IT programming books related reviews
Product: Book Paperback
Title: Google Hacking for Penetration Testers
Publisher: Syngress
Authors: Johnny Long
Rating: 5/5
Title: Google Hacking for Penetration Testers
Publisher: Syngress
Authors: Johnny Long
Rating: 5/5
While Google is a researcher's friend, it is a hacker's dream. The subtitle of Google Hacking for Penetration Testers is "Explore the Dark Side of Googling". The dark side of Google is that far too many networks are insecure with inadequate security and enable unauthorized information to leak into Google. This leakage creates the situation where significant amounts of password files, confidential information, and configuration data and much more are easily available.
After reading Google Hacks: Tips & Tools for Smarter Searching, the real power and potential danger of Google is easily understood. Author Johnny Long details how penetration testers can harvest information that has been crawled by Google. The need for Google to be an integral part of any penetration test is now easily understood.
In a similar manner, when Dan Farmer wrote SATAN in 1995, it was met with significant consternation in that many felt he was wrong to release such a powerful program into the wild. Silicon Graphics, his employer at the time, considered his conduct unprofessional and summarily fired him. Ironically, in 2005, a security administrator can be fired if they don't run a vulnerability scanner akin to SATAN. Running scanning tools is now part of security due diligence and any administrator not running such a tool is careless.
With that, some may think author Johnny Long gives far too much ammunition to those seeking to peruse corporate data, but those were the same mistaken objections to SATAN. The book is not meant to be a crutch for script kiddies, its aim is rather to show how Google can be used to uncover data that most companies would rather remain secured. It is simply a matter of time until such Google searches will be considered due diligence for any basic security endeavor.
The book's 12 chapters show how one can plunder and pillage corporate data via Google. Chapters 1 and 2 provide a basic introduction to Google searching, including building Google queries, URL and operator syntax, search reduction, and more.
Chapters 3 through 10 detail the internals of Google hacking. The avenues of attack are nearly endless and various methods are detailed from traversal techniques, site crawling, tracking down Web server logins, and much more. With the sheer amount of data produced on corporate Web sites, it is hard not to have information leakage. The problem is that Google is the perfect glue to bond those disparate pieces of data together to form a dangerous set of connected data. Google is now gluing isolated data, which is dangerous data when in the wrong hands.
Chapter 11 details what can be done to protect an organization from Google hackers. While author Johnny Long may be a hacker, he is quite mainstream when he writes that the best hardware and software configuration money can buy can't protect computing resources if an effective security policy is not in place. Long observes that a good security policy, when properly enforced, outlines the assets the organization is trying to protect, how the protection mechanisms are installed, the acceptable level of operational risk, and what do to in the event of a compromise or disaster.
Chapter 11 details the use of the robots.txt file, which can be used to block Web crawlers such as Google. The chapter also recommends the use of various tools to secure an internal Web site. Tools from Foundstone are detailed, in addition to Gooscan, a tool created by Long that enables bulk Google searches to determine how much information has leaked.
A decade ago, Google was the type of powerful search tool that was rumored to be used within the NSA. Today, petabytes of data are only a few clicks away on Google, and with the Google API, all of that information can be seamlessly integrated into a few scripts. The challenge companies face is to take security seriously and stop making it easy for their password files, payroll data, and other confidential information to be entered into Google's server farm.
Product: Book Paperback
Title: SQL Server 2000 Web Application Developer's Guide
Publisher: Osborne/McGraw-Hill
Authors: Craig Utley
Rating: 2/5
Title: SQL Server 2000 Web Application Developer's Guide
Publisher: Osborne/McGraw-Hill
Authors: Craig Utley
Rating: 2/5
This book might as well have been called SQL Server 7 or even 6.5.. Practically no informaiton on the new and emerging features of SQL 2000 - mainly XML support. There are plenty of other excellent books that conquered the same territory already, and didn't even need to include "SQL 2000" in the title.
Product: Book Paperback
Title: PHP Pocket Reference, 2nd Edition
Publisher: O'Reilly
Authors: Rasmus Lerdorf
Rating: 3/5
Title: PHP Pocket Reference, 2nd Edition
Publisher: O'Reilly
Authors: Rasmus Lerdorf
Rating: 3/5
.My 1st Edition copy of this book is so well-loved that there is a dirt stripe down the edge of the pages from my flipping through it so often. I bought the 2nd Edition thinking it would be just as good as the first, with the new PHP-4 functions added. The 2nd Edition is just an alphabetical list of functions, while the 1st Edition was categorized by usage-type (string functions, database functions, math functions, etc.). If I needed to find a function that did {foo} to a string, I'd look in the strings section until I found a description for an appropriate function. I can't do this with the 2nd Edition and am seriously considering returning it!If you just need a reference to remind you of parameter order and return-type, get the 2nd Edition. But if you're like me and want to find the correct function to do what you are looking to accomplish, save your money and buy a used copy of the 1st Edition PHP Pocket Reference.
Product: Book Paperback
Title: Microsoft(r) SQL Server(tm) 2000 Analysis Services Step by Step
Publisher: Microsoft Press
Authors: OLAP Train, Reed Jacobson
Rating: 5/5
Title: Microsoft(r) SQL Server(tm) 2000 Analysis Services Step by Step
Publisher: Microsoft Press
Authors: OLAP Train, Reed Jacobson
Rating: 5/5
The book provides an excellent step by step tutorial for the Analysis services. It is good for those who can learn by experiencing with the application. It will not be good for people with no or low knowledge in OLAP.It is written in easy english and full with screen shots that help you read it even if you are not in front of your machine.I recommnd!
Product: Book Paperback
Title: SQL Server 2000 Programming by Example
Publisher: Que
Authors: Carlos Rojas, Fernando Guerrero
Rating: 5/5
Title: SQL Server 2000 Programming by Example
Publisher: Que
Authors: Carlos Rojas, Fernando Guerrero
Rating: 5/5
Although not entirely sufficient as preparation for the SQL Server Design exam, it certainly helped me along that path, and in a much more enjoyable way than many of those dry certification-prep books which assume significant prior knowledge and do little in the way of skill-building. This book is also excellent for non-certification people wanting to learn to program SQL Server. I found it to be authoritative and very readable.
Product: Book Paperback
Title: MCDBA SQL Server 7 Database Design, Study Guide (Exam 70-29)
Publisher: McGraw-Hill Companies Rating: 1/5
Title: MCDBA SQL Server 7 Database Design, Study Guide (Exam 70-29)
Publisher: McGraw-Hill Companies Rating: 1/5
The book only contains simplistic examples and does not provide accurate, working SQL code to see how the complex functions work. As far as MCDBA preparation goes - it isn't. Another example of a book rushed into the Public Domain to catch the unweary....
Product: Book Paperback
Title: Foundation PHP for Flash
Publisher: Friends of Ed
Authors: Steve Webster
Rating: 5/5
Title: Foundation PHP for Flash
Publisher: Friends of Ed
Authors: Steve Webster
Rating: 5/5
Good Book used it as a lecture tool for my Web Developer Class. So it worked great can't say it is an easy read. But has some interesting projects that are very pratical. Not a book for people who like pretty pictures. This is a very code oriented book.
Product: Book Paperback
Title: Oracle SQL*Plus : The Definitive Guide
Publisher: O'Reilly
Authors: Jonathan Gennick
Rating: 5/5
Title: Oracle SQL*Plus : The Definitive Guide
Publisher: O'Reilly
Authors: Jonathan Gennick
Rating: 5/5
I have found this book to be a really great guide that is easy to follow. The author provides a gentle, but thorough introduction to topics like creating reports, writing scripts, customization etc. He offers methodologies and alternatives beyond the syntax that you can find in the manual. For example, he presents and evaluates six ways one can achieve some kind of if-then-else flow control in SQL*Plus.
[...]
Product: Book Paperback
Title: Microsoft SQL Server 2000 Unleashed (2nd Edition)
Publisher: Sams
Authors: Ray Rankins, Paul Jensen, Paul Bertucci
Rating: 1/5
Title: Microsoft SQL Server 2000 Unleashed (2nd Edition)
Publisher: Sams
Authors: Ray Rankins, Paul Jensen, Paul Bertucci
Rating: 1/5
Authors have unnecessarily made the book too big. Hence very, very boring to read. I would recommend Microsoft BooksOnline, which has the topics laid out very well and makes it interesting to read.
Product: Book Paperback
Title: SQL Server The Complete Reference
Publisher: Osborne Publishing
Authors: Gayle Coffman
Rating: 2/5
Title: SQL Server The Complete Reference
Publisher: Osborne Publishing
Authors: Gayle Coffman
Rating: 2/5
I bought this book in the hopes that it would cover the new stuff in 7.0 in some detail, specifically distributed servers. Instead, as all the others have said, it's a rehash of the manual. It's coverage of other topics is almost like a sales pitch instead of a how-to guide.However, if you need a reference in book form, this is it. That bumped it up from one star for me.
