Security

Create a PKI in GoLang

Posted on June 5, 2017

Lately I have been programming quite a bit and - for the first time - I have used Golang doing so. Go is a very nice language and really helped me with the development. One of the reasons why I have enjoyed this much Go is the standard library, which is amazing. I would like to share today the easiness of creating a basic Certificate Authority and signed certificates in Go.

Read More

The Wireshark Field Guide by Robert J. Shimonski (Elsevier)

Posted on April 2, 2014

I usually don’t start with this, but lately I had some time constraints that made me wondering if is right to use so much time reading books. The Wireshark Field Guide Analyzing and Troubleshooting Network Traffic by Robert J. Shimonski is only 149 pages long (if we cut the introduction, indexes, etc. it boils down to 128 pages). This is a really short book and I have really appreciated this fact.

Read More

Practical Anonymity, by Peter Loshin (Elsevier/Syngress)

Posted on May 7, 2013

The anonymity on the web is probably one of the most debated topics on the web. Is possible to be completely anonymous? The short answer is no. This book tries to help the read to improve its anonymity, staying is the “real world”, as the “Practical” world in the title suggests. In this book you will not find anything that is too complex for an average user. Whether this is good or bad, depends on you expectations.

Read More

CompTIA Security+ Training Kit (Exam SY0-301) by David Seidl, Mike Chapple, James Michael Stewart (Microsoft Press)

Posted on April 30, 2013

After few months after the review of CompTIA Security+ Rapid Review, I’m now here to speak about it’s bigger brother: the Training kit. With its 569 pages, this book is more than twice the length of the Rapid Review one. Even if someone can think that they did a better summary in the Rapid Review one, I have to say that this is not the case for these two books. While the Rapid Review allows you to pass the exam if you already know the certification contents and you only need to evaluate your level and to refresh some contents, the Training Kit will teach you the certification contents.

Read More

Hacking Web Apps by Mike Shema (Elsevier/Syngress)

Posted on April 16, 2013

Have you ever thought that the website you are developing or using is secure? Well, this book will make you change your opinion. This book will change your idea of security and therefor you’ll start to see anything as “probably having some security glitch”. Mike Shema speaks about a lot of different kind of attacks in his book in a real deep way, at the point that sometimes I wondered if he was planning to instruct people how to hack websites or only how to secure own websites.

Read More

Wireless Reconnaissance in Penetration Testing by Matthew Neely, Alex Hamerstone, Chris Sanyk (Elsevier/Syngress)

Posted on March 19, 2013

When someone says the word “wireless”, 99.9% of the audience thinks at the Wireless Networking Technologies (802.11 family). Very few think to the Bluetooth. Even fewer people think to all the other technologies that use wireless technology to work, such as cordless phone, guard radios, headsets, wireless camera etc. This book embrace the last point of view. The first chapter provides basic information and motivation for Wireless Profiling. The chapter 2 provides the reader with all the information she needs to be able to understand the wireless technology and it’s usage.

Read More

Metasploit by Mati Aharoni, Devon Kearns, Jim O'Gorman, David Kennedy (No Starch Press)

Posted on March 12, 2013

Metasploit is the most common and complete framework for testing security. Metasploit isĀ an entire suite of tools and methodologies designed for testing the security of computers and networks.

The book is written for both experienced penetration tester and people new to the security field. For the first group, one of the most interesting thing is the explanation of the rules and ideas that formed the Penetration Test Execution Standard, while for users new to the field, is really interesting what can be done and how.One thing that make this book so unique is the fact that is written by four people with really different backgrounds and this help the read to understand different ways to see the security.

Read More