- Paperback: 448 pages
- Publisher: Syngress; illustrated edition edition (17 Dec 2004)
- Language English
- ISBN-10: 1931836361
- ISBN-13: 978-1931836364
- Product Dimensions: 22.6 x 17.8 x 4.3 cm
- Average Customer Review: 5.0 out of 5 stars See all reviews (1 customer review)
- Amazon Bestsellers Rank: 488,726 in Books (See Top 100 in Books)
 Trade In this Item for up to £8.10
Get an extra £5 when you trade in books worth £10 or more until June 30, 2012. Trade in Google Hacking for Penetration Testers for an Amazon.co.uk gift card of up to £8.10, which you can then spend on millions of items across the site. Trade-in values may vary (terms apply). Find more products eligible for trade-in.
|
|
There is a newer edition of this item:
|
Product details |
Product Description
Product Description
Google, the most popular search engine worldwide, provides web surfers with an easy-to-use guide to the Internet, with web and image searches, language translation, and a range of features that make web navigation simple enough for even the novice user. What many users don't realize is that the deceptively simple components that make Google so easy to use are the same features that generously unlock security flaws for the malicious hacker. Vulnerabilities in website security can be discovered through Google hacking, techniques applied to the search engine by computer criminals, identity thieves, and even terrorists to uncover secure information. This book beats Google hackers to the punch, equipping web administrators with penetration testing applications to ensure their site is invulnerable to a hacker's search.
Penetration Testing with Google Hacks explores the explosive growth of a technique known as "Google Hacking." When the modern security landscape includes such heady topics as "blind SQL injection" and "integer overflows," it's refreshing to see such a deceptively simple tool bent to achieve such amazing results; this is hacking in the purest sense of the word. Readers will learn how to torque Google to detect SQL injection points and login portals, execute port scans and CGI scans, fingerprint web servers, locate incredible information caches such as firewall and IDS logs, password databases, SQL dumps and much more - all without sending a single packet to the target! Borrowing the techniques pioneered by malicious "Google hackers," this talk aims to show security practitioners how to properly protect clients from this often overlooked and dangerous form of information leakage.
*First book about Google targeting IT professionals and security leaks through web browsing.
*Author Johnny Long, the authority on Google hacking, will be speaking about "Google Hacking" at the Black
Hat 2004 Briefing. His presentation on penetrating security flaws with Google is expected to create a lot of buzz and exposure for the topic.
*Johnny Long's Web site hosts the largest repository of Google security exposures and is the most popular destination for security professionals who want to learn about the dark side of Google.
Penetration Testing with Google Hacks explores the explosive growth of a technique known as "Google Hacking." When the modern security landscape includes such heady topics as "blind SQL injection" and "integer overflows," it's refreshing to see such a deceptively simple tool bent to achieve such amazing results; this is hacking in the purest sense of the word. Readers will learn how to torque Google to detect SQL injection points and login portals, execute port scans and CGI scans, fingerprint web servers, locate incredible information caches such as firewall and IDS logs, password databases, SQL dumps and much more - all without sending a single packet to the target! Borrowing the techniques pioneered by malicious "Google hackers," this talk aims to show security practitioners how to properly protect clients from this often overlooked and dangerous form of information leakage.
*First book about Google targeting IT professionals and security leaks through web browsing.
*Author Johnny Long, the authority on Google hacking, will be speaking about "Google Hacking" at the Black
Hat 2004 Briefing. His presentation on penetrating security flaws with Google is expected to create a lot of buzz and exposure for the topic.
*Johnny Long's Web site hosts the largest repository of Google security exposures and is the most popular destination for security professionals who want to learn about the dark side of Google.
About the Author
Johnny Long is a Christian by grace, a professional hacker by trade, a pirate by blood, a ninja in training, a security researcher and author. He can be found lurking at his website (http://johnny.ihackstuff.com). He is the founder of Hackers For Charity(http://ihackcharities.org), an organization that provides hackers with job experience while leveraging their skills for charities that need those skills.
Inside This Book
(Learn More)
Front Cover | Copyright | Table of Contents | Excerpt | Index
Explore More
Concordance
Browse Sample PagesConcordance
Front Cover | Copyright | Table of Contents | Excerpt | Index
Tags Customers Associate with This Product(What's this?)Click on a tag to find related items, discussions, and people.
|
Sell a Digital Version of This Book in the Kindle Store
If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store.
Learn more
What Other Items Do Customers Buy After Viewing This Item?
Customer Reviews
Most Helpful Customer Reviews
15 of 15 people found the following review helpful
This is one of the few books, that even though it's a security related book, it is also an amazing reference guide for Google. I have given this book to people who don't even work in the security arena, just so that they can learn how to use Google to it's fullest potential.
As far as a security book, this book really does show you how to use Google as a penetration testers tool, and how you really could end up doing most of your enumeration through Google alone, completely avoiding other tools altogether if you had to.
I'd happily recommend this book to anyone!
Most Helpful Customer Reviews on Amazon.com (beta)
Amazon.com:
23 reviews
52 of 54 people found the following review helpful
Indispensable reference for the dark side of Google searches
29 Mar 2005
While Google is a researcher's friend, it is a hacker's dream. The subtitle of Google Hacking for Penetration Testers is "Explore the Dark Side of Googling". The dark side of Google is that far too many networks are insecure with inadequate security and enable unauthorized information to leak into Google. This leakage creates the situation where significant amounts of password files, confidential information, and configuration data and much more are easily available.
After reading Google Hacks: Tips & Tools for Smarter Searching, the real power and potential danger of Google is easily understood. Author Johnny Long details how penetration testers can harvest information that has been crawled by Google. The need for Google to be an integral part of any penetration test is now easily understood.
In a similar manner, when Dan Farmer wrote SATAN in 1995, it was met with significant consternation in that many felt he was wrong to release such a powerful program into the wild. Silicon Graphics, his employer at the time, considered his conduct unprofessional and summarily fired him. Ironically, in 2005, a security administrator can be fired if they don't run a vulnerability scanner akin to SATAN. Running scanning tools is now part of security due diligence and any administrator not running such a tool is careless.
With that, some may think author Johnny Long gives far too much ammunition to those seeking to peruse corporate data, but those were the same mistaken objections to SATAN. The book is not meant to be a crutch for script kiddies, its aim is rather to show how Google can be used to uncover data that most companies would rather remain secured. It is simply a matter of time until such Google searches will be considered due diligence for any basic security endeavor.
The book's 12 chapters show how one can plunder and pillage corporate data via Google. Chapters 1 and 2 provide a basic introduction to Google searching, including building Google queries, URL and operator syntax, search reduction, and more.
Chapters 3 through 10 detail the internals of Google hacking. The avenues of attack are nearly endless and various methods are detailed from traversal techniques, site crawling, tracking down Web server logins, and much more. With the sheer amount of data produced on corporate Web sites, it is hard not to have information leakage. The problem is that Google is the perfect glue to bond those disparate pieces of data together to form a dangerous set of connected data. Google is now gluing isolated data, which is dangerous data when in the wrong hands.
Chapter 11 details what can be done to protect an organization from Google hackers. While author Johnny Long may be a hacker, he is quite mainstream when he writes that the best hardware and software configuration money can buy can't protect computing resources if an effective security policy is not in place. Long observes that a good security policy, when properly enforced, outlines the assets the organization is trying to protect, how the protection mechanisms are installed, the acceptable level of operational risk, and what do to in the event of a compromise or disaster.
Chapter 11 details the use of the robots.txt file, which can be used to block Web crawlers such as Google. The chapter also recommends the use of various tools to secure an internal Web site. Tools from Foundstone are detailed, in addition to Gooscan, a tool created by Long that enables bulk Google searches to determine how much information has leaked.
A decade ago, Google was the type of powerful search tool that was rumored to be used within the NSA. Today, petabytes of data are only a few clicks away on Google, and with the Google API, all of that information can be seamlessly integrated into a few scripts. The challenge companies face is to take security seriously and stop making it easy for their password files, payroll data, and other confidential information to be entered into Google's server farm.
After reading Google Hacks: Tips & Tools for Smarter Searching, the real power and potential danger of Google is easily understood. Author Johnny Long details how penetration testers can harvest information that has been crawled by Google. The need for Google to be an integral part of any penetration test is now easily understood.
In a similar manner, when Dan Farmer wrote SATAN in 1995, it was met with significant consternation in that many felt he was wrong to release such a powerful program into the wild. Silicon Graphics, his employer at the time, considered his conduct unprofessional and summarily fired him. Ironically, in 2005, a security administrator can be fired if they don't run a vulnerability scanner akin to SATAN. Running scanning tools is now part of security due diligence and any administrator not running such a tool is careless.
With that, some may think author Johnny Long gives far too much ammunition to those seeking to peruse corporate data, but those were the same mistaken objections to SATAN. The book is not meant to be a crutch for script kiddies, its aim is rather to show how Google can be used to uncover data that most companies would rather remain secured. It is simply a matter of time until such Google searches will be considered due diligence for any basic security endeavor.
The book's 12 chapters show how one can plunder and pillage corporate data via Google. Chapters 1 and 2 provide a basic introduction to Google searching, including building Google queries, URL and operator syntax, search reduction, and more.
Chapters 3 through 10 detail the internals of Google hacking. The avenues of attack are nearly endless and various methods are detailed from traversal techniques, site crawling, tracking down Web server logins, and much more. With the sheer amount of data produced on corporate Web sites, it is hard not to have information leakage. The problem is that Google is the perfect glue to bond those disparate pieces of data together to form a dangerous set of connected data. Google is now gluing isolated data, which is dangerous data when in the wrong hands.
Chapter 11 details what can be done to protect an organization from Google hackers. While author Johnny Long may be a hacker, he is quite mainstream when he writes that the best hardware and software configuration money can buy can't protect computing resources if an effective security policy is not in place. Long observes that a good security policy, when properly enforced, outlines the assets the organization is trying to protect, how the protection mechanisms are installed, the acceptable level of operational risk, and what do to in the event of a compromise or disaster.
Chapter 11 details the use of the robots.txt file, which can be used to block Web crawlers such as Google. The chapter also recommends the use of various tools to secure an internal Web site. Tools from Foundstone are detailed, in addition to Gooscan, a tool created by Long that enables bulk Google searches to determine how much information has leaked.
A decade ago, Google was the type of powerful search tool that was rumored to be used within the NSA. Today, petabytes of data are only a few clicks away on Google, and with the Google API, all of that information can be seamlessly integrated into a few scripts. The challenge companies face is to take security seriously and stop making it easy for their password files, payroll data, and other confidential information to be entered into Google's server farm.
23 of 23 people found the following review helpful
The reference to the good, bad and ugly of Googling
11 April 2005
An excellent book dedicated to a seemingly narrow topic. Googling is mainstream, I can't think of one person that has traveled the internet that hasn't stopped by Google.com at least once in their surfing career. Unfortunately, there are hackers that spend a lot of time on Google!
If you are responsible for securing your employer's network you can not be without this indispensable reference. For less than $50 you could save your company from exposing information that can be readily used by hackers to obtain your most prized data.
Chapters 1-2 provide you with the basics of Googling. There isn't much more information than you can get from Google's website, but Johnny does a great job of explaining the basics of Google.
Chapters 3-10 are the meat of the book. While I've used Google extensively in performing penetration tests before reading this book I've learned many new techniques to dig deeper in less amount of time.
Chapter 11 explains how you can secure your systems from hackers using Google to gather information about your company. The chapter also introduces tools such as Gooscan. It also details methods Google has in place to remove information you'd rather not have the public see.
Chapter 12 discusses automating your Google searches with the Google API. A basic understanding of computer programming is required.
The book concludes with two appendices which will help you in developing a good strategy for security testing and securing your website.
The author's writing style is straightforward and easy to read. Reading and absorbing this book is like taking a master's level course in the art of information enumeration. Highly recommended for anyone administering networks connected to the Internet.
If you are responsible for securing your employer's network you can not be without this indispensable reference. For less than $50 you could save your company from exposing information that can be readily used by hackers to obtain your most prized data.
Chapters 1-2 provide you with the basics of Googling. There isn't much more information than you can get from Google's website, but Johnny does a great job of explaining the basics of Google.
Chapters 3-10 are the meat of the book. While I've used Google extensively in performing penetration tests before reading this book I've learned many new techniques to dig deeper in less amount of time.
Chapter 11 explains how you can secure your systems from hackers using Google to gather information about your company. The chapter also introduces tools such as Gooscan. It also details methods Google has in place to remove information you'd rather not have the public see.
Chapter 12 discusses automating your Google searches with the Google API. A basic understanding of computer programming is required.
The book concludes with two appendices which will help you in developing a good strategy for security testing and securing your website.
The author's writing style is straightforward and easy to read. Reading and absorbing this book is like taking a master's level course in the art of information enumeration. Highly recommended for anyone administering networks connected to the Internet.
25 of 28 people found the following review helpful
Great for stimulating ideas .........
3 April 2005
Amazon Verified Purchase
I am involved in penetration testing on an occasional basis (my principal role is audit management, my principal interest is systems auditing), per other reviews this is an excellent resource for anyone planning or executing tests.
I have used google with simplistic searches and obtained good results (e.g. pictures of site being tested, too much detail in job postings ...). This book is an excelent source of ideas and techniques, for both social engineering, and more technical tests.
It has also made me consider what the google desktop search tool could be used for, when run on key servers in internal nets.
Authors writing style is very easy to read yet packed with valuable information.
This book is likely to be of significant value to forensic investigators and for those with an interest in competitive intelligence.
I have used google with simplistic searches and obtained good results (e.g. pictures of site being tested, too much detail in job postings ...). This book is an excelent source of ideas and techniques, for both social engineering, and more technical tests.
It has also made me consider what the google desktop search tool could be used for, when run on key servers in internal nets.
Authors writing style is very easy to read yet packed with valuable information.
This book is likely to be of significant value to forensic investigators and for those with an interest in competitive intelligence.
Were these reviews helpful?
Let us know
Listmania!
Look for similar items by category
Look for similar items by subject
Feedback
- Would you like to update product info or give feedback on images?
- I am the Author, and I want to comment on my book.
- I am the Publisher, and I want to comment on this book.
