Hacking the Code (Syngress) covers almost all known security issues related to coding for the web. It explains how certain code can be attacked, shows how to edit the code, and offers case studies and
examples--actual code you can drop right into your applications. The
book establishes policies for object input, shows how to audit existing
code for potential security problems, and offers best practices for
maintaining a session state, handling cookies, getting user input, and
more. You don't want a course on security; you just want to fix your
code. This book will be your guide.
Security
Bibliography -- To help you find
resources to protect your systems and your privacy, here are our recommendations for the best security
books by O'Reilly and other publishers.
Security DevCenter -- O'Reilly Network's one-stop security resource. You'll find security alerts, articles, programming recipes, the day's news headlines, and more.
Book Review: Security Warrior-- In this UnixReview.com book review, Peter H. Salus writes, "Peikari and Chuvakin have written a valuable book that will soon find its way onto the shelf of everyone involved in network and machine security." Learn the mind of your attacker and defend yourself with Security Warrior.
SafariU: Create, Customize, and Share Teaching Material--
Looking for a way to truly customize your course textbook and offer
students exactly the material you choose to teach, while saving them a
good bit of money? Become a SafariU beta tester and check out the new
web-based publishing platform from O'Reilly that allows you to create
custom textbooks and online syllabi. To see SafariU in action, register
to join SafariU's developers for a live webcast.
Java and Security, Part 2-- This book excerpt takes a close look at WebLogic's various security providers and their default implementations. It shows you how to
authenticate using JAAS, and how to create custom Authentication and
Identity Assertion Providers. Get a 360-degree view of the world of WebLogic from WebLogic: The Definitive Guide.
Your O'Reilly Account: New, Single Sign On-- O'Reilly customers and guests now have a single address and one password to access all things O'Reilly, from oreilly.com and Safari Bookshelf to all of the O'Reilly Network sites and DevCenters. When possible, we've consolidated your prior, separate accounts into one new account. Logging into the new system is quick and easy; details on how to do it have been emailed to you, and you can read more about O'Reilly's single sign on in Tony Stubblebine's weblog.
Intrusion Detection Systems-- Unlike firewalls and VPNs, which attempt to prevent attacks, intrusion detection systems (IDS's) provide an additional level of security for your network by notifying you of suspected attacks and arming you with other critical information. Read all about IDS technology in Chapter 19 of Security Warrior. And if you like this chapter, read the
whole book (and up to nine others) on Safari with a free trial
subscription.
Top Ten Tips to Make Attackers' Lives Hell -- Chris McNab breaks down his top ten tips all network administrators should follow to protect their networks from
opportunistic threats, and to make it hard for the more determined attackers to get anywhere. Chris is the
author of the recently released Network Security
Assessment.
The
Journey from Poacher to Gamekeeper-- Chris McNab
has been on both sides of the hacker fence. In this article, Chris
explains how his past led him to trade his black hat for a white one,
and what he hopes to achieve with his new book, Network Security
Assessment.
Protect Yourself Against Kerberos
Attacks-- Kerberos provides strong authentication
methods for client/server applications in distributed environments by
taking advantage of shared secret-key cryptography and multiple
validation technologies. Learn about the components that comprise
Kerberos under Windows Server 2003 in this excerpt from Security
Warrior.
The
Trouble with RFID-- Radio Frequency Identification
(RFID) technology is already widely used to track pharmaceuticals, meat
shipments, and manufactured goods. It has the potential to save businesses
billions of dollars. It also has the potential to enable a police
surveillance state, further erode consumer privacy, and make identity theft
even easier. Writing for The Nation, Simson Garfinkel explains the
problem and a potential code of conduct that might help address it. Simson
is the author of Database
Nation.
Protect
Against Denial-of-Service Attacks-- Perhaps the best
way to defend yourself is to understand your attacker in-depth. In this
O'Reilly book excerpt, the authors investigate two denial-of-service (DoS)
attacks against Windows XP: the first attacks the Server Message Block
protocol used by Windows machines, and the second targets the Universal
Plug and Play service. Learn the many ways your Windows and Unix
systems can be attacked in the recently released Security Warrior.
Safari Gets Bigger and Better-- There are now more than 2,000 books from the industry's leading technical publishers available on Safari Bookshelf. As the library grows, so does its functionality: searches are powerfully precise and as broad or specific as you wish; and now, with a Safari Max subscription, you can download chapters to read offline. Safari will help you save time, reduce errors, keep current, and save more money than ever with up to 35% off print copies of your favorite books. If you haven't
yet gone on Safari, try a free trial subscription.
O'Reilly Partners with No Starch, Paraglyph, and Syngress-- We're pleased to announce a collaboration between like-minded companies: As of January 1, 2004, O'Reilly is the North American distributor for three innovative small presses: No Starch Press, Paraglyph Press, and Syngress Publishing. O'Reilly will handle retail and direct sales, warehousing, and shipping, as well as provide direct marketing and PR support for these publishers with whom our philosophies are aligned. We invite you to give them a close look.
Gates Said Security Is Simple-- In this op-ed, O'Reilly authors Mark G. Graff and
Kenneth R. van Wyk respond to Bill Gates' assertion that firewalls and
up-to-date software are perfectly adequate protections against security
problems, and that perfect code isn't necessary. Mark and Kenneth are the
authors of Secure
Coding: Principles & Practices.
Understanding
Cryptography -- Using cryptography, you can transform messages and
other data so they are unintelligible to anyone who does not possess a
specific mathematical key necessary to unlock the message. Chapter 7 of
Practical Unix & Internet Security, 3rd Edition explains the
basics. Get
a free trial to read this and four other O'Reilly books on Safari.