InfoSecurity 2008 Threat Analysis

InfoSecurity 2008 Threat Analysis

by Craig Schiller, Seth Fogie, Colby DeRodeff, Michael Gregg, Paul Schooping
Released April 2011
Publisher(s): Syngress
ISBN: 9780080558691

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

An all-star cast of authors analyze the top IT security threats for 2008 as selected by the editors and readers of Infosecurity Magazine. This book, compiled from the Syngress Security Library, is an essential reference for any IT professional managing enterprise security. It serves as an early warning system, allowing readers to assess vulnerabilities, design protection schemes and plan for disaster recovery should an attack occur. Topics include Botnets, Cross Site Scripting Attacks, Social Engineering, Physical and Logical Convergence, Payment Card Industry (PCI) Data Security Standards (DSS), Voice over IP (VoIP), and Asterisk Hacking.

Each threat is fully defined, likely vulnerabilities are identified, and detection and prevention strategies are considered. Wherever possible, real-world examples are used to illustrate the threats and tools for specific solutions.

* Provides IT Security Professionals with a first look at likely new threats to their enterprise
* Includes real-world examples of system intrusions and compromised data
* Provides techniques and strategies to detect, prevent, and recover
* Includes coverage of PCI, VoIP, XSS, Asterisk, Social Engineering, Botnets, and Convergence

Table of contents

  1. Front Cover
  2. Infosecurity 2008 Threat Analysis
  3. Copyright Page (1/2)
  4. Copyright Page (2/2)
  5. Contents (1/2)
  6. Contents (2/2)
  7. Foreword
  8. Part I: Botnets
    1. Chapter 1. Botnets: A Call to Action
      1. Introduction
      2. The Killer Web App
      3. How Big Is the Problem? (1/3)
      4. How Big Is the Problem? (2/3)
      5. How Big Is the Problem? (3/3)
      6. The Industry Responds
      7. Summary
      8. Solutions Fast Track
      9. Frequently Asked Questions
    2. Chapter 2. Botnets Overview
      1. What Is a Botnet?
      2. The Botnet Life Cycle
      3. What Does a Botnet Do? (1/4)
      4. What Does a Botnet Do? (2/4)
      5. What Does a Botnet Do? (3/4)
      6. What Does a Botnet Do? (4/4)
      7. Botnet Economics (1/2)
      8. Botnet Economics (2/2)
      9. Summary
      10. Solutions Fast Track
      11. Frequently Asked Questions
  9. Part II: Cross Site Scripting Attacks
    1. Chapter 3. Cross-site Scripting Fundamentals
      1. Introduction
      2. Web Application Security
      3. XML and AJAX Introduction
      4. Summary
      5. Solutions Fast Track
      6. Frequently Asked Questions
    2. Chapter 4. XSS Theory
      1. Introduction
      2. Getting XSS'ed
      3. DOM-based XSS in Detail (1/3)
      4. DOM-based XSS in Detail (2/3)
      5. DOM-based XSS in Detail (3/3)
      6. Redirection (1/2)
      7. Redirection (2/2)
      8. CSRF
      9. Flash, QuickTime, PDF, Oh My (1/6)
      10. Flash, QuickTime, PDF, Oh My (2/6)
      11. Flash, QuickTime, PDF, Oh My (3/6)
      12. Flash, QuickTime, PDF, Oh My (4/6)
      13. Flash, QuickTime, PDF, Oh My (5/6)
      14. Flash, QuickTime, PDF, Oh My (6/6)
      15. HTTP Response Injection
      16. Source vs. DHTML Reality (1/2)
      17. Source vs. DHTML Reality (2/2)
      18. Bypassing XSS Length Limitations
      19. XSS Filter Evasion (1/6)
      20. XSS Filter Evasion (2/6)
      21. XSS Filter Evasion (3/6)
      22. XSS Filter Evasion (4/6)
      23. XSS Filter Evasion (5/6)
      24. XSS Filter Evasion (6/6)
      25. Summary
      26. Solutions Fast Track
      27. Frequently Asked Questions
    3. Chapter 5. XSS Attack Methods
      1. Introduction
      2. History Stealing
      3. Intranet Hacking (1/3)
      4. Intranet Hacking (2/3)
      5. Intranet Hacking (3/3)
      6. XSS Defacements
      7. Summary
      8. Solutions Fast Track
      9. Frequently Asked Questions
      10. References
  10. Part III: Physical and Logical Security Convergence
    1. Chapter 6. Protecting Critical Infrastructure: Process Control and SCADA
      1. Introduction
      2. Technology Background: Process Control Systems (1/3)
      3. Technology Background: Process Control Systems (2/3)
      4. Technology Background: Process Control Systems (3/3)
      5. Why Convergence?
      6. Threats and Challenges (1/5)
      7. Threats and Challenges (2/5)
      8. Threats and Challenges (3/5)
      9. Threats and Challenges (4/5)
      10. Threats and Challenges (5/5)
      11. Conclusion
    2. Chapter 7. Final Thoughts
      1. Introduction
      2. Final Thoughts from William Crower
      3. Final Thoughts from Dan Dunkel
      4. Final Thoughts from Brian Contos
      5. Final Thoughts from Colby DeRodeoff
  11. Part IV: PCI Compliance
    1. Chapter 8. Why PCI Is Important
      1. Introduction
      2. What is PCI?
      3. Overview of PCI Requirements
      4. Risks and Consequences
      5. Benefits of Compliance
      6. Summary
      7. Solutions Fast Track
      8. Frequently Asked Questions
    2. Chapter 9. Protect Cardholder Data
      1. Protecting Cardholder Data
      2. PCI Requirement 3: Protect Stored Cardholder Data (1/2)
      3. PCI Requirement 3: Protect Stored Cardholder Data (2/2)
      4. PCI Requirement 4—Encrypt Transmission of Cardholder Data Across Open, Public Networks
      5. Using Compensating Controls
      6. Mapping Out a Strategy
      7. The Absolute Essentials
      8. Summary
      9. Solutions Fast Track
      10. Frequently Asked Questions
  12. Part V: Asterisk and VoIP Hacking
    1. Chapter 10. Understanding and Taking Advantage of VoIP Protocols
      1. Introduction
      2. Your Voice to Data
      3. Making Your Voice Smaller (1/5)
      4. Making Your Voice Smaller (2/5)
      5. Making Your Voice Smaller (3/5)
      6. Making Your Voice Smaller (4/5)
      7. Making Your Voice Smaller (5/5)
      8. Summary
      9. Solutions Fast Track
      10. Frequently Asked Questions
    2. Chapter 11. Asterisk Hardware Ninjutsu
      1. Introduction
      2. Serial
      3. Motion (1/2)
      4. Motion (2/2)
      5. Modems
      6. Fun with Dialing (1/3)
      7. Fun with Dialing (2/3)
      8. Fun with Dialing (3/3)
      9. Legalities and Tips
      10. Summary
      11. Solutions Fast Track
      12. Frequently Asked Questions
  13. Part VI: Hack the Stack
    1. Chapter 12. Social Engineering
      1. Introduction
      2. Attacking the People Layer
      3. Defending the People Layer (1/3)
      4. Defending the People Layer (2/3)
      5. Defending the People Layer (3/3)
      6. Making the Case for Stronger Security (1/2)
      7. Making the Case for Stronger Security (2/2)
      8. People Layer Security Project
      9. Summary
      10. Solutions Fast Track
      11. Frequently Asked Questions
  14. Index (1/6)
  15. Index (2/6)
  16. Index (3/6)
  17. Index (4/6)
  18. Index (5/6)
  19. Index (6/6)

Product information

  • Title: InfoSecurity 2008 Threat Analysis
  • Author(s): Craig Schiller, Seth Fogie, Colby DeRodeff, Michael Gregg, Paul Schooping
  • Release date: April 2011
  • Publisher(s): Syngress
  • ISBN: 9780080558691