Book Description
Global Scriptwriting offers a look at an exciting new phase in screen storytelling, as writers and directors from all over the world infuse traditional forms with their own cultural values to create stories that have an international appeal and suggest a universality among readers, viewers, and listeners. A unique blend of screenwriting technique and film studies, Global Scriptwriting discusses screen stories as they have evolved through the years, focusing first on the basics of scriptwriting, then going on to afford a more sophisticated look at script via different models of scriptwriting: the Hollywood model, the independent model, the national model, and various alternative models. It examines the internationalization of storytelling, and illustrates how particular innovations have helped national screen stories to international success.
This book is the first to incorporate the basics of the classical form with the innovative edge of the last decade, as well the culture specific changes that have taken place outside of North America. It offers readers a view of the enriched repertoire available to writers resulting from the introduction of cultural perspectives into traditional story forms. Specific topics examined include, the ascent of voice, the search for new forms, the struggle between style and content, and the centrality of megagenre.
Includes numerous case studies and examples
Focuses on how adaptation, innovation, and cultural values combine to create internationally successful stories
Book Description
How secure is your network? How resilient are your systems to hackers? And how can you be sure? This book delivers the information and tools you need to take charge of your critical IT assets through advanced networking testing strategies, including vulnerability scanning and penetration testing. Written by members of the Microsoft Security Team, this practical guide shows you how to perform security assessments, uncover security vulnerabilities, and apply appropriate countermeasures to help beat the hackers at their own game. The companion CD features time-saving tools and scripts that you can use to discover and help correct security vulnerabilities in your own network.
Customer Reviews:
the ring of truth, the sound of experience.......2004-11-19
Just the basic concept of this book is interesting. If anyone wanted to do a denial of service attack on my web site, or was really interested in coming in -- well, why would they care. But the Microsoft site, if you could bring it down you would certainly have bragging rights in certain circles.
So if you really want to know about security, who better to read than people responsible for keeping the Microsoft site up and running.
The book has four major sections:
Planning and Performing Security assessments
Penetration Testing for Nonintrusive Attacks
Penetration Testing for Instrusive Attacks
Security Assessment Case Studies.
One thing I really appreciate in this book is the little stories from the real world. In between the description and tutorials (this is computer stuff, it's pretty dry) there are little notes of what really happened in a situation where this particular area was being tested. It gives the book the ring of truth, the sound of experience.
Highly Recommended.
The best pentesting book I've seen.......2004-10-06
Now, I've read some pretty bad books on penetration testing and nobody seemed to get this fun subject right! Good news - this time somebody did! This great tome ("Assessing Network Security") comes to us direct from the bunkers of Redmond. Written by three Microsoft security researchers, the book provides a great overview as well as in-depth coverage of assessing security via pen testing, scanning, IT audit and other means.
The books starts from a nice overview of key principles of security (definitely not news for industry practitioners, but nice anyway), and then goes on to defines vulnerability assessment, penetration testing and security audit. A critically important section on reporting the findings is also nicely written and shows that the authors are knowledgeable about the subject. The book then goes into developing and maintaining the pentesting skills, and descends into choosing the training and resources (nice for those starting in the field). The actual pentesting process is split into non-intrusive (combining the usual "intelligence gathering" with port scans, sweeps and various host queries) and intrusive tests (such as running a vulnerability scanner, brute-forcing passwords, DoS testing and others). Some entries seem to belong in both categories (such as sniffing) but are placed into the intrusive section, for whatever reason. All the host latest content (wireless, Bluetooth and web assessments) is well represented in the book. A fairly insightful social engineering testing section (that touched on dumpster diving and other non-network assessment methods) is also present. My favorite chapter was the one on 'case studies' - examples of specific threats/tests against web, email, VPN and domain controller systems.
Among other features that I liked were 'notes from the field' sidebars with fun stories related by authors and FAQs at the end of each section. On the down side, the book is somewhat Windows-focused (although it is amazingly vendor-neutral in most respects, considering the source). The book is also somewhat dry, although sidebars provide the needed relief when the text gets too process-oriented at times.
The book is largely about methodology, but I'd have preferred to see a bit more technical content, since it is a 600-page volume. I think checklists, present in the Appendix, are a great step in that direction.
Overall, I enjoyed the book and think it is both a great guide and a reference for most security professionals, especially for those starting to be involved with penetration testing.
Anton Chuvakin, Ph.D., GCIA, GCIH is a Security Strategist with a major security information management company. He is the author of the book "Security Warrior" (O'Reilly, 2004) and a contributor to "Known Your Enemy II (AWL, 2004). His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org
Book Description
- Covers security basics and guides reader through the process of testing a Web site.
- Explains how to analyze results and design specialized follow-up tests that focus on potential security gaps.
- Teaches the process of discovery, scanning, analyzing, verifying results of specialized tests, and fixing vulnerabilities.
Customer Reviews:
Adds the auditing dimension to web testing.......2004-06-19
This book is unique in that it focuses more on auditing than on actual web testing techniques, which is an area that is too often overlooked by QA. Because of this niche area, this book can be used in conjunction with any of the more testing-centric books, giving QA a solid security-in-depth approach. This approach also makes this book a solid reference for complying with parts of the Sarbanes-Oxley Act.
Splaine thoroughly covers the test/audit process by addressing all layers and threat vectors. He takes a systematic vulnerability assessment and risk management approach, and extensively uses checklists throughout this book to help you to develop a security auditing process that will close most of the vulnerability gaps, as well as to augment other testing approaches.
I particularly like the completeness of topic coverage - he goes into network, protocol, client- and server-side application, and attack modes in great detail. For each area he provides advice, checklists and a strategy for dealing with the risks and vulnerabilities represented. I also like the way he addresses configuration management, quality and test case design. These reflect best practices and can be quickly integrated into a web security QA function.
Splaine's earlier book, "The Web Testing Handbook" (ISBN 0970436300) nicely augments this one, as does Nguyen's highly regarded "Testing Applications on the Web: Test Planning for Internet-Based Systems" (ISBN 047139470X), both of which are more focused on web testing.
If you work in QA or web security this book will be an invaluable resource, and is one that I highly recommend because it spans both disciplines.
An Excellent Read & Reference for Testers and Test Managers.......2004-02-25
Before I read Steve's book, I thought that testing the security of a Web site required huge amounts of technical knowledge including how certain operating systems, web servers, etc., actually worked. Having read the book, I realise that someone needs to know - but it needn't be me. As a tester, my job is to see if the security measures that have been put into place actually do what they are supposed to and in this context the book exceeds my requirements and expectations.
In addition, one of the problems in testing security is trying to ensure that the site does not open itself up to any unauthorised activity - accidental or not. How do you ensure `complete coverage' of the virtually infinite number of event combinations and therefore test cases? This problem is addressed in the Test Planning and Risk Analysis sections and placed properly and pragmatically into context.
Then we get into the meat of test design. I like the way we start with scoping. What are we trying to secure and from what or whom? To answer the latter part of the question, the book delves into types of attacks - which then helps us to think about what and how to test. I particularly like the checklists (OK, I'm a checklist fan) and the lists of software tools which are available to carry out things like IP address sweeps, port scans, etc.
This part of the book has separate chapters for networks, system software, client and server-side application software. Each chapter is virtually stand-alone which makes it a good reference as well as a good read. I also like the fact that Steve has not left out the social engineering aspect of security. Finally, Test Implementation addresses the usual practical problems associated with test execution but with all the emphasis on security.
Steve Splaine has distilled into one book enough information to give testers and test managers confidence in the planning, design and execution of Web security testing. An excellent read and reference.
A Great General Overview of Testing Web Security.......2003-09-25
The author's goal is to make managers responsible for Web site security aware that having a super-duper firewall doesn't excuse the organization from conducting tests or exploring additional avenues to supplement the firewall.
The book also supports security testers with flexible descriptions and checklists for creating test cases and conducting tests. Each chapter ends with a checklist covering the various aspects of the test process from planning to intrusion detection. Organizations with a process model in place such as CMM (Capability Maturity Model), RUP (Rational Unified Process), and Six Sigma will find the material supportive of such efforts and maybe even making it easier because of the lists of example tools and software products for managing reporting and schedules.
The book isn't a read front-to-back book as each chapter is understandable with or without previous chapters. The first two chapters address vocabulary, test plans and planning, and general project management activities. The meat of the book is in Part 3, Test Design, beginning with chapter 3, which addresses scoping and conducting a network assessment. Chapter 4 focuses on system software and related tools.
The next two chapters look at client-side and server-side applications to ensure the system is designed to function correctly for its users while guarding its castle to prevent the evil ones from breaking in. Mother Nature might pay a visit or another big blackout could happen and those guards need to be prepared to react, hence Chapter 7 prepares a team for such events as well as various ways the bad guys might do a sneak attack.
Mysterious intruders and audit trails sounds like a case for Sherlock Holmes as Chapter 8 directions on detecting unauthorized intruders, responding to an attack, and assessing the damage.
Those who haven't formed a team might want to leap into Chapter 9, which provides staffing options for in-house and outsourcing. It also discusses the process of selecting tools. In the last chapter, get the lowdown on doing a risk analysis to be prepared in for the likelihood of changed plans (which we know happens often). Doing such an analysis is a step toward to having a well-planned test schedule ensure the areas that pose the greatest risks are done early in the process while the lesser important items are done near the end of the test period.
The appendices provide an overview of network protocols, addresses, and devices; a list of the most critical Internet security vulnerabilities; and example templates for testing documentation. Those who need more in-depth information can reference the resources for further reading via books and Web sites.
If the thought of security is daunting, this book is a good introduction to the topic. It's appropriate for organizations creating a new testing team; teams responsible for conducting testing assessments; and testing managers, project managers, and test teams that are new to testing security. Directors, executives, and other top level managers who are responsible for Web site security will also benefit.
Any technical terms that pop up are clearly defined without the dull writing that makes eyes glaze over when reading a technical book. The use of sidebars, checklists, headers, examples, and figures provide a nice balance in presenting the material without losing the reader. The book is practical for anyone who needs a general reference on Web security and wants to know how it works.
As for the programming issue another reviewer mention, it's true there isn't reference to programming languages. However, that's not the point of this particular book.
Simply the worst security book I have ever read.......2003-09-05
This book proposes to teach us about testing web application security. OK, there *is* one entire sentence devoted to PHP, and somewhere in this mess I think that I remember seeing several lines regarding jsp. On the plus side -- there is an Appendix devoted to a cursory review of the SANS top 20 security vulnerabilities. Thank goodness -- googling for this list or finding it online at the SANS portal must be outside the abilities of the reviewers who gave this book positive reviews.
Testing w/ client-side proxies, as far as I can tell, is not covered; nor is any mention made of SQL insertion techniques, basic authentication mechanism testing, Nikto usage, etc.
I purchased this book based upon the initial reviews on this site. Obviously, the earlier reviewers were not reading the same book as the one I received.
Smart and Resourceful.......2003-07-25
Interestingly, this is one of the very few commercial guides on testing anything out there that actually provides a test plan and specific tests to perform. It smartly provides straight facts on web security without trying to oversell anything which is why I particularly recommend it.
Another point of the book I found helpful and intelligent is the layout which did more than just take one through a step-by-step assessment.
Although not overly technical, for instance you won't find specific programming tips on PHP or JSP, its broad coverage of the web presence from physical to Internet is more than enough to provide any organization with a proper risk assessment.
I have written the author about a few improvements I would like to see but there is nothing that would detract from the knowledge transfer this book currently offers. It is an excellent complement to the OSSTMM (Open Source Security Testing Methodology Manual) at [email address]and will assist you in making an OSSTMM certified test as well meeting BS7799 best practice requirements. If you worry about privacy legislation in your region then this may just be the help you are looking for in your web presence.
Average customer rating:
|
Assessing trends in access control. (includes related articles on biometrics and site-specific trends)(Cover Story): An article from: Security Management
Michael A. Gips
Manufacturer: American Society for Industrial Security
ProductGroup: Book
Binding: Digital
 Nonfiction
| Subjects
| Books
| Automotive
| Books on CD
| Books on Cassette
| Crime & Criminals
| Current Events
| Economics
| Education
| Foreign Language Nonfiction
| Government
| Holidays
| Law
| Philosophy
| Politics
| Social Sciences
| Transportation
| True Accounts
| Urban Planning & Development
| Women's Studies
General
| Business & Investing
| Subjects
| Books
Network Security
| Networking
| Computers & Internet
| Subjects
| Books
Security
| Business & Culture
| Computers & Internet
| Subjects
| Books
General
| Business & Investing
| Subjects
| e-Docs
| Formats
| Books
Security
| Computers & Internet
| Subjects
| e-Docs
| Formats
| Books
General
| Nonfiction
| HTML
| Formats
| e-Docs
| Formats
| Books
ASIN: B00098B5NY
Release Date: 2005-07-28 |
Book Description
This digital document is an article from Security Management, published by American Society for Industrial Security on September 1, 1998. The length of the article is 5045 words. The page length shown above is based on a typical 300-word page. The article is delivered in HTML format and is available in your Amazon.com Digital Locker immediately after purchase. You can view it with any web browser.
From the supplier: A number of notable trends in electronic access control can be gleaned from interviews with industry experts. Users of access control systems look for interoperability and easy expandability. New products are meeting these requirements and offer innovative ways for security managers to achieve security goals. Systems consolidation is also becoming a norm as security functions are merged with other tasks, such as asset management. Vendors are also entering into merger and acquisition deals to better meet this demand for integration.
Citation Details
Title: Assessing trends in access control. (includes related articles on biometrics and site-specific trends)(Cover Story)
Author: Michael A. Gips
Publication:
Security Management (Refereed)
Date: September 1, 1998
Publisher: American Society for Industrial Security
Volume: v42
Issue: n9
Page: p42(9)
Article Type: Cover Story
Distributed by Thomson Gale
Book Description
Special Ops: Host and Network Security for Microsoft, UNIX, and Oracle provides solutions for the impossible 24-hour IT work day. By now, most companies have hardened their perimeters and locked out the “bad guys,” but what has been done on the inside? Have you considered the damage that could be done by recently laid-off or disgruntled employees, contractors and consultants, building security guards, cleaning staff, and of course the unsecured wireless network?This book attacks the problem of the soft, chewy center in internal networks.
Download Description
We have scoured the security industry selecting elite technical and strategic specialists from around the world to be members of our Special Ops team. Specialists will cover an incredibly broad range of topics in unparalleled detail. We use a two-pronged approach, Tactical and Strategic, to provide readers with a complete guide to internal penetration testing. Each chapter will cover a specific topic, revealing critical vulnerabilities and weaknesses, methodologies for assessment, host review checklists, and baselines for secure builds. Finally, case studies of our Specialists' most challenging operations will provide solutions to the most challenging security vulnerabilities.
Customer Reviews:
Superb, well balanced content.......2003-06-03
It isn't often I come across a book on security that gets so much right. While I think of myself as a subject matter expert on matters of security I was pleased at how much depth this book contained and how many tips I picked up. The SQL and IIS chapters are perhaps the best coveraged of their subject matter I have yet seen.
The coverage is balanced between the various colors of hats people wear and contains masses of recommendations for hardening the various components discussed.
Overall good - great to see focus on internal security.......2003-04-28
There is many hacking books out there right now. Many of these are concerned with external penetration testing, which most non-security professionals are obsessed with - thanks to all the sensationalized hacking stories by the often clueless press.
"Special Ops" discusses the internal threat, which in most cases is more important to the majority of businesses. A simple and straight forward methodology is presented to deal with internal security. Analyze your business, identity your business assets, profile them, group them and prioritize them and then finally secure these assets using the 80/20 pareto principle. This is common sense but great to see that someone has written a book about it.
There are separate chapters covering various platforms (WinX, Unix etc), database & application servers (Exchange, Oracle etc) and web applications. The final chapter discusses the most important topic - security policies. Without a security policy driven by business requirements - there will be no "real" security... The chapters are written by various subject matter experts, which makes the book feel like a collection of white papers. A few chapters are very high level - the books spans a very wide range of topics. Most of the information can be easily found on the internet if you know where to go and look.
One complaint is the pages with code examples. Put code examples on a CD and include the CD with the book. I do not think people are interested in spending time typing in the code examples. This should be supplied with the book on a CD.
To summarize, overall an interesting book, due to the focus on internal testing. Wide area of topics, which makes the content a bit too high level at times. One thought that always strike me is the emphasis on the technology. Technology is only a business tool. It is more important to understand your business, manage your people and physical security before you should worry about the technology. What good is all the network and host security if you can either call your business and social engineer passwords or even worse - just walk into your secure areas uncontested and do whatever I want to do? I guess it is easier to control about deal with the logical aspects and technology than irrational people who never do what they are supposed to,
The CISO or Auditor Survival Guide.......2003-04-03
Yesterday morning I spent the better part of an hour in an interview with a reporter. The topic: "If you were giving advice to a brand new security officer, a CSO, or CISO, about how to avoid being fired in their first year, what would you tell them?" After the interview I started to read Special Ops and if there was any way to go back in time I would have told that reporter, tell them to buy Special Ops and read it at least three times.
I normally classify books into a couple of categories; there are books about things and books that tell you how to do things. Special Ops weighs in at a thousand plus pages and covers Windows XP, 2000, Outlook, Exchange, Unix, Security Policy and much more, yet does not fall neatly into either category. So what category is Special Ops?
Dan Lynch, a founder of the Internet and the founder of Interop once used a term, Bogon filter, years before BGP was invented. Bogon, apparently, was a synonym for blarney if you get my drift. Technical people will tell managers and auditors almost anything because they are pretty sure they can get away with it. The chapters in this book are written by brilliant people; they are packed with useful information. You will not learn enough about securing XP to hang out your shingle, but if you read that chapter a couple times you will certainly be on solid ground to determine if the consultant you are considering hiring to secure your XP systems knows enough to even get near your computer facility. The auditor that invests the time to read this book cover to cover three times should be given a t-shirt that says "Fear me". Special Ops can help you develop a bogon filter better than any other single book I have seen on the marketplace.
Chapter 18, Creating Effective Corporate Security Policies, is one of the most fascinating chapters in the book. Though obviously it covers material that can be found in other places, the authors clearly knows their stuff; it is pure pragmatic advice. The warnings ring true and the links are there.
Though content is the most important ingredient of a technical book and Special Ops is packed with content, layout is also important. The book was happy to lay flat within the first four minutes I was playing with it. The fonts are well chosen and large enough to be readable, the paper is substantial. I do have two complaints regarding layout. After the first reading, it will primarily serve as a reference book, so running a camouflage overprint across half of the table of contents was less than brilliant. The same goes for the silly FAQ stamp on top of the questions. Never intentionally make a book hard to read! On the other hand, summary links for more information and an FAQ for every chapter show a real concern for the needs of the reader. As always, just buying the book and putting it on the shelf will not make your systems and network more secure. I have only met Erik Birkholz twice, but I truly believe that if you come up to him hoping for his autograph he is going to reserve a special word for the person with a copy of Special Ops that is full of sticky notes and scribble in the margins. This author team must have worked very hard to produce something this powerful; drink deep of their knowledge.
Tons of new stuff!.......2003-03-28
I'm not sure what book this guy from Orange, CA was reading, but I found all kinds of new and relevant information in several chapters! The chapter on Terminal Services was especially enlightening. Many new things to consider when rolling this one out to the enterprise! Yikes.
I think the reader from Orange missed the whole point of the book. It wasn't intended to be a catalog of the latest and greatest tools on the market - like the Hacking Exposed series - it looks like it was designed to help internal security staffs think differently about how they secure the critical components of the enterprise. This includes how they write their policies, and consider the human factor in the security equation.
I have personally used the book's content to create focused audit programs and been very successful at doing so.
Please create more books in this series!
Huh?.......2003-03-27
I just finished this book and I found it to be well written, comprehensive, and incredibly informative and up to the minute in terms of the vulnerabilities covered. I specialize in SQL security and I'm not sure if the negative reviewer below actually read this chapter. He complains the SQL chapter: "...mentions nothing about port blocking which is the first thing I would do. UDP Port 1434 really has no purpose and should be blocked..." The following is from page 637 of the SQL chapter in Special Ops: "It cannot be stressed enough just how important it is to either apply this patch [from MS] or block all UDP 1434 inbound to the server." It's a great book and I don't think people should be turned off by incorrect criticsisms.
Books:
- Growing Up Brady : I Was a Teenage Greg
- History: Fiction or Science? (Chronology, No. 1)
- History: Fiction or Science? (Chronology, No. 1)
- Hood and Bismarck
- How I Learned to Cook: Culinary Educations from the World's Greatest Chefs
- How to Watch TV News
- Income Tax Fundamentals, 2007 Edition (Income Tax Fundamentals)
- Life After Television
- Litigation Support Report Writing: Accounting, Finance, and Economic Issues
- Mac OS X Bible, Panther Edition
Books Index
Books Home
Recommended Books
- 1984
- The Bride & Groom First and Forever Cookbook
- History: Fiction or Science
- Molyneux: The Interior Design of Juan Pablo Molyneux
- History: Fiction or Science
- Relationship Fundraising: A Donor Based Approach to the Business of Raising Money
- Sherlock Holmes in New York: The Adventure of the New York Ripper
- Smart Guide: Trim: Step-by-Step Projects
- Italian Country Living
- A Field Guide to Australian Frogs
Alternative Scriptwriting, Fourth Edition: Successfully Breaking the Rules
Writing the Short Film, Third Edition
How to Build a Great Screenplay: A Master Class in Storytelling for Film
Screenplay: The Foundations of Screenwriting
Cinematic Storytelling: The 100 Most Powerful Film Conventions Every Filmmaker Must Know
