Skip to Main Content
It looks like you're using Internet Explorer 11 or older. This website works best with modern browsers such as the latest versions of Chrome, Firefox, Safari, and Edge. If you continue with this browser, you may see unexpected results.
Welcome to your Cyber-Security: Attack reading list! Here you will find the resources to support you throughout your module.
The Mobile Application Hacker's Handbook by The Mobile Application Hacker's Handbook is a comprehensive guide to securing all mobile applications by approaching the issue from a hacker's point of view. Heavily practical, this book provides expert guidance toward discovering and exploiting flaws in mobile applications on the iOS, Android, Blackberry, and Windows Phone platforms. You will learn a proven methodology for approaching mobile application assessments, and the techniques used to prevent, disrupt, and remediate the various types of attacks. Coverage includes data storage, cryptography, transport layers, data leakage, injection attacks, runtime manipulation, security controls, and cross-platform apps, with vulnerabilities highlighted and detailed information on the methods hackers use to get around standard security.
Mobile applications are widely used in the consumer and enterprise markets to process and/or store sensitive data. There is currently little published on the topic of mobile security, but with over a million apps in the Apple App Store alone, the attack surface is significant. This book helps you secure mobile apps by demonstrating the ways in which hackers exploit weak points and flaws to gain access to data.
Understand the ways data can be stored, and how cryptography is defeated
Set up an environment for identifying insecurities and the data leakages that arise
Develop extensions to bypass security controls and perform injection attacks
Learn the different attacks that apply specifically to cross-platform apps
IT security breaches have made big headlines, with millions of consumers vulnerable as major corporations come under attack. Learning the tricks of the hacker's trade allows security professionals to lock the app up tight. For better mobile security and less vulnerable data, The Mobile Application Hacker's Handbook is a practical, comprehensive guide.
Call Number: 005.8 CHE + eBook
Publication Date: 2015
CEH V9 by The ultimate preparation guide for the unique CEH exam. The CEH v9: Certified Ethical Hacker Version 9 Study Guide is your ideal companion for CEH v9 exam preparation. This comprehensive, in-depth review of CEH certification requirements is designed to help you internalize critical information using concise, to-the-point explanations and an easy-to-follow approach to the material. Covering all sections of the exam, the discussion highlights essential topics like intrusion detection, DDoS attacks, buffer overflows, and malware creation in detail, and puts the concepts into the context of real-world scenarios. Each chapter is mapped to the corresponding exam objective for easy reference, and the Exam Essentials feature helps you identify areas in need of further study. You also get access to online study tools including chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms to help you ensure full mastery of the exam material. The Certified Ethical Hacker is one-of-a-kind in the cybersecurity sphere, allowing you to delve into the mind of a hacker for a unique perspective into penetration testing. This guide is your ideal exam preparation resource, with specific coverage of all CEH objectives and plenty of practice material. Review all CEH v9 topics systematically Reinforce critical skills with hands-on exercises Learn how concepts apply in real-world scenarios Identify key proficiencies prior to the exam The CEH certification puts you in professional demand, and satisfies the Department of Defense's 8570 Directive for all Information Assurance government positions. Not only is it a highly-regarded credential, but it's also an expensive exam--making the stakes even higher on exam day. The CEH v9: Certified Ethical Hacker Version 9 Study Guide gives you the intense preparation you need to pass with flying colors.
Call Number: 005.8 ORI + eBook
Publication Date: 2016
Network Security Essentials by For courses in Corporate, Computer and Network Security . Network Security: Innovations and Improvements Network Securities Essentials: Applications and Standards introduces readers to the critical importance of internet security in our age of universal electronic connectivity. Amidst viruses, hackers, and electronic fraud, organizations and individuals are constantly at risk of having their private information compromised. This creates a heightened need to protect data and resources from disclosure, guarantee their authenticity, and safeguard systems from network-based attacks. The Sixth Edition covers the expanding developments in the cryptography and network security disciplines, giving readers a practical survey of applications and standards. The text places emphasis on applications widely used for Internet and corporate networks, as well as extensively deployed internet standards.
Call Number: 005.8 STA + eBook
Publication Date: 2016
The Web Application Hacker's Handbook by The highly successful security book returns with a new edition, completely updated Web applications are the front door to most organizations, exposing them to attacks that may disclose personal information, execute fraudulent transactions, or compromise ordinary users. This practical book has been completely updated and revised to discuss the latest step-by-step techniques for attacking and defending the range of ever-evolving web applications. You'll explore the various new technologies employed in web applications that have appeared since the first edition and review the new attack techniques that have been developed, particularly in relation to the client side. Reveals how to overcome the new technologies and techniques aimed at defending web applications against attacks that have appeared since the previous edition Discusses new remoting frameworks, HTML5, cross-domain integration techniques, UI redress, framebusting, HTTP parameter pollution, hybrid file attacks, and more Features a companion web site hosted by the authors that allows readers to try out the attacks described, gives answers to the questions that are posed at the end of each chapter, and provides a summarized methodology and checklist of tasks Focusing on the areas of web application security where things have changed in recent years, this book is the most current resource on the critical topic of discovering, exploiting, and preventing web application security flaws. Also available as a set with, CEHv8: Certified Hacker Version 8 Study Guide, Ethical Hacking and Web Hacking Set, 9781119072171.
Call Number: 005.8 STU + eBook
Publication Date: 2011
Computer Networks 5th edn. by Tanenbaum takes a structured approach to explaining how networks work from the inside out. He starts with an explanation of the physical layer of networking, computer hardware and transmission systems; then works his way up to network applications. Tanenbaum's in-depth application coverage includes email; the domain name system; the World Wide Web (both client- and server-side); and multimedia (including voice over IP, Internet radio video on demand, video conferencing, and streaming media. Each chapter follows a consistent approach.
Tanenbaum presents key principles, then illustrates them utilising real-world example networks that run through the entire book--the Internet, and wireless networks, including Wireless LANs, broadband wireless and Bluetooth. The Fifth Edition includes a chapter devoted exclusively to network security.
Call Number: 004.6 TAN + eBook
Publication Date: 2013
Penetration Testing by Penetration testers simulate cyber attacks to find security weaknesses in networks, operating systems, and applications. Information security experts worldwide use penetration techniques to evaluate enterprise defenses. In Penetration Testing, security expert, researcher, and trainer Georgia Weidman introduces you to the core skills and techniques that every pentester needs. Using a virtual machine-based lab that includes Kali Linux and vulnerable operating systems, you'll run through a series of practical lessons with tools like Wireshark, Nmap, and Burp Suite. As you follow along with the labs and launch attacks, you'll experience the key stages of an actual assessment - including information gathering, finding exploitable vulnerabilities, gaining access to systems, post exploitation, and more. Learn how to: Crack passwords and wireless network keys with brute-forcing and wordlists Test web applications for vulnerabilities Use the Metasploit Framework to launch exploits and write your own Metasploit modules Automate social-engineering attacks Bypass antivirus software Turn access to one machine into total control of the enterprise in the post exploitation phase You'll even explore writing your own exploits. Then it's on to mobile hacking - Weidman's particular area of research - with her tool, the Smartphone Pentest Framework. With its collection of hands-on lessons that cover key tools and strategies, Penetration Testing is the introduction that every aspiring hacker needs.
Call Number: 005.8092 WEI + eBook
Publication Date: 2014
Security Engineering by The world has changed radically since the first edition of this book was published in 2001. Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy and as they specialize, they get better. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable whether faced with error or malice. Here's straight talk on critical topics such as technical engineering basics, types of attack, specialized protection mechanisms, security psychology, policy, and more.
Call Number: 005.8 AND + eBook
Publication Date: 2008
Introduction to computer security by Introduction to Computer Security draws upon Bishop's widely praised Computer Security: Art and Science, without the highly complex and mathematical coverage that most undergraduate students would find difficult or unnecessary. The result: the field's most concise, accessible, and useful introduction. Matt Bishop thoroughly introduces fundamental techniques and principles for modeling and analyzing security. Readers learn how to express security requirements, translate requirements into policies, implement mechanisms that enforce policy, and ensure that policies are effective. Along the way, the author explains how failures may be exploited by attackers and how attacks may be discovered, understood, and countered. Supplements available including slides and solutions.
Call Number: 005.8 BIS
Publication Date: 2006
Information Warfare and Security by This is a comprehensive and detailed view of information warfare. It presents methods, laws, and case examples stressing actual incidents to illustrate such instances. What individuals, corporations, and governments need to know about information-related attacks and defenses Every day, we hear reports of hackers who have penetrated computer networks, vandalized Web pages, and accessed sensitive information. We hear how they have tampered with medical records, disrupted emergency 911 systems, and siphoned money from bank accounts. Could information terrorists, using nothing more than a personal computer, cause planes to crash, widespread power blackouts, or financial chaos? Such real and imaginary scenarios, and our defense against them, are the stuff of information warfare-operations that target or exploit information media to win some objective over an adversary. Dorothy E. Denning, a pioneer in computer security, provides in this book a framework for understanding and dealing with information-based threats: computer break-ins, fraud, sabotage, espionage, piracy, identity theft, invasions of privacy, and electronic warfare. She describes these attacks with astonishing, real examples, as in her analysis of information warfare operations during the Gulf War. Then, offering sound advice for security practices and policies, she explains countermeasures that are both possible and necessary.
Call Number: 355.343 DEN
Publication Date: 1998
Managing Complex Systems by Nine innovative methods to think outside the box and solve complexsystem problems Managing Complex Systems provides specific tools and guidanceneeded to be a more creative and innovative thinker. Following theauthor's methodology, the reader will be better able to devise andimplement nontraditional solutions to seemingly intractable complexproblems. By challenging the reader to think in new and creativeways, the book offers a road map to success, whether measured interms of competitive advantage, greater market share, improvedproductivity, or higher profits, all based upon better solutions todifficult problems. The first four chapters set the foundation for creative thinking byexploring the nature of large-scale systems and complexity,thinking inside and outside the box, and examples of how aninventive mind solves problems in both management and scientificdomains. Subsequent chapters address nine focused methods that theauthor has formulated to help the reader think outside thebox: * Broaden and generalize * Crossover * Question conventional wisdom * Back of the envelope * Expanding the dimensions * Obversity * Remove constraints * Thinking with pictures * Systems approach Real-life examples are provided for each method that demonstratehow the approach enhances problem solving and decision making insystem development and management. Following the discussion of thenine methods, the author examines group decision making as well asadditional creative thinking procedures devised by otherresearchers, including references that assist in exploring thesemethods in greater detail. The author ends with a wrap-up chapterthat includes a test to help readers practice their tendenciestoward creative thinking skills and action with respect to solvingreal-world problems. The nine methods discussed in this book have broad applicabilityand can be used successfully by managers with a wide range ofresponsibilities in business and technology. For anyone who istired of the same old approach with the same old results, this bookis essential reading.
Call Number: 658.404 EIS + eBook
Publication Date: 2005
The Art of Deception by The world's most infamous hacker offers an insider's view of thelow-tech threats to high-tech security Kevin Mitnick's exploits as a cyber-desperado and fugitive form oneof the most exhaustive FBI manhunts in history and have spawneddozens of articles, books, films, and documentaries. Since hisrelease from federal prison, in 1998, Mitnick has turned his lifearound and established himself as one of the most sought-aftercomputer security experts worldwide. Now, in The Art of Deception,the world's most notorious hacker gives new meaning to the oldadage, "It takes a thief to catch a thief." Focusing on the human factors involved with information security,Mitnick explains why all the firewalls and encryption protocols inthe world will never be enough to stop a savvy grifter intent onrifling a corporate database or an irate employee determined tocrash a system. With the help of many fascinating true stories ofsuccessful attacks on business and government, he illustrates justhow susceptible even the most locked-down information systems areto a slick con artist impersonating an IRS agent. Narrating fromthe points of view of both the attacker and the victims, heexplains why each attack was so successful and how it could havebeen prevented in an engaging and highly readable style reminiscentof a true-crime novel. And, perhaps most importantly, Mitnickoffers advice for preventing these types of social engineeringhacks through security protocols, training programs, and manualsthat address the human element of security.
Call Number: 005.8 MIT + eBook
Publication Date: 2003
Security in Computing by This book offers complete coverage of all aspects of computer security, including users, software, devices, operating systems, networks, law, and ethics. Reflecting rapidly evolving attacks, countermeasures, and computing environments, it introduces up-to-the-minute best practices for authenticating users, preventing malicious code execution, using encryption, protecting privacy, implementing firewalls, detecting intrusions, and more.
Call Number: 005.8 PFL
Publication Date: 2015
Cybersecurity and Cyberwar by Dependence on computers has had a transformative effect on human society. Cybernetics is now woven into the core functions of virtually every basic institution, including our oldest ones. War is one such institution, and the digital revolution's impact on it has been profound. The Americanmilitary, which has no peer, is almost completely reliant on high-tech computer systems. Given the Internet's potential for full-spectrum surveillance and information disruption, the marshaling of computer networks represents the next stage of cyberwar. Indeed, it is upon us already. The recentStuxnet episode, in which Israel fed a malignant computer virus into Iran's nuclear facilities, is one such example. Penetration into US government computer systems by Chinese hackers - presumably sponsored by the Chinese government - is another. Together, they point to a new era in the evolution ofhuman conflict. In Cybersecurity and Cyberwar: What Everyone Needs to Know, noted experts Peter W. Singer and Allan Friedman lay out how the revolution in military cybernetics occurred and explain where it is headed. They begin with an explanation of what cyberspace is before moving on to discussions of how it canbe exploited and why it is so hard to defend. Throughout, they discuss the latest developments in military and security technology. Singer and Friedman close with a discussion of how people and governments can protect themselves. In sum, Cybersecurity and Cyberwar is the definitive account on thesubject for the educated layman who wants to know more about the nature of war, conflict, and security in the twenty first century.
Call Number: 005.8 SIN + eBook
Publication Date: 2014