white2hack 📚

Атака и защита веб-сайтов по OWASP Top 10 , УЦ Специалист, 2020 Курс посвящен методикам проведения тестирования на проникновение согласно классификации OWASP Top 10. В курсе представлены подробные материалы по работе веб-серверов и веб-приложений. Детально описаны уязвимости в соответствии с классификацией OWASP Top 10 и техники применения эксплойтов для многочисленных тестов на проникновение. А также предложены рекомендации по укреплению защищённости веб-приложений для каждого вида уязвимости. #education #web

Official book of PEN200 - OSCP ver.2023, Shared by Tamarisk What changed in 2023 #book #pentest

Survive The Deep End: PHP Security (Release 1.0a1) by Padraic Brady, 2017 #book #AppSec

The Security Development Lifecycle, Howard Michael and Lipner Steve, Microsoft Press, 2009 This book is the first to detail a rigorous, proven methodology that measurably minimizes security bugsthe Security Development Lifecycle (SDL). In this long-awaited book, security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDLfrom education and design to testing and post-release. You get their first-hand insights, best practices, a practical history of the SDL, and lessons to help you implement the SDL in any development organization #book #AppSec

Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats by Alex Matrosov, Eugene Rodionov, Sergey Bratus, 2019 Rootkits and Bootkits will teach you how to understand and counter sophisticated, advanced threats buried deep in a machine’s boot process or UEFI firmware. As you inspect and dissect real malware, you’ll learn: • How Windows boots—including 32-bit, 64-bit, and UEFI mode—and where to find vulnerabilities • The details of boot process security mechanisms like Secure Boot, including an overview of Virtual Secure Mode (VSM) and Device Guard • Reverse engineering and forensic techniques for analyzing real malware, including bootkits like Rovnix/Carberp, Gapz, TDL4, and the infamous rootkits TDL3 and Festi • How to perform static and dynamic analysis using emulation and tools like Bochs and IDA Pro • How to better understand the delivery stage of threats against BIOS and UEFI firmware in order to create detection capabilities #book #malware #reversing

iOS Application Security: The Definitive Guide for Hackers and Developers, David Thiel, 2016 Eliminating security holes in iOS apps is critical for any developer who wants to protect their users from the bad guys. In iOS Application Security, mobile security expert David Thiel reveals common iOS coding mistakes that create serious security problems and shows you how to find and fix them. After a crash course on iOS application structure and Objective-C design patterns, you'll move on to spotting bad code and plugging the holes. #book #AppSec

The Security Development Lifecycle, Howard Michael, Lipner Steve, Microsoft Press, 2006 The Security Development Lifecycle (SDL), security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDL—from education and design to testing and post-release. You get their first-hand insights, best practices, a practical history of the SDL, and lessons to help you implement the SDL in any development organization. Topics included: (+) Enough Is Enough: The Threats Have Change (+) Current Software Development Methods Fail to Produce Secure Software (+) A Short History of the SDL at Microsoft (+) SDL for Management (+) Education and Awareness (+) Project Inception (+) Define and Follow Design Best Practices (+) Product Risk Assessment (+) Risk Analysis (+) Creating Security Documents, Tools, and Best Practices for Customers (+) Secure Coding Policies (+) Secure Testing Policies #book #AppSec

Дневник охотника за ошибками. Путешествие через джунгли проблем безопасности программного обеспечения, Клейн Тобиас, 2013, язык русский Книга рассказывает, как обнаруживаются и используются ошибки, найденные им в некоторых наиболее популярных во всем мире программных продуктах, таких как операционная система Apple iOS, медиа-проигрыватель VLC, веб-браузеры и даже ядро операционной системы Mac OS X. В этом уникальном отчете вы увидите, как эти ошибки были исправлены разработчиками, ответственными за их появление, или вообще оказались не в состоянии это сделать. Издание снабжено реальными примерами уязвимого кода и программ, использовавшихся для поиска и проверки ошибок. #book #AppSec

A Bug Hunter's Diary - A Guided Tour Through the Wilds of Software Security, Tobias Klein, 2011 A Bug Hunter's Diary follows security expert Tobias Klein as he tracks down and exploits bugs in some of the world's most popular software, like Apple's iOS, the VLC media player, web browsers, and even the Mac OS X kernel. In this one-of-a-kind account, you'll see how the developers responsible for these flaws patched the bugs - or failed to respond at all. A Bug Hunter's Diary is packed with real-world examples of vulnerable code and the custom programs used to find and test bugs. Whether you're hunting bugs for fun, for profit, or to make the world a safer place, you'll learn valuable new skills by looking over the shoulder of a professional bug hunter in action. #book #AppSec

The Tangled Web: A Guide to Securing Modern Web Applications, Michal Zalewski, 2012 In The Tangled Web, Michal Zalewski, one of the world’s top browser security experts, offers a compelling narrative that explains exactly how browsers work and why they’re fundamentally insecure. Rather than dispense simplistic advice on vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security. #book #web