Saludos.

Quisiera saber si alguien conoce un libro sobre seguridad como este:

The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities.

Pero que sea más actualizado, o sea tipo 2010 en adelante porque el que les digo es del año 2006 y pues 10 años en informática es bastante como sabemos.

*Dejo una copia de la tabla de contenido para que se hagan una idea de qué es lo que busco, no importa si es pdf o versión paga. Gracias.

Citar1. The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities.... 6
2. Table of Contents... 8
3. Copyright ... 12
4. About the Authors ... 14
4.1 Preface ... 14
5. Acknowledgments ... 18
6. Part I: Introduction to Software Security Assessment................................................................ 18
6.1 Chapter 1. Software Vulnerability Fundamentals............................................................. 18
6.1.1 Introduction ... 18
6.1.2 Vulnerabilities ... 19
6.1.3 The Necessity of Auditing ......................................................................................... 24
6.1.4 Classifying Vulnerabilities ......................................................................................... 29
6.1.5 Common Threads... 32
6.1.6 Summary... 37
6.2 Chapter 2. Design Review................................................................................................. 38
6.2.1 Introduction ... 38
6.2.2 Software Design Fundamentals ................................................................................ 38
6.2.3 Enforcing Security Policy........................................................................................... 49
6.2.4 Threat Modeling ... 62
6.2.5 Summary... 79
6.3 Chapter 3. Operational Review......................................................................................... 79
6.3.1 Introduction ... 79
6.3.2 Exposure ... 80
6.3.3 Web-Specific Considerations .................................................................................... 85
6.3.4 Protective Measures ................................................................................................. 88
6.3.5 Summary... 101
6.4 Chapter 4. Application Review Process .......................................................................... 101
6.4.1 Introduction ... 102
6.4.2 Overview of the Application Review Process.......................................................... 102
6.4.3 Preassessment ... 104
6.4.4 Application Review ................................................................................................. 107
6.4.5 Documentation and Analysis .................................................................................. 116
6.4.6 Reporting and Remediation Support ...................................................................... 119
6.4.7 Code Navigation... 119
6.4.8 Code-Auditing Strategies ........................................................................................ 122
6.4.9 Code-Auditing Tactics ............................................................................................. 147
6.4.10 Code Auditor's Toolbox ......................................................................................... 161
6.4.11 Case Study: OpenSSH............................................................................................ 173
6.4.12 Summary... 178
7. Part II: Software Vulnerabilities ................................................................................................ 179
7.1 Chapter 5. Memory Corruption ...................................................................................... 179
The Art of Software Security Assessment - Identifying and Preventing Software Vulnerabilities
2
7.1.1 Introduction ... 179
7.1.2 Buffer Overflows ... 180
7.1.3 Shellcode... 199
7.1.4 Protection Mechanisms .......................................................................................... 202
7.1.5 Assessing Memory Corruption Impact ................................................................... 209
7.1.6 Summary... 215
7.2 Chapter 6. C Language Issues ......................................................................................... 215
7.2.1 Introduction ... 215
7.2.2 C Language Background.......................................................................................... 216
7.2.3 Data Storage Overview ........................................................................................... 217
7.2.4 Arithmetic Boundary Conditions ............................................................................ 224
7.2.5 Type Conversions ... 236
7.2.6 Type Conversion Vulnerabilities.............................................................................. 262
7.2.7 Operators... 287
7.2.8 Pointer Arithmetic .................................................................................................. 294
7.2.9 Other C Nuances... 299
7.2.10 Summary... 314
7.3 Chapter 7. Program Building Blocks................................................................................ 314
7.3.1 Introduction ... 314
7.3.2 Auditing Variable Use.............................................................................................. 315
7.3.3 Auditing Control Flow ............................................................................................. 343
7.3.4 Auditing Functions.................................................................................................. 356
7.3.5 Auditing Memory Management ............................................................................. 379
7.3.6 Summary... 403
7.4 Chapter 8. Strings and Metacharacters .......................................................................... 403
7.4.1 Introduction ... 403
7.4.2 C String Handling ... 404
7.4.3 Metacharacters... 423
7.4.4 Common Metacharacter Formats........................................................................... 434
7.4.5 Metacharacter Filtering .......................................................................................... 452
7.4.6 Character Sets and Unicode.................................................................................... 464
7.4.7 Summary... 476
7.5 Chapter 9. UNIX I: Privileges and Files............................................................................ 476
7.5.1 Introduction ... 477
7.5.2 UNIX 101 ... 477
7.5.3 Privilege Model... 482
7.5.4 Privilege Vulnerabilities .......................................................................................... 496
7.5.5 File Security... 512
7.5.6 File Internals ... 530
7.5.7 Links ... 534
7.5.8 Race Conditions ... 544
7.5.9 Temporary Files... 557
7.5.10 The Stdio File Interface ......................................................................................... 566
7.5.11 Summary... 576
The Art of Software Security Assessment - Identifying and Preventing Software Vulnerabilities
3
7.6 Chapter 10. UNIX II: Processes ....................................................................................... 576
7.6.1 Introduction ... 576
7.6.2 Processes ... 577
7.6.3 Program Invocation................................................................................................. 582
7.6.4 Process Attributes................................................................................................... 590
7.6.5 Interprocess Communication.................................................................................. 626
7.6.6 Remote Procedure Calls.......................................................................................... 633
7.6.7 Summary... 639
7.7 Chapter 11. Windows I: Objects and the File System..................................................... 639
7.7.1 Introduction ... 639
7.7.2 Background ... 640
7.7.3 Objects... 642
7.7.4 Sessions... 650
7.7.5 Security Descriptors................................................................................................ 662
7.7.6 Processes and Threads............................................................................................ 669
7.7.7 File Access... 675
7.7.8 The Registry ... 696
7.7.9 Summary... 700
7.8 Chapter 12. Windows II: Interprocess Communication.................................................. 700
7.8.1 Introduction ... 700
7.8.2 Windows IPC Security ............................................................................................. 701
7.8.3 Window Messaging................................................................................................. 705
7.8.4 Pipes... 713
7.8.5 Mailslots... 720
7.8.6 Remote Procedure Calls.......................................................................................... 721
7.8.7 COM ... 740
7.8.8 Summary... 770
7.9 Chapter 13. Synchronization and State........................................................................... 770
7.9.1 Introduction ... 770
7.9.2 Synchronization Problems ...................................................................................... 770
7.9.3 Process Synchronization ......................................................................................... 776
7.9.4 Signals ... 797
7.9.5 Threads ... 822
7.9.6 Summary... 837
8. Part III: Software Vulnerabilities in Practice ............................................................................. 838
8.1 Chapter 14. Network Protocols ...................................................................................... 838
8.1.1 Introduction ... 838
8.1.2 Internet Protocol... 840
8.1.3 User Datagram Protocol.......................................................................................... 871
8.1.4 Transmission Control Protocol ................................................................................ 873
8.1.5 Summary... 900
8.2 Chapter 15. Firewalls ... 900
8.2.1 Introduction ... 900
8.2.2 Overview of Firewalls.............................................................................................. 901
The Art of Software Security Assessment - Identifying and Preventing Software Vulnerabilities
4
8.2.3 Stateless Firewalls................................................................................................... 906
8.2.4 Simple Stateful Firewalls......................................................................................... 915
8.2.5 Stateful Inspection Firewalls................................................................................... 919
8.2.6 Spoofing Attacks ... 924
8.2.7 Summary... 931
8.3 Chapter 16. Network Application Protocols ................................................................... 931
8.3.1 Introduction ... 931
8.3.2 Auditing Application Protocols ............................................................................... 932
8.3.3 Hypertext Transfer Protocol.................................................................................... 946
8.3.4 Internet Security Association and Key Management Protocol ............................... 957
8.3.5 Abstract Syntax Notation (ASN.1) ........................................................................... 980
8.3.6 Domain Name System............................................................................................. 992
8.3.7 Summary... 1013
8.4 Chapter 17. Web Applications ...................................................................................... 1013
8.4.1 Introduction ... 1013
8.4.2 Web Technology Overview ................................................................................... 1014
8.4.3 HTTP... 1020
8.4.4 State and HTTP Authentication............................................................................. 1034
8.4.5 Architecture ... 1047
8.4.6 Problem Areas... 1053
8.4.7 Common Vulnerabilities ....................................................................................... 1067
8.4.8 Harsh Realities of the Web ................................................................................... 1083
8.4.9 Auditing Strategy .................................................................................................. 1086
8.4.10 Summary... 1089
8.5 Chapter 18. Web Technologies ..................................................................................... 1089
8.5.1 Introduction ... 1089
8.5.2 Web Services and Service-Oriented Architecture................................................. 1090
8.5.3 Web Application Platforms ................................................................................... 1092
8.5.4 CGI... 1092
8.5.5 Perl... 1100
8.5.6 PHP... 1103
8.5.7 Java ... 1112
8.5.8 ASP ... 1119
8.5.9 No tienes permitido ver los links. Registrarse o Entrar a mi cuenta ... 1124
8.5.10 Summary... 1129
9. Bibliography ... 1130

Saludos amigos.

Bueno resulta que me estaba revisando una documentación que tengo sobre SQLinjection y pues la verdad hace mucho no hacia nada relacionado con Web, en fin estaba sacando las tablas y siguiendo un manuales me aparece algo como esto:

No tienes permitido ver los links. Registrarse o Entrar a mi cuenta

Se supone que al hacer esto me imprime las columnas de la tabla, pero lo que pasa es que no imprime nada.

recordé entonces que yo lo hacía de otra forma pero no sé exactamente cuál, creo que era colocando en group_concat(column_name)  0x55,53,45,52,53 o algo así, la verdad es que no recuerdo y es ahí mi duda, qué formas tienen para hacerlo?
¿cómo sacarian esos datos?

Gracias.

Bueno pues llevaba rato sin pasar por acá.

Estaba instalando metasploit en Debian wheezy y quería saber si alguno lo ha hecho y si ha tenido errores ya que a mí me sale este  y no he podido:

Gem::InstallError: metasploit-concern requires Ruby version >= 2.1.
An error occurred while installing metasploit-concern (0.4.0), and Bundler
cannot continue.
Make sure that `gem install metasploit-concern -v '0.4.0'` succeeds before
bundling.


Cualquier ayuda me sirve.

PD: he probado todo lo que dice google pero no ha salido.

Saludos.

Tengo una duda.
Cuando  los servidores tienen  este tipo  de presentación, es sinónimo de una vulnerabilidad?
Como la puedo aprovechar?




No tienes permitido ver los links. Registrarse o Entrar a mi cuenta