July 2006
Kristy WestphalHow to Break Web Software shows you how to do exactly that. It is, in a word, awesome! It is chock full of attacks for which all Web sites should be tested. Each attack description includes a detailed explanation, when to use it, and how to protect your site from the attack. The book is easy read, clear and complete in its explanations. Accompanying the book is a CD full of the tools that are referenced throughout the book, including the "hacme" bank application from Foundstone to practice on. Your biggest dilemma when reading this book will be deciding who else should read it — Your developers? Your QA team? Your security team? The answer is probably all of the above.
Peter LavinThis is a revised edition of a book first published in 2002. It’s co-authored by Rasmus Lerdorf, so is perhaps the canonical reference for PHP. In addition to Kevin Tatroe and Peter MacIntyre, the contributing authors include core developer Wez Furlong and security expert, Chris Shiflett. All in all an impressive cast of characters.
Cameron Laird and Kathryn SoraizWe all know about "Hello, world." It finally dawned on us how different is what we know about this simplest possible program, though.
Non-programmers who hear us talking about "Hello, world" (feel free to choose a different spelling if you prefer) seem to assume it's some sort of techie humor. It's light-hearted, true, but at the same time it's serious enough to merit, for instance, the article-length treatment Wikipedia accords it.
Kristy WestphalAn advantage of upgrading to the latest Fedora Core version (5) is the latest and greatest in SELinux advances. I mentioned in a previous article that a plethora of Linux kernel improvements were available, and SELinux was one of them. Created by the NSA, it now comes by default with the free version of Red Hat: Fedora. Figuring out the many pieces of it and its vast capabilities are a bit of a mystery, but once that is done, it is very powerful.
Emmett DulaneyAs reviewed earlier this month, one of the latest certifications to get a major overhaul is A+ from CompTIA. It now consists of four exams – one that you must take (Essentials), and three electives from which you can choose. The following questions are intended to allow you to test your knowledge of topics tested upon on the Essentials exam and make certain you are ready for this certification before you begin preparing for it. Answers are at the end of the article. Good luck!
Peter SalusHow much code do you have from a Solaris box? From running HP/UX? From AIX? And now you're running Linux at work as well as at home.
Kristy WestphalWhenever I hear of a software package that claims to protect against something ambitious like insider threats, identity theft, and cyberfraud, I have to get a closer look. Spyforce-AI is an ambitious and unique software package that boasts of addressing all three of these areas. If you, too, think that this is worth a closer look, read on to find out about my experience with the product. Note that this review was done on a pre-release version of the products current version 2.0.
Emmett DulaneyA number of noteworthy changes have been announced to one of the most popular certifications currently in the IT industry: A+. So popular is this certification that there are currently more than 600,000 individuals certified worldwide. This entry-level, vendor-neutral certification is almost a necessity for anyone wanting to enter the field and work with hardware. Given the evolving nature of computer components, there is a need to update the exams for this certification every two to four years (the last update was in 2003), and there is nothing surprising about that. What is surprising, however, is the massive changes to the program that CompTIA has undertaken.
Emmett DulaneyAs reviewed last month, the latest Linux certification to go live is that of Ubuntu Professional. To earn this certification, you must first become LPI certified at Level I (LPIC I), and then pass an additional exam. The following questions are intended to allow you to test your knowledge of the topic and make certain you are ready for this certification before you begin considering it or preparing for it. Answers are at the end of the article. Good luck!
Randal L. SchwartzRoughly a year ago, my friend Damian Conway published a hefty tome called Perl Best Practices. In it, he managed to gather 256 strongly suggested ideas and behaviors that had made his Perl hacking more successful for him and his customers over the years. As a reviewer on the book, I was happy enough with what I had seen to provide a quote that was eventually selected for the back cover:
As a manager of a large Perl project, I'd ensure that every member of my team has a copy of Perl Best Practices on their desk, and use it as the basis for an in-house guide.
Emmett DulaneyThey say that big things come in small packages, and this book is no exception. At fewer than 300 pages, this book is as concise and succinct a reference to Cisco Security Agent (CSA) as you’ll find. Currently, CSA is supported on the Microsoft platforms as well as Solaris and Red Hat. CSA is the product Cisco offers for an “endpoint protection” IPS (Intrusion Prevention System); it is not difficult to implement this software but can be arduous to master it. This book takes the approach of walking you through the implementation and all the way up to, and through, troubleshooting.
|
