OWASP TOP 10 2013

The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list.

Download PDF

+5000 dorks for SQL injection

SQL injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

Link:

Hacking web site with DarkMySQLi.py on BackTrack 5 R2

Link:

Hacking web site with sqlmap on BackTrack 5 R3 

Link:

+5000 dorks for SQL injection

The Art of Exploitation, 2nd Edition

Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope.
Rather than merely showing how to run existingexploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker's perspective.

This book will teach you how to:

1. Program computers using C, assembly language, and shell scripts

2. Corrupt system memory to run arbitrary code using buffer overflows and format strings

3. Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening

4. Outsmart common security measures like nonexecutable stacks and intrusion detection systems

5. Gain access to a remote server using port-binding or connect-back shellcode, and alter a server's logging behavior to hide your presence

6. Redirect network traffic, conceal open ports, and hijack TCP connections

7. Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix

Hackers are always pushing the boundaries, investigating the unknown, and evolving their art. Even if you don't already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the included Linux environment, and all you need is your own creativity.

Download PDF

Refer To :  http://www.backtrack-pages.com

Mission-Critical Network Planning

Whether a terrorist attack, fibre cut, security breach, natural disaster or traffic overload, today's networks must be designed to withstand adverse conditions and provide continuous service. This comprehensive, leading-edge book reveals the techniques and strategies to help you keep enterprise data and voice networks in service under critical circumstances. You learn numerous ways to minimize single points of failure through redundancy and backups, and discover how to select the right networking technologies to improve survivability and performance.

Download PDF

Refer To: http://www.backtrack-pages.com

Hacker Techniques, Tools, and Incident Handling (Jones & Bartlett Learning Information Systems Security & Assurance Series)

Hacker Techniques, Tools, and Incident Handling begins with an examination of the landscape, key terms, and concepts that a security professional needs to know about hackers and computer criminals who break into networks, steal information, and corrupt data. It goes on to review the technical overview of hacking: how attacks target networks and the methodology they follow. The final section studies those methods that are most effective when dealing with hacking attacks, especially in an age of increased reliance on the Web. Written by a subject matter expert with numerous real-world examples, Hacker Techniques, Tools, and Incident Handling provides readers with a clear, comprehensive introduction to the many threats on our Internet environment and security and what can be done to combat them.

Download PDF


Refer To: http://www.backtrack-pages.com

Hackers: Heroes of the Computer Revolution

 This 25th anniversary edition of Steven Levy's classic book traces the exploits of the computer revolution's original hackers -- those brilliant and eccentric nerds from the late 1950s through the early '80s who took risks, bent the rules, and pushed the world in a radical new direction. With updated material from noteworthy hackers such as Bill Gates, Mark Zukerberg, Richard Stallman, and Steve Wozniak, Hackers is a fascinating story that begins in early computer research labs and leads to the first home computers.

Levy profiles the imaginative brainiacs who found clever and unorthodox solutions to computer engineering problems. They had a shared sense of values, known as "the hacker ethic," that still thrives today. Hackers captures a seminal period in recent history when underground activities blazed a trail for today's digital world, from MIT students finagling access to clunky computer-card machines to the DIY culture that spawned the Altair and the Apple II.

Download PDF

 Refer To: http://www.backtrack-pages.com

The Shell-coder's Handbook: Discovering and Exploiting Security Holes second Edition

 This much-anticipated revision, written by the ultimate group of top security experts in the world, features 40 percent new content on how to find security holes in any operating system or application
New material addresses the many new exploitation techniques that have been discovered since the first edition, including attacking "unbreakable" software packages such as McAfee's Entercept, Mac OS X, XP, Office 2003, and Vista
Also features the first-ever published information on exploiting Cisco's IOS, with content that has never before been explored
The companion Web site features downloadable code files


Download PDF

Refer To:  http://www.backtrack-pages.com