Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.Proven security tactics for today's mobile apps,devices, and networks"A great overview of the new threats created by mobile devices. ...The authors have heaps of experience in the topics and bring that to every chapter." -- Slashdot Hacking Exposed Mobile continues in the great tradition of the Hacking Exposed series, arming business leaders and technology practitioners with an in-depthunderstanding of the latest attacks and countermeasures--so they can leverage the power of mobile platforms while ensuring that security risks are contained." -- Jamil Farshchi, Senior Business Leader of Strategic Planning and Initiatives, VISA Identify and evade key threats across the expanding mobile risk landscape. Hacking Exposed Mobile: Security Secrets & Solutions covers the wide range of attacks to your mobile deployment alongside ready-to-use countermeasures. Find out how attackers compromise networks and devices, attack mobile services, and subvert mobile apps. Learn how to encrypt mobile data, fortify mobile platforms, and eradicate malware. This cutting-edge guide reveals secure mobile development guidelines, how to leverage mobile OS features and MDM to isolate apps and data, and the techniques the pros use to secure mobile payment systems. Tour the mobile risk ecosystem with expert guides to both attack and defense Learn how cellular network attacks compromise devices over-the-air See the latest Android and iOS attacks in action, and learn how to stop them Delve into mobile malware at the code level to understand how to write resilient apps Defend against server-side mobile attacks, including SQL and XML injection Discover mobile web attacks, including abuse of custom URI schemes and JavaScript bridges Develop stronger mobile authentication routines using OAuth and SAML Get comprehensive mobile app development security guidance covering everything from threat modeling toiOS- and Android-specific tips Get started quickly using our mobile pen testing and consumer security checklists

The latest techniques for averting UC disaster

"This book is a must-read for any security professional responsible for VoIP or UC infrastructure. This new edition is a powerful resource that will help you keep your communications systems secure." --Dan York, Producer and Co-Host, Blue Box: The VoIP Security Podcast

"The original edition, "Hacking Exposed: Voice over IP Secrets & Solutions," provided a valuable resource for security professionals. But since then, criminals abusing VoIP and UC have become more sophisticated and prolific, with some high-profile cases ringing up huge losses. This book is a welcome update that covers these new threats with practical examples, showing the exact tools in use by the real attackers." --Sandro Gauci, Penetration Tester and Security Researcher, Author of SIPVicious

"Powerful UC hacking secrets revealed within. An outstanding and informative book. "Hacking Exposed: Unified Communications & VoIP Security Secrets & Solutions" walks the reader through powerful yet practical offensive security techniques and tools for UC hacking, which then informs defense for threat mitigation. The authors do an excellent job of weaving case studies and real-world attack scenarios with useful references. This book is essential for not only IT managers deploying UC, but also for security practitioners responsible for UC security." --Jason Ostrom, UC Security Researcher, Stora SANS Institute, co-author, SEC540 class

"After reading "Hacking Exposed: Unified Communications & VoIP Security Secrets & Solutions," I was saddened to not have had this book published years ago. The amount of time and money I could have saved myself, and my clients, would have been enormous. Being a professional in an ITSP/MSP, I know firsthand the complexities and challenges involved with auditing, assessing, and securing VoIP-based networks. From the carrier level, right down to the managed PBX level, and everything in between, "Hacking Exposed: Unified Communications & VoIP Security Secrets & Solutions" is a de facto must-have book. For those learning VoIP security to those heavily involved in any VoIP-related capacity, this book is worth its weight in gold." --J. Oquendo, Lead Security Engineer, E-Fensive Security Strategies

""Hacking Exposed: Unified Communications & VoIP Security Secrets & Solutions," includes more sophisticated attack vectors focused on UC and NGN. The authors describe in depth many new tools and techniques such as TDoS and UC interception. Using these techniques, you will learn how you can identify the security problems of VoIP/UC. This book is a masterpiece." --Fatih Ozavci, Senior Security Consultant at Sense of Security, Author of viproy

"This book provides you with the knowledge you need to understand VoIP threats in reality. No doom and gloom, overhyped, never to happen in the real-world scenarios. You will understand the vulnerabilities, the risks, and how to protect against them." --Shane Green, Senior Voice Security Analyst

Establish a holistic security stance by learning to view your unified communications infrastructure through the eyes of the nefarious cyber-criminal. "Hacking Exposed Unified Communications & VoIP," Second Edition offers thoroughly expanded coverage of today's rampant threats alongside ready-to-deploy countermeasures. Find out how to block TDoS, toll fraud, voice SPAM, voice social engineering and phishing, eavesdropping, and man-in-the-middle exploits. This comprehensive guide features all-new chapters, case studies, and examples. See how hackers target vulnerable UC devices and entire networks Defend against TDoS, toll fraud, and service abuse Block calling number hacks and calling number spoofing Thwart voice social engineering and phishing exploits Employ voice spam mitigation products and filters Fortify Cisco Unified Communications Manager Use encryption to prevent eavesdropping and MITM attacks Avoid injection of malicious audio, video, and media files Use fuzzers to test and buttress your VoIP applications Learn about emerging technologies such as Microsoft Lync, OTT UC, other forms of UC, and cloud and WebRTC

"The Basics of Web Hacking" introduces you to a tool-driven process to identify the most widespread vulnerabilities in Web applications. No prior experience is needed. Web apps are a "path of least resistance" that can be exploited to cause the most damage to a system, with the lowest hurdles to overcome. This is a perfect storm for beginning hackers. The process set forth in this book introduces not only the theory and practical information related to these vulnerabilities, but also the detailed configuration and usage of widely available tools necessary to exploit these vulnerabilities.

"The Basics of Web Hacking "provides a simple and clean explanation of how to utilize tools such as Burp Suite, sqlmap, and Zed Attack Proxy (ZAP), as well as basic network scanning tools such as nmap, Nikto, Nessus, Metasploit, John the Ripper, web shells, netcat, and more. Dr. Josh Pauli teaches software security at Dakota State University and has presented on this topic to the U.S. Department of Homeland Security, the NSA, BlackHat Briefings, and Defcon. He will lead you through a focused, three-part approach to Web security, including hacking the server, hacking the Web app, and hacking the Web user.

With Dr. Pauli s approach, you will fully understand the what/where/why/how of the most widespread Web vulnerabilities and how easily they can be exploited with the correct tools. You will learn how to set up a safe environment to conduct these attacks, including an attacker Virtual Machine (VM) with all necessary tools and several known-vulnerable Web application VMs that are widely available and maintained for this very purpose. Once you complete the entire process, not only will you be prepared to test for the most damaging Web exploits, you will also be prepared to conduct more advanced Web hacks that mandate a strong base of knowledge.
Provides a simple and clean approach to Web hacking, including hands-on examples and exercises that are designed to teach you how to hack the server, hack the Web app, and hack the Web user Covers the most significant new tools such as nmap, Nikto, Nessus, Metasploit, John the Ripper, web shells, netcat, and more Written by an author who works in the field as a penetration tester and who teaches Web security classes at Dakota State University"

Take a fascinating and provocative look at cyber crime and warfare

In "Cyber Crime & Warfare: All That Matters," Peter Warren and Michael Streeter outline the history, scale and importance of cyber crime. In particular they show how cyber crime, cyber espionage, and cyber warfare now pose a major threat to society. The authors describe how criminal gangs and rogue states have since moved into the online arena with devastating effect at a time when the modern world--including all the communication services and utilities we have come to take for granted--has become utterly dependent on computers and the internet.

Inside you will find: A 100 Ideas section that offers original and inspirational ideas to help readers explore the subject in more depth Weblinks and QR codes throughout the text, linking to videos from the author, or more detailed audio explanations Helpful text boxes around key concepts that make navigating through the material a snap

How can an information security professional keep up with all of the hacks, attacks, and exploits on the Web? One way is to read "Hacking Web Apps." The content for this book has been selected by author Mike Shema to make sure that we are covering the most vicious attacks out there. Not only does Mike let you in on the anatomy of these attacks, but he also tells you how to get rid of these worms, trojans, and botnets and how to defend against them in the future. Countermeasures are detailed so that you can fight against similar attacks as they evolve.

Attacks featured in this book include:

SQL Injection

Cross Site Scripting

Logic Attacks

Server Misconfigurations

Predictable Pages

Web of Distrust

Breaking Authentication Schemes

HTML5 Security Breaches

Attacks on Mobile Apps

Even if you don t develop web sites or write HTML, Hacking Web Apps can still help you learn how sites are attacked-as well as the best way to defend against these attacks. Plus, "Hacking Web Apps" gives you detailed steps to make the web browser - sometimes your last line of defense - more secure.
More and more data, from finances to photos, is moving into web applications. How much can you trust that data to be accessible from a web browser anywhere and safe at the same time? Some of the most damaging hacks to a web site can be executed with nothing more than a web browser and a little knowledge of HTML. Learn about the most common threats and how to stop them, including HTML Injection, XSS, Cross Site Request Forgery, SQL Injection, Breaking Authentication Schemes, Logic Attacks, Web of Distrust, Browser Hacks and many more."

Seven Deadliest Microsoft Attacks explores some of the deadliest attacks made against Microsoft software and networks and how these attacks can impact the confidentiality, integrity, and availability of the most closely guarded company secrets. If you need to keep up with the latest hacks, attacks, and exploits effecting Microsoft products, this book is for you. It pinpoints the most dangerous hacks and exploits specific to Microsoft applications, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. The book consists of seven chapters that cover the seven deadliest attacks against Microsoft software and networks: attacks against Windows passwords; escalation attacks; stored procedure attacks; mail service attacks; client-side ActiveX and macro attacks; Web service attacks; and multi-tier attacks. Each chapter provides an overview of a single Microsoft software product, how it is used, and some of the core functionality behind the software. Furthermore, each chapter explores the anatomy of attacks against the software, the dangers of an attack, and possible defenses to help prevent the attacks described in the scenarios. This book will be a valuable resource for those responsible for oversight of network security for either small or large organizations. It will also benefit those interested in learning the details behind attacks against Microsoft infrastructure, products, and services; and how to defend against them. Network administrators and integrators will find value in learning how attacks can be executed, and transfer knowledge gained from this book into improving existing deployment and integration practices.

Seven Deadliest Unified Communications Attacks provides a comprehensive coverage of the seven most dangerous hacks and exploits specific to Unified Communications (UC) and lays out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. The book describes the intersection of the various communication technologies that make up UC, including Voice over IP (VoIP), instant message (IM), and other collaboration technologies. There are seven chapters that focus on the following: attacks against the UC ecosystem and UC endpoints; eavesdropping and modification attacks; control channel attacks; attacks on Session Initiation Protocol (SIP) trunks and public switched telephone network (PSTN) interconnection; attacks on identity; and attacks against distributed systems. Each chapter begins with an introduction to the threat along with some examples of the problem. This is followed by discussions of the anatomy, dangers, and future outlook of the threat as well as specific strategies on how to defend systems against the threat. The discussions of each threat are also organized around the themes of confidentiality, integrity, and availability. This book will be of interest to information security professionals of all levels as well as recreational hackers.

Seven Deadliest Wireless Technologies Attacks provides a comprehensive view of the seven different attacks against popular wireless protocols and systems. This book pinpoints the most dangerous hacks and exploits specific to wireless technologies, laying out the anatomy of these attacks, including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Each chapter includes an example real attack scenario, an analysis of the attack, and methods for mitigating the attack. Common themes will emerge throughout the book, but each wireless technology has its own unique quirks that make it useful to attackers in different ways, making understanding all of them important to overall security as rarely is just one wireless technology in use at a home or office. The book contains seven chapters that cover the following: infrastructure attacks, client attacks, Bluetooth attacks, RFID attacks; and attacks on analog wireless devices, cell phones, PDAs, and other hybrid devices. A chapter deals with the problem of bad encryption. It demonstrates how something that was supposed to protect communications can end up providing less security than advertised. This book is intended for information security professionals of all levels, as well as wireless device developers and recreational hackers.

Using the exploits of three international hackers, Cyberpunk provides a fascinating tour of a bizarre subculture populated by outlaws who penetrate even the most sensitive computer networks and wreak havoc on the information they find -- everything from bank accounts to military secrets. In a book filled with as much adventure as any Ludlum novel, the authors show what motivates these young hackers to access systems, how they learn to break in, and how little can be done to stop them.

Securing the Internet of Things provides network and cybersecurity researchers and practitioners with both the theoretical and practical knowledge they need to know regarding security in the Internet of Things (IoT). This booming field, moving from strictly research to the marketplace, is advancing rapidly, yet security issues abound. This book explains the fundamental concepts of IoT security, describing practical solutions that account for resource limitations at IoT end-node, hybrid network architecture, communication protocols, and application characteristics. Highlighting the most important potential IoT security risks and threats, the book covers both the general theory and practical implications for people working in security in the Internet of Things.

Steven Levy's classic book about the original hackers of the computer revolution is now available in a special 25th anniversary edition, with updated material from noteworthy hackers such as Bill Gates, Mark Zukerberg, Richard Stallman, and Tim O'Reilly. Hackers traces the exploits of innovators from the research labs in the late 1950s to the rise of the home computer in the mid-1980s. It's a fascinating story of brilliant and eccentric nerds such as Steve Wozniak, Ken Williams, and John Draper who took risks, bent the rules, and took the world in a radical new direction. "Hacker" is often a derogatory term today, but 40 years ago, it referred to people who found clever and unorthodox solutions to computer engineering problems -- a practice that became known as "the hacker ethic." In this book, Levy takes you from the true hackers of MIT's Tech Model Railroad Club to the DIY culture that spawned the first personal computers -- the Altair and the Apple II -- and finally to the gaming culture of the early '80s. From students finagling access to clunky computer-card machines to engineers uncovering the secrets of what would become the Internet, Hackers captures a seminal period in history when underground activities blazed a trail for today's digital world. This book is not just for geeks -- it's for everyone interested in origins of the computer revolution.

This book isn't about cybersecurity, it's about life. Specifically, connected life in the 21st century. It's about the behaviours we need to change and the threats we need to be aware of to ensure that we can keep ourselves and our families as safe as possible in the new connected world. We are the pioneers in connectivity and this world is evolving in a way that none of us has ever seen before. This book will cover elements of 21st century life which will be familiar to all consumers - from social media, to email hacking, to content theft, to connected devices and even connected cars. It will steer clear of just dryly delivering facts but will use true anecdotes to tell stories of the dangers of connectivity to us all, every day, and how we can make simple changes to live our connected lives more safely. * Honest, jargon-free advice on how to keep your data safe in an increasingly complex digital world * Topical and engaging examples from across the consumer, digital and corporate worlds * Covers everything from passwords to talking assistants, phishing to social media

A bold new theory of cyberwar argues that militarized hacking is best understood as a form of deconstruction From shadowy attempts to steal state secrets to the explosive destruction of Iranian centrifuges, cyberwar has been a vital part of statecraft for nearly thirty years. But although computer-based warfare has been with us for decades, it has changed dramatically since its emergence in the 1990s, and the pace of change is accelerating. In Deconstruction Machines, Justin Joque inquires into the fundamental nature of cyberwar through a detailed investigation of what happens at the crisis points when cybersecurity systems break down and reveal their internal contradictions. He concludes that cyberwar is best envisioned as a series of networks whose constantly shifting connections shape its very possibilities. He ultimately envisions cyberwar as a form of writing, advancing the innovative thesis that cyber attacks should be seen as a militarized form of deconstruction in which computer programs are systems that operate within the broader world of texts. Throughout, Joque addresses hot-button subjects such as technological social control and cyber-resistance entities like Anonymous and Wikileaks while also providing a rich, detailed history of cyberwar. Deconstruction Machines provides a necessary new interpretation of deconstruction and timely analysis of media, war, and technology.

Cybercrime and Digital Deviance is a work that combines insights from sociology, criminology, and computer science to explore cybercrimes such as hacking and romance scams, along with forms of cyberdeviance such as pornography addiction, trolling, and flaming. Other issues are explored including cybercrime investigations, organized cybercrime, the use of algorithms in policing, cybervictimization, and the theories used to explain cybercrime. Graham and Smith make a conceptual distinction between a terrestrial, physical environment and a single digital environment produced through networked computers. Conceptualizing the online space as a distinct environment for social interaction links this text with assumptions made in the fields of urban sociology or rural criminology. Students in sociology and criminology will have a familiar entry point for understanding what may appear to be a technologically complex course of study. The authors organize all forms of cybercrime and cyberdeviance by applying a typology developed by David Wall: cybertrespass, cyberdeception, cyberviolence, and cyberpornography. This typology is simple enough for students just beginning their inquiry into cybercrime. Because it is based on legal categories of trespassing, fraud, violent crimes against persons, and moral transgressions it provides a solid foundation for deeper study. Taken together, Graham and Smith's application of a digital environment and Wall's cybercrime typology makes this an ideal upper level text for students in sociology and criminal justice. It is also an ideal introductory text for students within the emerging disciplines of cybercrime and cybersecurity.