter 8: Influencing Your Victims: Do What We Tell You, Please;
8.1 The Calendar Is a Gold Mine;
8.2 Social Identities;
8.3 Hacking the Psyche;
8.4 Summary;
Chapter 9: Hacking Executives: Can Your CEO Spot a Targeted Attack?;
9.1 Fully Targeted Attacks Versus Opportunistic Attacks;
9.2 Motives;
9.3 Information Gathering;
9.4 Attack Scenarios;
9.5 Summary;
Chapter 10: Case Studies: Different Perspectives;
10.1 The Disgruntled Employee;
10.2 The Silver Bullet;
10.3 Summary;
Chapter 2 Source Code Samples;
Datamine.js;
Pingback.js;
External-datamine.js;
XHRIEsniperscope();
Codecrossdomain.java;
HiddenClass.java;
Cache_Snoop.pl;
Colophon;

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 4 Customer Reviews
  • Posted October 26, 2009

    Everything you would expect from the title

    This was a very well written book. The authors did a great job of mixing technical and non-technical attack vectors. I felt the flow of the book was very well done, keeping the reader engaged the entire time. The authors gave enough information on each topic to get you started, but did not inundate you with the minute details that can get overwhelming. In many chapters of the book the authors use scenarios to relate the reader to a topic. This method helped me grasp a few of the concepts that may have otherwise taken a second or third read.

    In most of the sections that described technical attack vectors the authors gave links to tools that would help the reader perform that specific attack. Not only is this a great way to help the reader increase their tool set, it allows the reader to put into practice what was just read.

    Chapter 2: Inside-Out-Attacks is an example of how every technical topic should be taught. The authors used scenario based writing mixed with technical details that really help the reader grasp the concept. Again, these are not littered with enough technical detail to understand in-depth how these attacks work, but they will give you a general understanding of each topic.

    Chapter 7: Infiltrating the Phishing Underground was my favorite in the book. The author did a great job of relating how the underground works, how you get in contact with people, and how the act of phishing transpires. I was amazed to read how templates are shared, how they are put in place, and how the phishing crowd feel about each other.

    Chapter 5: Sharing the Cloud with Your Enemy was not really what I expected. I was hoping to hear of some new attack vectors, but didn't seem to get that. It was a great reminder of the risks to companies that use shared resources, and allow other administrators to control those resources, but this all seemed like common knowledge.

    Overall this book was great. The content seemed very fresh, and where it was overlap from previous readings the authors seemed to put a new spin on old ideas. If you are looking for a book that will teach you step by step how to hack a website, or steal some credit cards, this book is not for you. This book is a great overview of multiple attack vectors, giving broad overviews of each one.

    Wayne Gipson, CISSP, CISA

    2 out of 2 people found this review helpful.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted January 31, 2010

    No text was provided for this review.

  • Anonymous

    Posted April 26, 2011

    No text was provided for this review.

  • Anonymous

    Posted March 5, 2010

    No text was provided for this review.

Sort by: Showing all of 4 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)