| Vulnerability Analysis and Defense for the Internet 2008 Edition Contributor(s): Singh, Abhishek (Editor), Singh, B. (Contribution by), Joseph, H. (Contribution by) |
|
 |
ISBN: 0387743898 ISBN-13: 9780387743899 Publisher: Springer OUR PRICE: $104.49 Product Type: Hardcover - Other Formats Published: January 2008 Annotation: Vulnerability analysis, also known as vulnerability assessment, is a process that defines, identifies, and classifies the security holes (vulnerabilities) in a computer, network, or an application. In addition, vulnerability analysis can forecast the effectiveness of proposed countermeasures and evaluate their actual effectiveness after they are put into use. Vulnerability Analysis and Defense for the Internet provides packet captures, flow charts and psuedo code, which enable a user to identify if an application/protocol is vulnerable. If an application is vulnerable, then a user will be able to understand the complexity, and the theory behind the vulnerability. This edited volume also includes case studies where latest exploits are discussed. |
| Additional Information |
| BISAC Categories: - Computers | Security - Networking - Computers | Security - Cryptography - Computers | Computer Science |
| Dewey: 005.8 |
| LCCN: 2007941398 |
| Series: Advances in Information Security |
| Physical Information: 0.63" H x 6.14" W x 9.21" (1.23 lbs) 254 pages |
| Descriptions, Reviews, Etc. |
| Publisher Description: Vulnerability Analysis is a process that defines, identifies, and classifies the vulnerabilities in a computer network or an application. Vulnerability in a network or application can in turn be used to launch various attacks like cross-site scripting attacks, SQL injection attacks, format string attacks, buffer overflows, DNS amplification attacks etc. Although these attacks are not new and are well known, the number of vulnerabilities disclosed to the public jumped nearly 5 percent during the first six months of 2007. This accounts to be the fourth year report, which shows the raise in vulnerability (see the news link on security focus http: //www.securityfocus.com/brief/614). In January 2007, a vulnerable network resulted in a theft of 45.6 million credit card numbers in TJX companies due to unauthorized intrusion. A good protocol analysis and effective signature writing is one of the - fective method to prevent vulnerability and minimize the chances of intrusion in the network. However, protocol analysis poses two challenges namely false po- tive and evasion. If the signature to prevent the vulnerability is not written pr- erly, it will result in dropping of a valid traffic thereby resulting in false positive. An effective signature should also consider the chances of evasion; otherwise a malicious attacker can use the variant of exploit and evade the protection provided by the IDS/IPS |