Attacking and Exploiting Modern Web Applications. Discover the mindset, techniques, and tools to perform modern web attacks and exploitation

Simone Onofri, Donato Onofri, Matteo Meucci

Web attacks and exploits pose an ongoing threat to the interconnected world. This comprehensive book explores the latest challenges in web application security, providing you with an in-depth understanding of hackers' methods and the practical knowledge and skills needed to effectively understand web attacks.The book starts by emphasizing the importance of mindset and toolset in conducting successful web attacks. You’ll then explore the methodologies and frameworks used in these attacks, and learn how to configure the environment using interception proxies, automate tasks with Bash and Python, and set up a research lab. As you advance through the book, you’ll discover how to attack the SAML authentication layer; attack front-facing web applications by learning WordPress and SQL injection, and exploit vulnerabilities in IoT devices, such as command injection, by going through three CTFs and learning about the discovery of seven CVEs. Each chapter analyzes confirmed cases of exploitation mapped with MITRE ATT&CK. You’ll also analyze attacks on Electron JavaScript-based applications, such as XSS and RCE, and the security challenges of auditing and exploiting Ethereum smart contracts written in Solidity. Finally, you’ll find out how to disclose vulnerabilities.By the end of this book, you’ll have enhanced your ability to find and exploit web vulnerabilities.

Audyt bezpieczeństwa informacji w praktyce

Tomasz Polaczek

Rozpoczęła się era społeczeństwa informacyjnego. Działalność coraz większej liczby organizacji i firm zależy od szybkiego i efektywnego przetwarzania informacji. Informacja stała się cennym, często wykradanym towarem. Zagrożeniem dla bezpieczeństwa danych są nie tylko crackerzy, lecz często także pracownicy firmy, którzy nieświadomie udostępniają zastrzeżone informacje osobom trzecim. Upowszechnienie informacji, będących tajemnicą lub własnością intelektualną i handlową firmy lub instytucji, może oznaczać utratę reputacji, zakończenie działalności na rynku lub nawet wywołać kłopoty natury prawnej. Z tych powodów informację trzeba należycie chronić oraz odpowiednią nią zarządzać. Książka "Audyt bezpieczeństwa informacji w praktyce" przedstawia praktyczne aspekty wdrażania i realizowania polityki ochrony danych. Opisuje zarówno regulacje prawne, jak i normy ISO traktujące o bezpieczeństwie informacji. Zawiera informacje o odpowiednim zarządzaniu systemami przechowywania danych, fizycznym zabezpieczaniu miejsc, w których znajdują się nośniki danych, oraz szkoleniu użytkowników systemów. Normy ISO i PN dotyczące ochrony informacji Planowanie polityki bezpieczeństwa Umowy o zachowaniu poufności Zabezpieczanie budynku i pomieszczeń Tworzenie procedur eksploatacji sprzętu i systemów Ochrona sieci przed programami szpiegującymi Zarządzanie dostępem użytkowników do systemu Odpowiednio zaplanowane procedury ochrony danych mogą uchronić przedsiębiorstwo przed poważnymi problemami. Wykorzystaj wiadomości zawarte w tej książce i wprowadź podobne procedury w swojej firmie.

Automotive Cybersecurity Engineering Handbook. The automotive engineer's roadmap to cyber-resilient vehicles

Dr. Ahmad MK Nasser

Replete with exciting challenges, automotive cybersecurity is an emerging domain, and cybersecurity is a foundational enabler for current and future connected vehicle features. This book addresses the severe talent shortage faced by the industry in meeting the demand for building cyber-resilient systems by consolidating practical topics on securing automotive systems to help automotive engineers gain a competitive edge.The book begins by exploring present and future automotive vehicle architectures, along with relevant threats and the skills essential to addressing them. You’ll then explore cybersecurity engineering methods, focusing on compliance with existing automotive standards while making the process advantageous. The chapters are designed in a way to help you with both the theory and practice of building secure systems while considering the cost, time, and resource limitations of automotive engineering. The concluding chapters take a practical approach to threat modeling automotive systems and teach you how to implement security controls across different vehicle architecture layers.By the end of this book, you'll have learned effective methods of handling cybersecurity risks in any automotive product, from single libraries to entire vehicle architectures.

AWS Certified Developer - Associate Guide. Your one-stop solution to passing the AWS developer's certification

AWS Certified Developer - Associate Guide starts with a quick introduction to AWS and the prerequisites to get you started. Then, this book gives you a fair understanding of core AWS services and basic architecture. Next, this book will describe about getting familiar with Identity and Access Management (IAM) along with Virtual private cloud (VPC). Moving ahead you will learn about Elastic Compute cloud (EC2) and handling application traffic with Elastic Load Balancing (ELB). Going ahead you we will talk about Monitoring with CloudWatch, Simple storage service (S3) and Glacier and CloudFront along with other AWS storage options. Next we will take you through AWS DynamoDB – A NoSQL Database Service, Amazon Simple Queue Service (SQS) and CloudFormation Overview. Finally, this book covers understanding Elastic Beanstalk and overview of AWS lambda.At the end of this book, we will cover enough topics, tips and tricks along with mock tests for you to be able to pass the AWS Certified Developer - Associate exam and develop as well as manage your applications on the AWS platform.

AWS Certified Security - Specialty (SCS-C02) Exam Guide. Get all the guidance you need to pass the AWS (SCS-C02) exam on your first attempt - Second Edition

Adam Book, Stuart Scott

The AWS Certified Security – Specialty exam validates your expertise in advanced cloud security, a crucial skill set in today's cloud market. With the latest updates and revised study material, this second edition provides an excellent starting point for your exam preparation.You’ll learn the fundamentals of core services, which are essential prerequisites before delving into the six domains covered in the exam. The book addresses various security threats, vulnerabilities, and attacks, such as DDoS attacks, offering insights into effective mitigation strategies at different layers. You’ll learn different tools available in Amazon Web Services (AWS) to secure your Virtual Private Cloud and allow the correct traffic to travel securely to your workloads. As you progress, you’ll explore the intricacies of AWS EventBridge and IAM services. Additionally, you’ll get lifetime access to supplementary online resources, including mock exams with exam-like timers, detailed solutions, interactive flashcards, and invaluable exam tips, all accessible across various devices such as PCs, tablets, and smartphones.Ultimately, armed with the knowledge and skills acquired from this AWS security guide, you'll be well-prepared to pass the exam and design secure AWS solutions with confidence.

AWS Lambda Quick Start Guide. Learn how to build and deploy serverless applications on AWS

Markus Klems

AWS Lambda is a part of AWS that lets you run your code without provisioning or managing servers. This enables you to deploy applications and backend services that operate with no upfront cost. This book gets you up to speed on how to build scalable systems and deploy serverless applications with AWS Lambda.The book starts with the fundamental concepts of AWS Lambda, and then teaches you how to combine your applications with other AWS services, such as AmazonAPI Gateway and DynamoDB. This book will also give a quick walk through on how to use the Serverless Framework to build larger applications that can structure code or autogenerate boilerplate code that can be used to get started quickly for increased productivity.Toward the end of the book, you will learn how to write, run, and test Lambda functions using Node.js, Java, Python, and C#.

AWS Penetration Testing. Beginner's guide to hacking AWS with tools such as Kali Linux, Metasploit, and Nmap

Jonathan Helmus

Cloud security has always been treated as the highest priority by AWS while designing a robust cloud infrastructure. AWS has now extended its support to allow users and security experts to perform penetration tests on its environment. This has not only revealed a number of loopholes and brought vulnerable points in their existing system to the fore, but has also opened up opportunities for organizations to build a secure cloud environment. This book teaches you how to perform penetration tests in a controlled AWS environment.You'll begin by performing security assessments of major AWS resources such as Amazon EC2 instances, Amazon S3, Amazon API Gateway, and AWS Lambda. Throughout the course of this book, you'll also learn about specific tests such as exploiting applications, testing permissions flaws, and discovering weak policies. Moving on, you'll discover how to establish private-cloud access through backdoor Lambda functions. As you advance, you'll explore the no-go areas where users can’t make changes due to vendor restrictions and find out how you can avoid being flagged to AWS in these cases. Finally, this book will take you through tips and tricks for securing your cloud environment in a professional way.By the end of this penetration testing book, you'll have become well-versed in a variety of ethical hacking techniques for securing your AWS environment against modern cyber threats.

AWS Security Cookbook. Practical solutions for managing security policies, monitoring, auditing, and compliance with AWS

Heartin Kanikathottu

As a security consultant, securing your infrastructure by implementing policies and following best practices is critical. This cookbook discusses practical solutions to the most common problems related to safeguarding infrastructure, covering services and features within AWS that can help you implement security models such as the CIA triad (confidentiality, integrity, and availability), and the AAA triad (authentication, authorization, and availability), along with non-repudiation.The book begins with IAM and S3 policies and later gets you up to speed with data security, application security, monitoring, and compliance. This includes everything from using firewalls and load balancers to secure endpoints, to leveraging Cognito for managing users and authentication. Over the course of this book, you'll learn to use AWS security services such as Config for monitoring, as well as maintain compliance with GuardDuty, Macie, and Inspector. Finally, the book covers cloud security best practices and demonstrates how you can integrate additional security services such as Glacier Vault Lock and Security Hub to further strengthen your infrastructure.By the end of this book, you'll be well versed in the techniques required for securing AWS deployments, along with having the knowledge to prepare for the AWS Certified Security – Specialty certification.