Hacking the Code (Syngress) covers almost all known security issues related to coding for the web. It explains how certain code can be attacked, shows how to edit the code, and offers case studies and examples--actual code you can drop right into your applications. The book establishes policies for object input, shows how to audit existing code for potential security problems, and offers best practices for maintaining a session state, handling cookies, getting user input, and more. You don't want a course on security; you just want to fix your code. This book will be your guide.

Book Review: Security Warrior -- In this UnixReview.com book review, Peter H. Salus writes, "Peikari and Chuvakin have written a valuable book that will soon find its way onto the shelf of everyone involved in network and machine security." Learn the mind of your attacker and defend yourself with Security Warrior.

SafariU: Create, Customize, and Share Teaching Material -- Looking for a way to truly customize your course textbook and offer students exactly the material you choose to teach, while saving them a good bit of money? Become a SafariU beta tester and check out the new web-based publishing platform from O'Reilly that allows you to create custom textbooks and online syllabi. To see SafariU in action, register to join SafariU's developers for a live webcast.

Java and Security, Part 2 -- This book excerpt takes a close look at WebLogic's various security providers and their default implementations. It shows you how to authenticate using JAAS, and how to create custom Authentication and Identity Assertion Providers. Get a 360-degree view of the world of WebLogic from WebLogic: The Definitive Guide.

Your O'Reilly Account: New, Single Sign On -- O'Reilly customers and guests now have a single address and one password to access all things O'Reilly, from oreilly.com and Safari Bookshelf to all of the O'Reilly Network sites and DevCenters. When possible, we've consolidated your prior, separate accounts into one new account. Logging into the new system is quick and easy; details on how to do it have been emailed to you, and you can read more about O'Reilly's single sign on in Tony Stubblebine's weblog.

Using Penetration Testing to Identify Management Issues -- Bob Ayers discusses the most common systems-management process failures that produce vulnerabilities detected by penetration testing, in this modified foreword from Chris McNab's Network Security Assessment.

Intrusion Detection Systems -- Unlike firewalls and VPNs, which attempt to prevent attacks, intrusion detection systems (IDS's) provide an additional level of security for your network by notifying you of suspected attacks and arming you with other critical information. Read all about IDS technology in Chapter 19 of Security Warrior. And if you like this chapter, read the whole book (and up to nine others) on Safari with a free trial subscription.

Top Ten Tips to Make Attackers' Lives Hell -- Chris McNab breaks down his top ten tips all network administrators should follow to protect their networks from opportunistic threats, and to make it hard for the more determined attackers to get anywhere. Chris is the author of the recently released Network Security Assessment.

The Journey from Poacher to Gamekeeper -- Chris McNab has been on both sides of the hacker fence. In this article, Chris explains how his past led him to trade his black hat for a white one, and what he hopes to achieve with his new book, Network Security Assessment.

Protect Yourself Against Kerberos Attacks -- Kerberos provides strong authentication methods for client/server applications in distributed environments by taking advantage of shared secret-key cryptography and multiple validation technologies. Learn about the components that comprise Kerberos under Windows Server 2003 in this excerpt from Security Warrior.

The Trouble with RFID -- Radio Frequency Identification (RFID) technology is already widely used to track pharmaceuticals, meat shipments, and manufactured goods. It has the potential to save businesses billions of dollars. It also has the potential to enable a police surveillance state, further erode consumer privacy, and make identity theft even easier. Writing for The Nation, Simson Garfinkel explains the problem and a potential code of conduct that might help address it. Simson is the author of Database Nation.

Protect Against Denial-of-Service Attacks -- Perhaps the best way to defend yourself is to understand your attacker in-depth. In this O'Reilly book excerpt, the authors investigate two denial-of-service (DoS) attacks against Windows XP: the first attacks the Server Message Block protocol used by Windows machines, and the second targets the Universal Plug and Play service. Learn the many ways your Windows and Unix systems can be attacked in the recently released Security Warrior.

Safari Gets Bigger and Better -- There are now more than 2,000 books from the industry's leading technical publishers available on Safari Bookshelf. As the library grows, so does its functionality: searches are powerfully precise and as broad or specific as you wish; and now, with a Safari Max subscription, you can download chapters to read offline. Safari will help you save time, reduce errors, keep current, and save more money than ever with up to 35% off print copies of your favorite books. If you haven't yet gone on Safari, try a free trial subscription.

O'Reilly Partners with No Starch, Paraglyph, and Syngress -- We're pleased to announce a collaboration between like-minded companies: As of January 1, 2004, O'Reilly is the North American distributor for three innovative small presses: No Starch Press, Paraglyph Press, and Syngress Publishing. O'Reilly will handle retail and direct sales, warehousing, and shipping, as well as provide direct marketing and PR support for these publishers with whom our philosophies are aligned. We invite you to give them a close look.

Gates Said Security Is Simple -- In this op-ed, O'Reilly authors Mark G. Graff and Kenneth R. van Wyk respond to Bill Gates' assertion that firewalls and up-to-date software are perfectly adequate protections against security problems, and that perfect code isn't necessary. Mark and Kenneth are the authors of Secure Coding: Principles & Practices.

Understanding Cryptography -- Using cryptography, you can transform messages and other data so they are unintelligible to anyone who does not possess a specific mathematical key necessary to unlock the message. Chapter 7 of Practical Unix & Internet Security, 3rd Edition explains the basics. Get a free trial to read this and four other O'Reilly books on Safari.