An Ihren Kindle oder ein anderes Gerät senden

 
 
 

Kostenlos testen

Jetzt kostenlos reinlesen

An Ihren Kindle oder ein anderes Gerät senden

Der Artikel ist in folgender Variante leider nicht verfügbar
Keine Abbildung vorhanden für
Farbe:
Keine Abbildung vorhanden

 

Google Hacking for Penetration Testers [Print Replica] [Kindle Edition]

Johnny Long
4.0 von 5 Sternen  Alle Rezensionen anzeigen (4 Kundenrezensionen)

Kindle-Preis: EUR 24,48 Inkl. MwSt. und kostenloser drahtloser Lieferung über Amazon Whispernet

Kostenlose Kindle-Leseanwendung Jeder kann Kindle Bücher lesen  selbst ohne ein Kindle-Gerät  mit der KOSTENFREIEN Kindle App für Smartphones, Tablets und Computer.

Geben Sie Ihre E-Mail-Adresse oder Mobiltelefonnummer ein, um die kostenfreie App zu beziehen.

Weitere Ausgaben

Amazon-Preis Neu ab Gebraucht ab
Kindle Edition EUR 24,48  
Taschenbuch --  


Produktbeschreibungen

Kurzbeschreibung

Google, the most popular search engine worldwide, provides web surfers with an easy-to-use guide to the Internet, with web and image searches, language translation, and a range of features that make web navigation simple enough for even the novice user. What many users don’t realize is that the deceptively simple components that make Google so easy to use are the same features that generously unlock security flaws for the malicious hacker. Vulnerabilities in website security can be discovered through Google hacking, techniques applied to the search engine by computer criminals, identity thieves, and even terrorists to uncover secure information. This book beats Google hackers to the punch, equipping web administrators with penetration testing applications to ensure their site is invulnerable to a hacker’s search.

Penetration Testing with Google Hacks explores the explosive growth of a technique known as "Google Hacking." When the modern security landscape includes such heady topics as "blind SQL injection" and "integer overflows," it's refreshing to see such a deceptively simple tool bent to achieve such amazing results; this is hacking in the purest sense of the word. Readers will learn how to torque Google to detect SQL injection points and login portals, execute port scans and CGI scans, fingerprint web servers, locate incredible information caches such as firewall and IDS logs, password databases, SQL dumps and much more - all without sending a single packet to the target! Borrowing the techniques pioneered by malicious "Google hackers," this talk aims to show security practitioners how to properly protect clients from this often overlooked and dangerous form of information leakage.

*First book about Google targeting IT professionals and security leaks through web browsing.

*Author Johnny Long, the authority on Google hacking, will be speaking about "Google Hacking" at the Black
Hat 2004 Briefing. His presentation on penetrating security flaws with Google is expected to create a lot of buzz and exposure for the topic.

*Johnny Long's Web site hosts the largest repository of Google security exposures and is the most popular destination for security professionals who want to learn about the dark side of Google.

Synopsis

Google, the most popular search engine worldwide, provides web surfers with an easy-to-use guide to the Internet, with web and image searches, language translation, and a range of features that make web navigation simple enough for even the novice user. What many users dont realize is that the deceptively simple components that make Google so easy to use are the same features that generously unlock security flaws for the malicious hacker. Vulnerabilities in website security can be discovered through Google hacking, techniques applied to the search engine by computer criminals, identity thieves, and even terrorists to uncover secure information.This book beats Google hackers to the punch, equipping web administrators with penetration testing applications to ensure their site is invulnerable to a hackers search. "Penetration Testing with Google Hacks" explores the explosive growth of a technique known as "Google Hacking." When the modern security landscape includes such heady topics as "blind SQL injection" and "integer overflows," it's refreshing to see such a deceptively simple tool bent to achieve such amazing results; this is hacking in the purest sense of the word.Readers will learn how to torque Google to detect SQL injection points and login portals, execute port scans and CGI scans, fingerprint web servers, locate incredible information caches such as firewall and IDS logs, password databases, SQL dumps and much more - all without sending a single packet to the target!

Borrowing the techniques pioneered by malicious "Google hackers," this talk aims to show security practitioners how to properly protect clients from this often overlooked and dangerous form of information leakage.This is the first book about Google targeting IT professionals and security leaks through web browsing. Author Johnny Long, the authority on Google hacking, will be speaking about "Google Hacking" at the Black Hat 2004 Briefing. His presentation on penetrating security flaws with Google is expected to create a lot of buzz and exposure for the topic. Johnny Long's Web site hosts the largest repository of Google security exposures and is the most popular destination for security professionals who want to learn about the dark side of Google.


Produktinformation

  • Format: Kindle Edition
  • Dateigröße: 15460 KB
  • Seitenzahl der Print-Ausgabe: 448 Seiten
  • Verlag: Syngress; Auflage: 1 (17. Dezember 2004)
  • Verkauf durch: Amazon Media EU S.à r.l.
  • Sprache: Englisch
  • ASIN: B0089EM5BG
  • Text-to-Speech (Vorlesemodus): Nicht aktiviert
  • X-Ray:
  • Word Wise: Nicht aktiviert
  • Durchschnittliche Kundenbewertung: 4.0 von 5 Sternen  Alle Rezensionen anzeigen (4 Kundenrezensionen)
  • Amazon Bestseller-Rang: #572.850 Bezahlt in Kindle-Shop (Siehe Top 100 Bezahlt in Kindle-Shop)

  •  Ist der Verkauf dieses Produkts für Sie nicht akzeptabel?

Kundenrezensionen

4 Sterne
0
2 Sterne
0
1 Sterne
0
4.0 von 5 Sternen
4.0 von 5 Sternen
Die hilfreichsten Kundenrezensionen
2 von 2 Kunden fanden die folgende Rezension hilfreich
3.0 von 5 Sternen Nice idea, but overloaded 6. August 2005
Format:Taschenbuch|Verifizierter Kauf
The idea is great. Gain deep knowledge about the details of highly efficient Google-search-strings, then lean back and see the what people put on their websites: Excel-sheets with passwords, mail-server logs with tons of adresses etc.
I think the book tells us: be careful! Google sees, finds and caches everything you put on the web, even if you think it will not be found.
What is annoying with the book: sides full of search examples. After you have found your way through the Google search-parameters it definitevly makes no sense to cram the book full with loads of examples. Somehow I think the author had to achieve a minimum number of pages...? With regards to that, the price of the book seems high. You may visit the authors homepage to see the examples there (and much more actual searches as well).
War diese Rezension für Sie hilfreich?
1 von 1 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen Google einmal anders 31. Mai 2006
Format:Taschenbuch
Das Buch "Google Hacking for Penetration Testers" erfüllt genau den versprochenen Rahmen: Es zeigt, wie Penetration Tester durch Suchanfragen bei Google interessante und sicherheitsrelevante Ergebnisse bzgl. ihres Ziels ermitteln können.

Für Nicht-Penetration-Tester sind die generellen Beschreibungen zur Nutzung der Google Search Engine sicher auch von Interesse, allerdings muss man sich dafür nicht unbedingt ein Buch dieser Preisklasse leisten.

Einsteiger im Bereich Penetration Testing finden in diesem Buch zwingend notwendiges Wissen, das zum kleinen 1x1 eines PenTesters gehören sollte. Aber auch Profis können hier noch den einen oder anderen Trick lernen.

Das Buch wird hervorragend ergänzt durch die Website des Autors, hier findet man eine durch die Community gut gepflegte Datenbank verschiedenster Google Suchmuster.
War diese Rezension für Sie hilfreich?
2 von 3 Kunden fanden die folgende Rezension hilfreich
3.0 von 5 Sternen Holt mich nicht von den Socken 15. Juli 2005
Von Ein Kunde
Format:Taschenbuch
Der Schwerpunkt dieses Buches sind die vielen ausführlichen Beispiele. Durch sie kann das Buch aber meiner Meinung nach nicht fehlenden inhaltichen Punkte ausgleichen. Im Grunde werden nur die Google-Funktionen ausführlich beleuchtet, welche man auch auf der Google-Homepage nachlesen kann. Mit den Beispielen wird das Buch dann eine unterhaltende Lektüre, mehr aber auch nicht.
Fazit: Für Voyeure vielleicht interessant, aber um sich zum Thema Sicherheit weiterzubilden absolut ungeeignet.
War diese Rezension für Sie hilfreich?
1 von 2 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen Das Google Buch schlecht hin 24. Januar 2005
Von Ein Kunde
Format:Taschenbuch
Dass Google im Netz nahezu jede Information findet ist mittlerweile jedem bekannt, aber was man dieser Suchmaschine mit den AdvancedOperators herausholen kann ist den meisten unbekannt. Dem "Google Hacker" eröffnen sich allerdings neue Horizonte - ganz gleich ob Intranets, Passworte oder Kreditkarten.
Mit Beispielen und Zusammenfassungen am Ende jedes Kapitels erzeugt Johnny Long immer wieder "Aha!-Effekte"
Vom sicherheitstechnischen Standpunkt aus ist dieses Buch ein absolutes Muss, da jeder Sicherheitsbeauftragte über die von Google ausgehenden Gefahr im Bilde sein sollte. Für den "Durchschnittsnutzer" ist dieses Buch aber definitiv nicht zu empfehlen. Der interessierte Nutzer, der sich internsiver mit Google beschäftigen möchte findet hier die richtige Lektüre. Ein absolutes Top-Buch.
Von mir deshalb 5 Sterne!
War diese Rezension für Sie hilfreich?
Die hilfreichsten Kundenrezensionen auf Amazon.com (beta)
Amazon.com: 4.4 von 5 Sternen  23 Rezensionen
53 von 55 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen Indispensable reference for the dark side of Google searches 29. März 2005
Von Ben Rothke - Veröffentlicht auf Amazon.com
Format:Taschenbuch
While Google is a researcher's friend, it is a hacker's dream. The subtitle of Google Hacking for Penetration Testers is "Explore the Dark Side of Googling". The dark side of Google is that far too many networks are insecure with inadequate security and enable unauthorized information to leak into Google. This leakage creates the situation where significant amounts of password files, confidential information, and configuration data and much more are easily available.

After reading Google Hacks: Tips & Tools for Smarter Searching, the real power and potential danger of Google is easily understood. Author Johnny Long details how penetration testers can harvest information that has been crawled by Google. The need for Google to be an integral part of any penetration test is now easily understood.

In a similar manner, when Dan Farmer wrote SATAN in 1995, it was met with significant consternation in that many felt he was wrong to release such a powerful program into the wild. Silicon Graphics, his employer at the time, considered his conduct unprofessional and summarily fired him. Ironically, in 2005, a security administrator can be fired if they don't run a vulnerability scanner akin to SATAN. Running scanning tools is now part of security due diligence and any administrator not running such a tool is careless.

With that, some may think author Johnny Long gives far too much ammunition to those seeking to peruse corporate data, but those were the same mistaken objections to SATAN. The book is not meant to be a crutch for script kiddies, its aim is rather to show how Google can be used to uncover data that most companies would rather remain secured. It is simply a matter of time until such Google searches will be considered due diligence for any basic security endeavor.

The book's 12 chapters show how one can plunder and pillage corporate data via Google. Chapters 1 and 2 provide a basic introduction to Google searching, including building Google queries, URL and operator syntax, search reduction, and more.

Chapters 3 through 10 detail the internals of Google hacking. The avenues of attack are nearly endless and various methods are detailed from traversal techniques, site crawling, tracking down Web server logins, and much more. With the sheer amount of data produced on corporate Web sites, it is hard not to have information leakage. The problem is that Google is the perfect glue to bond those disparate pieces of data together to form a dangerous set of connected data. Google is now gluing isolated data, which is dangerous data when in the wrong hands.

Chapter 11 details what can be done to protect an organization from Google hackers. While author Johnny Long may be a hacker, he is quite mainstream when he writes that the best hardware and software configuration money can buy can't protect computing resources if an effective security policy is not in place. Long observes that a good security policy, when properly enforced, outlines the assets the organization is trying to protect, how the protection mechanisms are installed, the acceptable level of operational risk, and what do to in the event of a compromise or disaster.

Chapter 11 details the use of the robots.txt file, which can be used to block Web crawlers such as Google. The chapter also recommends the use of various tools to secure an internal Web site. Tools from Foundstone are detailed, in addition to Gooscan, a tool created by Long that enables bulk Google searches to determine how much information has leaked.

A decade ago, Google was the type of powerful search tool that was rumored to be used within the NSA. Today, petabytes of data are only a few clicks away on Google, and with the Google API, all of that information can be seamlessly integrated into a few scripts. The challenge companies face is to take security seriously and stop making it easy for their password files, payroll data, and other confidential information to be entered into Google's server farm.
23 von 23 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen The reference to the good, bad and ugly of Googling 11. April 2005
Von Eric Barna - Veröffentlicht auf Amazon.com
Format:Taschenbuch
An excellent book dedicated to a seemingly narrow topic. Googling is mainstream, I can't think of one person that has traveled the internet that hasn't stopped by Google.com at least once in their surfing career. Unfortunately, there are hackers that spend a lot of time on Google!

If you are responsible for securing your employer's network you can not be without this indispensable reference. For less than $50 you could save your company from exposing information that can be readily used by hackers to obtain your most prized data.

Chapters 1-2 provide you with the basics of Googling. There isn't much more information than you can get from Google's website, but Johnny does a great job of explaining the basics of Google.

Chapters 3-10 are the meat of the book. While I've used Google extensively in performing penetration tests before reading this book I've learned many new techniques to dig deeper in less amount of time.

Chapter 11 explains how you can secure your systems from hackers using Google to gather information about your company. The chapter also introduces tools such as Gooscan. It also details methods Google has in place to remove information you'd rather not have the public see.

Chapter 12 discusses automating your Google searches with the Google API. A basic understanding of computer programming is required.

The book concludes with two appendices which will help you in developing a good strategy for security testing and securing your website.

The author's writing style is straightforward and easy to read. Reading and absorbing this book is like taking a master's level course in the art of information enumeration. Highly recommended for anyone administering networks connected to the Internet.
25 von 28 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen Great for stimulating ideas ......... 3. April 2005
Von Stuart Gardner - Veröffentlicht auf Amazon.com
Format:Taschenbuch|Verifizierter Kauf
I am involved in penetration testing on an occasional basis (my principal role is audit management, my principal interest is systems auditing), per other reviews this is an excellent resource for anyone planning or executing tests.

I have used google with simplistic searches and obtained good results (e.g. pictures of site being tested, too much detail in job postings ...). This book is an excelent source of ideas and techniques, for both social engineering, and more technical tests.

It has also made me consider what the google desktop search tool could be used for, when run on key servers in internal nets.

Authors writing style is very easy to read yet packed with valuable information.

This book is likely to be of significant value to forensic investigators and for those with an interest in competitive intelligence.
12 von 12 Kunden fanden die folgende Rezension hilfreich
4.0 von 5 Sternen Best-of-class book at using the power of Google! 25. Februar 2006
Von Sean E. Connelly - Veröffentlicht auf Amazon.com
Format:Taschenbuch
Syngress's "Google Hacking for Penetration Testers" (GHPT) by Johnny Long demonstrates to average Joes the power of Google. The author is the authority on how to use Google to recon an intended target. Considering the narrow focus of the subject, the book is able to thoroughly dissect the various tools and weapons Google offers. Certainly, this book is not admitting anything not already known in the hacking world, but the books does provide a valuable asset as a one-stop-shop at using Google.

First and foremost, before scouting a target, you must cover your tracks. GHPT first focuses on anonymity (I was particularly impressed with using Google as a proxy server on page 95). After masking yourself, the book focuses on network mapping, and locating exploitable targets. The book then offers 10 searches to find oodles of information that website owners probably don't want you to have. One chapter is devoted to tips to hunt usernames and passwords. Chapter 12, on automating Google Searches, was particularly valuable to me as I'm an extreme novice at scripting.

The book is written in a very simple, plain-spoken (or, more correctly, plain-written) style. While this book should not be the first book on one's security shelf, the subject cannot be any better defined than this book.

I give this book 4 pings out of 5:

!!!.!
21 von 24 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen A True Eye Opener 26. Januar 2005
Von Stephen Northcutt - Veröffentlicht auf Amazon.com
Format:Taschenbuch|Verifizierter Kauf
I have been using this book for three weeks. Every time Google Hacking gets further than three feet from my keyboard, I get up, find it, put it back by my side. I first used the "recipies" in the book to locate intellectual property violations of SANS material. Next, I went on a digital painting campaign and created over 150 images and used the book to help me find the raw source material. Most recently, I have used the optimized searches the book shows one how to do to help with a research project.

Buy the book, try the searches, learn what is possible. It wouldn't hurt to use the book for its intended purpose as well, to see what information about you, about your organization is exposed on the Internet.
Waren diese Rezensionen hilfreich?   Wir wollen von Ihnen hören.
Kundenrezensionen suchen
Nur in den Rezensionen zu diesem Produkt suchen

Kunden diskutieren

Das Forum zu diesem Produkt
Diskussion Antworten Jüngster Beitrag
Noch keine Diskussionen

Fragen stellen, Meinungen austauschen, Einblicke gewinnen
Neue Diskussion starten
Thema:
Erster Beitrag:
Eingabe des Log-ins
 

Kundendiskussionen durchsuchen
Alle Amazon-Diskussionen durchsuchen
   


Ähnliche Artikel finden