Security Links


Web Application Security:
 Advanced SQL Injections in SQL Server Applications
http://www.ngssoftware.com/papers/advanced_sql_injection.pdf
 (more) Advanced SQL Injection
http://www.ngssoftware.com/papers/more_advanced_sql_injection.pdf
 One-Way Web Hacking
http://net-square.com/papers/one_way/one_way.html
 Imperva Blind SQL Injection
http://www.imperva.com/application_defense_center/white_papers/blind_sql_server_injection.html
 SQL Injection Attacks by Example
http://www.unixwiz.net/techtips/sql-injection.html
 Web Applications and SQL Injection
http://www.spidynamics.com/whitepapers/WhitepaperSQLInjection.pdf
 Manipulating Microsoft SQL Server Using SQL Injection
http://www.appsecinc.com/presentations/Manipulating_SQL_Server_Using_SQL_Injection.pdf
 HTML Code Injection and Cross-site scripting
http://www.technicalinfo.net/papers/CSS.html

 Kerberos Details:
 http://web.mit.edu/kerberos/www
 

Buffer Overflows:
 Once Upon a Free – Heap Overflows
http://www.phrack.org/phrack/57/p57-0x09
 
Defeating Windows XP SP2 Heap Protection and DEP Bypass
http://www.maxpatrol.com/defeating-xpsp2-heap-protection.pdf
 
Smashing The Stack For Fun And Profit
http://www.insecure.org/stf/smashstack.txt
 
Intro to Shellcoding
http://tigerteam.se/dl/papers/intro_to_shellcoding.pdf
 
 
Books:
Shell Coders handbook.
http://www.amazon.com/exec/obidos/tg/detail/-/0764544683/qid=1116428692/sr=8-1/ref=pd_csp_1/104-3942550-7935958?v=glance&s=books&n=507846
 
Network Security Assessment, O’Reilly
http://www.oreilly.com/catalog/networksa/
Good broad coverage of various NPT areas – good background reading
 
Network Security Hacks, O’Reilly http://www.oreilly.com/catalog/netsechacks/index.html
 
Hacking Exposed 1st Ed. http://www.amazon.com/exec/obidos/search-handle-url/index%3Dstripbooks%3Arelevance-above%26field-keywords%3Dhacking%252520exposed%26store-name%3Dbooks/104-3942550-7935958
(The first edition was probably the best)
 
Hack Proofing your Network 1st Ed.
http://www.amazon.com/exec/obidos/search-handle-url/index%3Dstripbooks%3Arelevance-above%26field-keywords%3Dhack%252520proofing%252520your%252520network%26store-name%3Dbooks/104-3942550-7935958
(Covers some other concepts like buffer overflows etc, gives better insight into mindset)
 
Assembly Language Step-by-Step, Wiley
http://www.amazon.com/exec/obidos/tg/detail/-/0471375233/ref=ase_jeffduntemann-20/104-3942550-7935958?v=glance&s=books
(Good no assumed knowledge start to assembler on x86)
 
SQL Server Security, Osbourne
http://shop.osborne.com/cgi-bin/osborne/0072225157.html
(By NGS, excellent reading on the subject)
 
TCP/IP illustrated
http://www.amazon.com/exec/obidos/tg/detail/-/0201633469/104-3942550-7935958?v=glance
 
Building Internet firewalls, O’Reilly
http://www.greatcircle.com/firewalls-book/
 
O’Reilly ‘Security Warrior’
http://www.oreilly.com/catalog/swarrior/
(Excellent introduction to many topics with some walkthrough examples.)
 
 
Osborne ‘Hacknotes’ series
http://www.amazon.com/exec/obidos/search-handle-url/ref=dp_searchBox_1/104-3942550-7935958?url=index%3Dstripbooks%3Arelevance-above%26dispatch%3Dsearch%26results-process%3Dbin&field-keywords=hacknotes&x=0&y=0
(Thin/portable reference material which includes an entire testing methodology)

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s