Web Applications (Hacking Exposed)

"This book goes a long way in making the Web a safer place to do business." -- Mark Curphey, Chair of the Open Web Application Security Project

Unleash the hackers' arsenal to secure your Web applications

In today's world of pervasive Internet connectivity and rapidly evolving Web technology, online security is as critical as it is challenging. With the enhanced availability of information and services online and Web-based attacks and break-ins on the rise, security risks are at an all time high. Hacking Exposed Web Applications shows you, step-by-step, how to defend against the latest Web-based attacks by understanding the hacker's devious methods and thought processes. Discover how intruders gather information, acquire targets, identify weak spots, gain control, and cover their tracks. You'll get in-depth coverage of real-world hacks--both simple and sophisticated--and detailed countermeasures to protect against them.

What you'll learn:

• The proven Hacking Exposed methodology to locate, exploit, and patch vulnerable platforms and applications
• How attackers identify potential weaknesses in Web application components
• What devastating vulnerabilities exist within Web server platforms such as Apache, Microsoft's Internet Information Server (IIS), Netscape Enterprise Server, J2EE, ASP.NET, and more
• How to survey Web applications for potential vulnerabilities --including checking directory structures, helper files, Java classes and applets, HTML comments, forms, and query strings
• Attack methods against authentication and session management features such as cookies, hidden tags, and session identifiers
• Most common input validation attacks--crafted input, command execution characters, and buffer overflows
• Countermeasures for SQL injection attacks such as robust error handling, custom stored procedures, and proper database configuration
• XML Web services vulnerabilities and best practices
• Tools and techniques used to hack Web clients--including cross-site scripting, active content attacks and cookie manipulation
• Valuable checklists and tips on hardening Web applications and clients based on the authors' consulting experiences

About the Author

Joel Scambray (Lafayette, CA) is a Manager in the Information Systems Audit and Advisory Services practice of Ernst & Young. Joel has over five years experience working with a variety of computer and communications technologies from both an operational and strategic standpoint--ranging from Director of IS for a major commercial real estate firm to Technology Analyst for Info World Magazine.

Rapidshare

Openvpn: Building And Integrating Virtual Private Networks

OpenVPN is an outstanding piece of software that was invented by James Yonan in the year 2001 and has steadily been improved since then. No other VPN solution offers a comparable mixture of enterprise-level security, usability, and feature richness. We have been working with OpenVPN for many years now, and it has always proven to be the best solution.

This book is intended to introduce OpenVPN Software to network specialists and VPN newbies alike. OpenVPN works where most other solutions fail and exists on almost any platform; thus it is an ideal solution for problematic setups and an easy approach for the inexperienced.

On the other hand, the complexity of classic VPN solutions, especially IPsec, gives the impression that VPN technology in general is difficult and a topic only for very experienced (network and security) specialists. OpenVPN proves that this can be different, and this book is aimed to document that.

I want to provide both a concise description of OpenVPN's features and an easy-to-understand introduction for the inexperienced. Though there may be many other possible ways to success in the scenarios described, the ones presented have been tested in many setups and have been selected for simplicity reasons.

Rapidshare

Running Xen: A Hands-On Guide to the Art of Virtualization

“This accessible and immediately useful book expertly provides the Xen community with everything it needs to know to download, build, deploy and manage Xen implementations.”

—Ian Pratt, Xen Project Leader VP Advanced Technology, Citrix Systems

The Real–World, 100% Practical Guide to Xen Virtualization in Production Environments

Using free, open source Xen virtualization software, you can save money, gain new flexibility, improve utilization, and simplify everything from disaster recovery to software testing. Running Xen brings together all the knowledge you need to create and manage high–performance Xen virtual machines in any environment. Drawing on the unparalleled experience of a world–class Xen team, it covers everything from installation to administration—sharing field-tested insights, best practices, and case studies you can find nowhere else.

The authors begin with a primer on virtualization: its concepts, uses, and advantages. Next, they tour Xen’s capabilities, explore the Xen LiveCD, introduce the Xen hypervisor, and walk you through configuring your own hard–disk–based Xen installation. After you’re running, they guide you through each leading method for creating “guests” and migrating existing systems to run as Xen guests. Then they offer comprehensive coverage of managing and securing Xen guests, devices, networks, and distributed resources. Whether you’re an administrator, data center manager, developer, system integrator, or ISP, Running Xen will help you achieve your goals with Xen–reliably, efficiently, with outstanding performance, and at a surprisingly low cost.

Rapidshare

Beginning Python: From Novice to Professional, Second Edition

Gain a fundamental understanding of Python’s syntax and features with the second edition of Beginning Python, an up–to–date introduction and practical reference. Covering a wide array of Python–related programming topics, including addressing language internals, database integration, network programming, and web services, you’ll be guided by sound development principles. Ten accompanying projects will ensure you can get your hands dirty in no time.

Updated to reflect the latest in Python programming paradigms and several of the most crucial features found in the forthcoming Python 3.0 (otherwise known as Python 3000), advanced topics, such as extending Python and packaging/distributing Python applications, are also covered.

What you’ll learn

• Become a proficient Python programmer by following along with a friendly, practical guide to the language’s key features.
• Write code faster by learning how to take advantage of advanced features such as magic methods, exceptions, and abstraction.
• Gain insight into modern Python programming paradigms including testing, documentation, packaging, and distribution.
• Learn by following along with ten interesting projects, including a P2P file–sharing application, chat client, video game, remote text editor, and more. Complete, downloadable code is provided for each project!

Who is this book for?

Programmers, novice and otherwise, seeking a comprehensive introduction to the Python programming language.

About the Apress Beginning Series

The Beginning series from Apress is the right choice to get the information you need to land that crucial entry–level job. These books will teach you a standard and important technology from the ground up because they are explicitly designed to take you from “novice to professional.” You’ll start your journey by seeing what you need to know—but without needless theory and filler. You’ll build your skill set by learning how to put together real–world projects step by step. So whether your goal is your next career challenge or a new learning opportunity, the Beginning series from Apress will take you there—it is your trusted guide through unfamiliar territory!

About the Author

Magnus Lie Hetland is an associate professor of algorithms at the Norwegian University of Science and Technology, NTNU. Even though he loves learning new programming languages&emdash;even quite obscure ones&emdash;Magnus has been a devoted Python fan and an active member of the Python community for many years, and is the author of the popular online tutorials "Instant Python" and "Instant Hacking." His has written publications including Practical Python and Beginning Python, as well as several scientific papers. When he isn't busy staring at a computer screen, he may be found reading (even while bicycling), acting (in a local theater group), or gaming (mostly role-playing games).

Rapidshare

Beginning Python: From Novice to Professional

Beginning Python: From Novice to Professional is the most comprehensive book on the Python ever written. Based on Practical Python, this newly revised book is both an introduction and practical reference for a swath of Python-related programming topics, including addressing language internals, database integration, network programming, and web services. Advanced topics, such as extending Python and packaging/distributing Python applications, are also covered.

Ten different projects illustrate the concepts introduced in the book. You will learn how to create a P2P file-sharing application and a web-based bulletin board, and how to remotely edit web-based documents and create games. Author Magnus Lie Hetland is an authority on Python and previously authored Practical Python. He also authored the popular online guide, Instant Python Hacking, on which both books are based.

About the Author

Magnus Lie Hetland is an associate professor of algorithms at the Norwegian University of Science and Technology, NTNU. Even though he loves learning new programming languages--even quite obscure ones--Magnus has been a devoted Python fan and an active member of the Python community for many years, and is the author of the popular online tutorials "Instant Python" and "Instant Hacking." His has written publications including Practical Python and Beginning Python, as well as several scientific papers. When he isn't busy staring at a computer screen, he may be found reading (even while bicycling), acting (in a local theater group), or gaming (mostly role-playing games).

Rapidshare

Python Power!: The Comprehensive Guide

Welcome to the world of Python! Within this book, you will find a complete introduction to the language, including insider tips and tricks, and basic knowledge that you will need to get started. If you are a beginning Python programmer, you will find enough here to get you going. If you are an experienced Python programmer, you will likely find a trick or two worth the price of admission. Within these covers, you’ll learn how to:

• Write basic Python code.
• Work with databases.
• Work with Web pages and Web servers.
• Create reusable Python code.
• Work with files.
• Create your own Python types.

Who This Book Is For

This book is intended for a programmer with some experience in the world of development. Although no prior expertise in Python is assumed, you will do just fine if you have worked with the language in the past. Beginning developers will learn enough to get started with the language and become proficient quickly. Experienced developers will quickly get up to speed with the language, and previous Python programmers will learn new things about the language they are accustomed to.

Rapidshare

Ajude a descobrir a cura!!!

Pessoal estamos passando por um momento em que as doenças estão cada vez mais aparentes entre nós, cada vez estão mais fortes e a cada nova infecção mais demora fica para encontrarem a cura.

Por isso existem uma tecnologia conhecida como Grid Computing onde você usuário de computador pode auxiliar o desenvolvimento de uma cura para alguma doença existente, com a instalação de um simples programa que pode ser adquirido completamente gratuito no site abaixo você poderá ajudar na desenvolvimento da cura de várias doenças tais como:

Cancer,
Aids,
H1N1,
Dengue...

E vários outros, hoje segundo pesquisa computadores não usam seguer 30% de seu processamento, então porque não doar este processamento extra em prol de algo maior.

Faça parte deste grupo, faça sua parte para ajudar a tornar este mundo melhor e livre de doenças, clique no banner abaixo e faça sua inscrição.

PHP 6 fast and easy web development

Learn to create Web pages quickly and easily with PHP—no prior programming experience required! PHP 6 Fast & Easy Web Development provides a step-by-step, learn-by-example path to learning through easy-to-understand language and illustrations. Unlike the verbose text-only chapters found in most programming books, the Fast & Easy Web Development style appeals to users who are new to PHP, or to programming in general. The first three chapters are dedicated to getting Apache, MySQL, and PHP up and running on your Windows or Linux machine. You’ll be surprised at how simple it is, and how quickly you’ll be working. From there, you’ll learn how to create multi-part scripts, display dynamic content, work with MySQL databases, restrict access to certain pages of your site using PHP, create contact management systems, and work with XML. After completing this book, you will have a strong foundation in the basics of Web-based technologies and application design, and will be prepared to learn more advanced topics and programming methods.

About the Author

Matt Telles is a senior consultant working in the software development world. His experience includes both desktop and web development using a variety of languages and platforms. He is the author of seven other books ranging from C++ to Python.

Julie Meloni is the technical director for i2i Interactive, a multimedia company located in Los Altos, CA. She’s been developing Web-based applications since the Web first saw the light of day and remembers the excitement surrounding the first GUI Web browser. She is the author of several books and articles on Web-based programming languages and database topics, and you can find translations of her work in several languages, including Chinese, Italian, Portuguese, Polish, and even Serbian.

Implementing SugarCRM

A Step-by-step Guide to Using This Powerful Open

Source Application in Your Business
Written by a veteran SugarCRM expert and experienced documentation author (not to mention official SugarCRM Rock Star!), this book is the definitive guide to implementing SugarCRM. SugarCRM is the leading open source web based customer relationship management system. It is available in both free open source and commercial versions, making it an ideal way for small-medium business to try out a CRM system without committing large sums of money. Although SugarCRM is carefully designed for ease of use, attaining measurable business gains requires careful planning and research. This book distils hard won SugarCRM experienced into an easy to follow guide to implementing the full power of SugarCRM. Using a unique checklist approach the book works from the SugarCRM basics right up to advanced features in a clear, friendly way. It is carefully designed to distil hard-won SugarCRM wisdom from a recognized expert into a clear, readable, practical guide. By helping you clarify your business goals the book enables you to build a CRM system to support your business needs, and shows SugarCRM in a realistic business setting through an Extended case study. SugarCRM is an extensive PHP/MySQL based application but with its rich administration interfaces no programming is required to get the most of it. This book is ideal for small-medium business owners/managers with reasonable IT skills, who want to implement SugarCRM for themselves as either a first CRM or as a replacement for existing solutions. It will also be a valuable resource for IT staff tasked with implementing, maintaining, or upgrading a SugarCRM installation

Asterisk: The Future of Telephony

Many organizations are drawn to Internet telephony's promise of cost savings, and its ability to move data, images, and voice traffic over the same connection. Asterisk, an open source system than runs on Linux, offers the best option. This guide covers installing, configuring, and integrating Asterisk with existing phone systems, without the need for additional hardware.

It may be a while before Internet telephony with VoIP (Voice over Internet Protocol) reaches critical mass, but there's already tremendous movement in that direction. A lot of organizations are not only attracted to VoIP's promise of cost savings, but its ability to move data, images, and voice traffic over the same connection. Think of it: a single Internet phone call can take information sharing to a whole new level.

That's why many IT administrators and developers are actively looking to set up VoIP-based private telephone switching systems within the enterprise. The efficiency that network users can reach with it is almost mind-boggling. And cheap, if the system is built with open source software like Asterisk. There are commercial VoIP options out there, but many are expensive systems running old, complicated code on obsolete hardware. Asterisk runs on Linux and can interoperate with almost all standards-based telephony equipment. And you can program it to your liking.

Asterisk's flexibility comes at a price, however: it's not a simple system to learn, and the documentation is lacking. Asterisk: The Future of Telephony solves that problem by offering a complete roadmap for installing, configuring, and integrating Asterisk with existing phone systems. Our guide walks you through a basic dial plan step by step, and gives you enough working knowledge to set up a simple but complete system.

What you end up with is largely up to you. Asterisk embraces the concept of standards-compliance, but also gives you freedom to choose how to implement your system. Asterisk: The Future of Telephony outlines all the options, and shows you how to set up voicemail services, call conferencing, interactive voice response, call waiting, caller ID, and more. You'll also learn how Asterisk merges voice and data traffic seamlessly across disparate networks. And you won't need additional hardware. For interconnection with digital and analog telephone equipment, Asterisk supports a number of hardware devices.

Ready for the future of telephony? We'll help you hook it up.