skip to content
Vulnerability analysis and defense for the Internet Preview this item
ClosePreview this item
Checking...

Vulnerability analysis and defense for the Internet

Author: Abhishek Singh; Baibhav Singh; Hirosh Joseph
Publisher: New York : Springer, ©2008.
Series: Advances in information security, 37.
Edition/Format:   Print book : EnglishView all editions and formats
Summary:
"Vulnerability Analysis and Defense for the Internet provides packet captures, flow charts and detailed analysis of a protocol and concepts of Reverse Engineering, which enables a user to identify whether an application/protocol is vulnerable and how the vulnerability affects the software. If an application is vulnerable, then a user will be able to understand the complexity, and the theory behind the vulnerability.  Read more...
Rating:

(not yet rated) 0 with reviews - Be the first.

Subjects
More like this

Find a copy online

Links to this item

Find a copy in the library

&AllPage.SpinnerRetrieving; Finding libraries that hold this item...

Details

Material Type: Internet resource
Document Type: Book, Internet Resource
All Authors / Contributors: Abhishek Singh; Baibhav Singh; Hirosh Joseph
ISBN: 9780387743899 0387743898 0387743901 9780387743905
OCLC Number: 173498960
Notes: Includes index.
Description: xvi, 254 pages : illustrations ; 25 cm.
Contents: Cover --
Table of Contents --
1.0 Wireless Security --
1.1 Introduction --
1.2 Wired Equivalent Privacy protocol --
1.2.1 Analysis of WEP flaws --
1.2.2 Key Stream Reuse --
1.2.3 Message Modification --
1.2.4 Message Injection --
1.2.5 Authentication Spoofing --
1.2.6 IP Redirection --
1.2.7 Wireless Frame Generation --
1.2.8 Encryption Cracking Tools --
1.2.9 Retrieving the WEP keys from Client Host --
1.2.10 Traffic Inection Tools --
1.2.11 802.1x Cracking Tools --
1.2.12 Wireless DoS Attacks --
1.2.13 Attack against the 802.11i implementations --
1.3 Prevention and Modifications --
1.3.1 TKIP: temporal Key Integrity Protocol --
1.3.2 AES --
CCMP --
1.4 Prevention Method using Detection Devices --
1.5 Conclusion --
2.0 Vulnerability Analysis for Mail Protocols --
2.1 Introduction --
2.2 Format String Specifiers --
2.2.1 Format String Vulnerability --
2.2.1.1 Format String Denial of Service Attack --
2.2.1.2 Format String Vulnerability Reading Attack --
2.2.1.3 Format String Vulnerability Writing Attack --
2.2.1.4 Preventive Measures for Format String vulnerability --
2.3 Buffer Overflow Attack --
2.3.1 Buffer Overflow Prevention --
2.4 Directory Traversal Attacks --
2.4.1 Remote Detection --
2.5 False Positive in Remote Detection for Mail Traffic --
2.5.1 False Positive in case of SMTP Traffic --
2.5.2 False Positive in case of IMAP Traffic --
2.6 Conclusion --
3.0 Vulnerability Analysis for FTP and TFTP --
3.1 Introduction --
3.1.1 Buffer Overflow in FTP --
3.1.2 Directory Traversal Attack in FTP --
3.2 TFTP Vulnerability Analysis --
3.2.1 Vulnerability Analysis --
3.3 Conclusion --
4.0 Vulnerability Analysis for HTTP --
4.1 Introduction --
4.2 XSS Attack --
4.2.1 Prevention against Cross Site Scripting Attacks --
4.3 SQL Injection Attacks --
4.3.1 SQL Injection Case Study --
4.3.2 Preventive Measures --
4.3.3 Other Preventive Measures --
4.4 MS DoS Device Name Vulnerability --
4.4.1 Prevention from DoS Device Name Vulnerability --
4.5 False Positive in HTTP --
4.6 Evasion of HTTP Signatures --
4.7 Conclusion --
5.0 Vulnerability Analysis for DNS and DHCP --
5.1 Introduction of DNS Protocol --
5.1.1 Vulnerabilities in a DNS Protocol --
5.1.2 False Positives in a DNS Protocol --
5.2 Introduction of DHCP --
5.2.1 Vulnerabilities in DHCP --
5.2.2 False Positive in DHCP --
5.3 Conclusion --
6.0 Vulnerability Analysis for LDAP and SNMP --
6.1 Introduction --
6.2 ASN and BER Encoding --
6.3 BER implementation for LDAP --
6.3.1 Threat Analysis for Directory Services --
6.4 SNMP --
6.4.1 Vulnerability Analysis for SNMP --
6.5 Conclusion --
7.0 Vulnerability Analysis for RPC --
7.1 Introduction --
7.2 RPC Message Protocol --
7.3 NDR Format --
7.4 Port Mapper --
7.5 False Positive for SMB RPC Protocol --
7.6 Evasion in RPC --
7.
Series Title: Advances in information security, 37.
Responsibility: by Abhishek Singh (editor) ; [with contributions by] Baibhav Singh and Hirosh Joseph.

Abstract:

Vulnerability Analysis and Defense for the Internet provides packet captures, flow charts and pseudo code, which enable a user to identify if an application/protocol is vulnerable. This edited volume  Read more...

Reviews

User-contributed reviews
Retrieving GoodReads reviews...
Retrieving DOGObooks reviews...

Tags

Be the first.
Confirm this request

You may have already requested this item. Please select Ok if you would like to proceed with this request anyway.

Linked Data


Primary Entity

<http://www.worldcat.org/oclc/173498960> # Vulnerability analysis and defense for the Internet
    a schema:CreativeWork, schema:Book ;
    library:oclcnum "173498960" ;
    library:placeOfPublication <http://id.loc.gov/vocabulary/countries/nyu> ;
    library:placeOfPublication <http://dbpedia.org/resource/New_York_City> ; # New York
    schema:about <http://id.worldcat.org/fast/872484> ; # Computer security
    schema:about <http://dewey.info/class/005.8/e22/> ;
    schema:about <http://id.loc.gov/authorities/subjects/sh2008117723> ; # Computer crimes--Prevention
    schema:about <http://id.worldcat.org/fast/872068> ; # Computer crimes--Prevention
    schema:about <http://experiment.worldcat.org/entity/work/data/1042306762#Topic/computer_networks_security_measures_evaluation> ; # Computer networks--Security measures--Evaluation
    schema:bookFormat bgn:PrintBook ;
    schema:contributor <http://viaf.org/viaf/38906450> ; # Baibhav Singh
    schema:contributor <http://viaf.org/viaf/31528235> ; # Hirosh Joseph
    schema:contributor <http://viaf.org/viaf/85188176> ; # Abhishek Singh
    schema:copyrightYear "2008" ;
    schema:datePublished "2008" ;
    schema:description "Cover -- Table of Contents -- 1.0 Wireless Security -- 1.1 Introduction -- 1.2 Wired Equivalent Privacy protocol -- 1.2.1 Analysis of WEP flaws -- 1.2.2 Key Stream Reuse -- 1.2.3 Message Modification -- 1.2.4 Message Injection -- 1.2.5 Authentication Spoofing -- 1.2.6 IP Redirection -- 1.2.7 Wireless Frame Generation -- 1.2.8 Encryption Cracking Tools -- 1.2.9 Retrieving the WEP keys from Client Host -- 1.2.10 Traffic Inection Tools -- 1.2.11 802.1x Cracking Tools -- 1.2.12 Wireless DoS Attacks -- 1.2.13 Attack against the 802.11i implementations -- 1.3 Prevention and Modifications -- 1.3.1 TKIP: temporal Key Integrity Protocol -- 1.3.2 AES -- CCMP -- 1.4 Prevention Method using Detection Devices -- 1.5 Conclusion -- 2.0 Vulnerability Analysis for Mail Protocols -- 2.1 Introduction -- 2.2 Format String Specifiers -- 2.2.1 Format String Vulnerability -- 2.2.1.1 Format String Denial of Service Attack -- 2.2.1.2 Format String Vulnerability Reading Attack -- 2.2.1.3 Format String Vulnerability Writing Attack -- 2.2.1.4 Preventive Measures for Format String vulnerability -- 2.3 Buffer Overflow Attack -- 2.3.1 Buffer Overflow Prevention -- 2.4 Directory Traversal Attacks -- 2.4.1 Remote Detection -- 2.5 False Positive in Remote Detection for Mail Traffic -- 2.5.1 False Positive in case of SMTP Traffic -- 2.5.2 False Positive in case of IMAP Traffic -- 2.6 Conclusion -- 3.0 Vulnerability Analysis for FTP and TFTP -- 3.1 Introduction -- 3.1.1 Buffer Overflow in FTP -- 3.1.2 Directory Traversal Attack in FTP -- 3.2 TFTP Vulnerability Analysis -- 3.2.1 Vulnerability Analysis -- 3.3 Conclusion -- 4.0 Vulnerability Analysis for HTTP -- 4.1 Introduction -- 4.2 XSS Attack -- 4.2.1 Prevention against Cross Site Scripting Attacks -- 4.3 SQL Injection Attacks -- 4.3.1 SQL Injection Case Study -- 4.3.2 Preventive Measures -- 4.3.3 Other Preventive Measures -- 4.4 MS DoS Device Name Vulnerability -- 4.4.1 Prevention from DoS Device Name Vulnerability -- 4.5 False Positive in HTTP -- 4.6 Evasion of HTTP Signatures -- 4.7 Conclusion -- 5.0 Vulnerability Analysis for DNS and DHCP -- 5.1 Introduction of DNS Protocol -- 5.1.1 Vulnerabilities in a DNS Protocol -- 5.1.2 False Positives in a DNS Protocol -- 5.2 Introduction of DHCP -- 5.2.1 Vulnerabilities in DHCP -- 5.2.2 False Positive in DHCP -- 5.3 Conclusion -- 6.0 Vulnerability Analysis for LDAP and SNMP -- 6.1 Introduction -- 6.2 ASN and BER Encoding -- 6.3 BER implementation for LDAP -- 6.3.1 Threat Analysis for Directory Services -- 6.4 SNMP -- 6.4.1 Vulnerability Analysis for SNMP -- 6.5 Conclusion -- 7.0 Vulnerability Analysis for RPC -- 7.1 Introduction -- 7.2 RPC Message Protocol -- 7.3 NDR Format -- 7.4 Port Mapper -- 7.5 False Positive for SMB RPC Protocol -- 7.6 Evasion in RPC -- 7."@en ;
    schema:exampleOfWork <http://worldcat.org/entity/work/id/1042306762> ;
    schema:inLanguage "en" ;
    schema:isPartOf <http://experiment.worldcat.org/entity/work/data/1042306762#Series/advances_in_information_security> ; # Advances in information security ;
    schema:name "Vulnerability analysis and defense for the Internet"@en ;
    schema:productID "173498960" ;
    schema:publication <http://www.worldcat.org/title/-/oclc/173498960#PublicationEvent/new_york_springer_2008> ;
    schema:publisher <http://experiment.worldcat.org/entity/work/data/1042306762#Agent/springer> ; # Springer
    schema:reviews <http://www.worldcat.org/title/-/oclc/173498960#Review/1388997986> ;
    schema:workExample <http://worldcat.org/isbn/9780387743905> ;
    schema:workExample <http://worldcat.org/isbn/9780387743899> ;
    umbel:isLike <http://bnb.data.bl.uk/id/resource/GBA777079> ;
    wdrs:describedby <http://www.worldcat.org/title/-/oclc/173498960> ;
    .


Related Entities

<http://dbpedia.org/resource/New_York_City> # New York
    a schema:Place ;
    schema:name "New York" ;
    .

<http://experiment.worldcat.org/entity/work/data/1042306762#Series/advances_in_information_security> # Advances in information security ;
    a bgn:PublicationSeries ;
    schema:hasPart <http://www.worldcat.org/oclc/173498960> ; # Vulnerability analysis and defense for the Internet
    schema:name "Advances in information security ;" ;
    .

<http://experiment.worldcat.org/entity/work/data/1042306762#Topic/computer_networks_security_measures_evaluation> # Computer networks--Security measures--Evaluation
    a schema:Intangible ;
    schema:hasPart <http://id.loc.gov/authorities/subjects/sh94001277> ;
    schema:name "Computer networks--Security measures--Evaluation"@en ;
    .

<http://id.loc.gov/authorities/subjects/sh2008117723> # Computer crimes--Prevention
    a schema:Intangible ;
    schema:name "Computer crimes--Prevention"@en ;
    .

<http://id.worldcat.org/fast/872068> # Computer crimes--Prevention
    a schema:Intangible ;
    schema:name "Computer crimes--Prevention"@en ;
    .

<http://id.worldcat.org/fast/872484> # Computer security
    a schema:Intangible ;
    schema:name "Computer security"@en ;
    .

<http://viaf.org/viaf/31528235> # Hirosh Joseph
    a schema:Person ;
    schema:familyName "Joseph" ;
    schema:givenName "Hirosh" ;
    schema:name "Hirosh Joseph" ;
    .

<http://viaf.org/viaf/38906450> # Baibhav Singh
    a schema:Person ;
    schema:familyName "Singh" ;
    schema:givenName "Baibhav" ;
    schema:name "Baibhav Singh" ;
    .

<http://viaf.org/viaf/85188176> # Abhishek Singh
    a schema:Person ;
    schema:birthDate "1976" ;
    schema:familyName "Singh" ;
    schema:givenName "Abhishek" ;
    schema:name "Abhishek Singh" ;
    .

<http://worldcat.org/isbn/9780387743899>
    a schema:ProductModel ;
    schema:isbn "0387743898" ;
    schema:isbn "9780387743899" ;
    .

<http://worldcat.org/isbn/9780387743905>
    a schema:ProductModel ;
    schema:isbn "0387743901" ;
    schema:isbn "9780387743905" ;
    .

<http://www.worldcat.org/title/-/oclc/173498960#Review/1388997986>
    a schema:Review ;
    schema:itemReviewed <http://www.worldcat.org/oclc/173498960> ; # Vulnerability analysis and defense for the Internet
    schema:reviewBody ""Vulnerability Analysis and Defense for the Internet provides packet captures, flow charts and detailed analysis of a protocol and concepts of Reverse Engineering, which enables a user to identify whether an application/protocol is vulnerable and how the vulnerability affects the software. If an application is vulnerable, then a user will be able to understand the complexity, and the theory behind the vulnerability. This edited volume contributed by world leaders in this field, also provides psuedo code for effective signatures to prevent vulnerabilities and case studies where the latest exploits are discussed." "Vulnerability Analysis and Defense for the Internet is designed for a professional audience composed of practitioners and researchers in industry. This book is also useful as an advanced-level secondary text book in computer science."--BOOK JACKET." ;
    .


Content-negotiable representations

Close Window

Please sign in to WorldCat 

Don't have an account? You can easily create a free account.