Client-Side Attacks and Defense 1st Edition

Whether you're a developer, network or system administrator, this book has must-know information for I.T. professionals. CSAD includes browser attacks, messaging attacks, application infrastructure vulnerabilities, and even mobile platform risks. Out of all of the texts I've read on Security, this was by far the most eye opening. I love vendor neutral, real-world oriented resources which is exactly what this book is.Other bits...Excellent format, broken up with tips, notes and warnings. Real-world examples are key. vendor neutral / cross-platform reference -- it's honest! Good mix of application level GUI examples with high-level network overview.Put CSAD this on your I.T. bookshelf right now.

I came across this title in the computer section of our local book store. Initially, I was very excited to get a full ten chapters of detailed client-side tactical attacks and defenses.Overall, this work is packed full of very good information that I have not seen in other security publications. Reader be warned, there are quite a few grammatical errors and the writing style is not as refined as I had hoped, but working through this, I was very pleased with the overall content.Chapters 1 and 2 define, and then provide granular dissection of the difference between client-side, server-side and network-side attacks. Specifically, client-side attacks target the operating systems, web browsers, email clients, applications, and scripting languages commonly found on desktops, laptops, tablets, smartphones, and other resource-consuming electronic devices. Obviously, most security professionals are aware of this, but "Client-Side Attacks" tells you the "what" and the "how".Chapters 3 through 8 highlight the industry leading web browsers and email clients, providing an unbiased approach to the strengths and weaknesses found in each of the applications. Furthermore, Oriano and Shimonski provide good detail into the specific attack vectors such as poorly configured security settings, residual data on the client, and poor operational behaviors on the part of the end user. The work introduces and reiterates common threats such as cross-site scripting, malcode, phishing, spamming and the other usual suspects.Chapter 9 delves into Mobile Clients. Surprise... they use many of the same technologies as other endpoints. Complete with applications, browsers, and the associated weaknesses, the authors revisit some of the previously explained attacks and defenses and how they apply to this medium.Chapter 10 outlines the strategic plans necessary to protect the enterprise from client -side attacks. Honestly, this chapter was a bit of a letdown. After working through very detailed vectors that highlight the tactical goals, methods, and mechanisms of attack, I was hoping for more detailed tactical defenses so I could implement some specific changes to my clients.Upon further review, and in defense of the authors, through the first nine chapters as the attacks were explained, multiple defenses were illustrated and explained in detail. I guess it would help to take better notes!I came away from this work with a deeper understanding of common malicious techniques (many of which I was already somewhat familiar with), stronger browser configurations on my laptops, and two very cool tools of which I was previously unaware. Both of which were free!I would recommend reading this book to anyone who has a direct interest in securing their endpoints.

This is a well written book for a beginner to intermediate skill level to follow containing "real" world examples providing resolutions to prevent and resolve attacks. It displays and explains technical analysis, covering the latest developments. This not only pertains to web concepts of browsers, but java/pdf and newer smartphone technology.Excellent guide!