COVID-19 Update: We are currently shipping orders daily. However, due to transit disruptions in some geographies, deliveries may be delayed. To provide all customers with timely access to content, we are offering 50% off Science and Technology Print & eBook bundle options. Terms & conditions.
InfoSecurity 2008 Threat Analysis - 1st Edition - ISBN: 9781597492249, 9780080558691

InfoSecurity 2008 Threat Analysis

1st Edition

Authors: Craig Schiller Seth Fogie Colby DeRodeff Michael Gregg
Paperback ISBN: 9781597492249
eBook ISBN: 9780080558691
Imprint: Syngress
Published Date: 29th October 2007
Page Count: 480
Sales tax will be calculated at check-out Price includes VAT/GST
Price includes VAT/GST

Institutional Subscription

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.


An all-star cast of authors analyze the top IT security threats for 2008 as selected by the editors and readers of Infosecurity Magazine. This book, compiled from the Syngress Security Library, is an essential reference for any IT professional managing enterprise security. It serves as an early warning system, allowing readers to assess vulnerabilities, design protection schemes and plan for disaster recovery should an attack occur. Topics include Botnets, Cross Site Scripting Attacks, Social Engineering, Physical and Logical Convergence, Payment Card Industry (PCI) Data Security Standards (DSS), Voice over IP (VoIP), and Asterisk Hacking.

Each threat is fully defined, likely vulnerabilities are identified, and detection and prevention strategies are considered. Wherever possible, real-world examples are used to illustrate the threats and tools for specific solutions.

Key Features

  • Provides IT Security Professionals with a first look at likely new threats to their enterprise
  • Includes real-world examples of system intrusions and compromised data
  • Provides techniques and strategies to detect, prevent, and recover
  • Includes coverage of PCI, VoIP, XSS, Asterisk, Social Engineering, Botnets, and Convergence


  • Co-branded Syngress and Infosecurity Magazine and featuring best of breed writers from both
  • Featured placement on, ads in Infosecurity print magazine (25K circ, 10K in U.S.), and in e-newsletter (15K circ)
  • Featured at Infosecurity booth at high traffic shows such as Infosecurity US, Infosecurity Canada, and Infosecurity Europe

Table of Contents


Part I: Botnets

Chapter 1 Botnets: A Call to Action


The Killer Web App

How Big is the Problem?

The Industry Responds


Solutions Fast Track

Frequently Asked Questions

Chapter 2 Botnets Overview

What is a Botnet?

The Botnet Life Cycle

What Does a Botnet Do?

Botnet Economic


Solutions Fast Track

Frequently Asked Questions

Part II Cross Site Scripting Attacks

Chapter 3 Cross-site Scripting Fundamentals


Web Application Security

XML and AJAX Introduction


Solutions Fast Track

Frequently Asked Questions

Chapter 4 XSS Theory


Getting XSS'ed

DOM-based XSS in Detail



Flash, QuickTime, PDF, Oh My

HTTP Response Injection

Source vs. DHTML Reality

Bypassing XSS Length Limitations

XSS Filter Evasion


Solutions Fast Track

Frequently Asked Questions

Chapter 5 XSS Attack Methods


History Stealing

Intranet Hacking

XSS Defacements


Solutions Fast Track

Frequently Asked Questions


Part III Physical and Logical Security Convergence

Chapter 6 Protecting Critical

Infrastructure: Process Control and SCADA


Technology Background: Process Control Systems

Why Convergence?

Threats and Challenges


Chapter 7 Final Thought


Final Thoughts from William Crower

Final Thoughts from Dan Dunkel

Final Thoughts from Brian Contos

Final Thoughts from Colby DeRodeoff

Part IV PCI Compliance

Chapter 8 Why PCi is Important


What is PCI?

Overview of PCI Requirements

Risks and Consequences

Benefits of Compliance


Solutions Fast Track

Frequently Asked Questions

Chapter 9 Protect Cardholder Data

Protecting Cardholder Data

PCI Requirement 3: Protect Stored Cardholder Data

PCI Requirement 4~Encrypt Transmission of Cardholder Data Across Open, Public Networks

Using Compensating Controls

Mapping Out a Strategy

The Absolute Essentials


Solutions Fast Track

Frequently Asked Questions

Part V Asterisk and VolP Hacking

Chapter 10 Understanding and Taking Advantage of VolP Protocols


Your Voice to Data

Making Your Voice Smaller


Solutions Fast Track

Frequently Asked Questions

Chapter 11 Asterisk Hardware Ninjutsu





Fun with Dialing

Legalities and Tips


Solutions Fast Track

Frequently Asked Questions

Part VI Hack the Stack

Chapter 12 Social Engineering


Attacking the People Layer

Defending the People Layer

Making the Case for Stronger Security

People Layer Security Project


Solutions Fast Track

Frequently Asked Questions



No. of pages:
© Syngress 2008
29th October 2007
Paperback ISBN:
eBook ISBN:

About the Authors

Craig Schiller

Craig A Schiller (CISSP-ISSMP, ISSAP) is the CISO for Portland State University and President of Hawkeye Security Training, LLC. He is the primary author of the first Generally Accepted System Security Principles. He is a co-author of “Combating Spyware in the Enterprise” and “Winternals” from Syngress, several editions of the Handbook of Information Security Management, and a contributing author to Data Security Management. Mr. Schiller has co-founded two ISSA chapters, the Central Plains chapter and the Texas Gulf Coast Chapter.

Affiliations and Expertise

CISO for Portland State University and President of Hawkeye Security Training, LLC

Seth Fogie

Seth Fogie is the VP of Dallas-based Airscanner Corporation where he oversees the development of security software for the Window Mobile (Pocket PC) platform. He has co-authored numerous technical books on information security, including the top selling "Maximum Wireless Security" from SAMS, and "Security Warrior" from O'Reilly. Seth frequently speaks at IT and security conferences/seminars, including Black Hat, Defcon, CSI, and Dallascon. In addition, Seth has co-authored the HIPAA medical education course for the Texas Medical Associate and is acting Site Host for Security at the "" website where he writes articles and reviews/manages weekly information security related books and articles

Affiliations and Expertise

Vice President, Airscanner, Dallas, TX, USA

Colby DeRodeff

Colby DeRodeff, GCIA, GCNA; Manager, Technical Marketing, ArcSight, has spent nearly a decade working with global organizations guiding best practices and empowering the use of ArcSight products across all business verticals including government, finance and healthcare. In this capacity he has been exposed to countless security and organizational challenges giving him a unique perspective on today’s information security challenges.

Recognized as an expert in the field of IT security, Colby’s primary areas of focus are insider threat, the convergence of physical and logical security, as well as enterprise security and information management. As the leader of ArcSight’s Technical Marketing team, Colby drives content for customers to more easily identify and solve complex real-world issues. He has helped ArcSight grow from the earliest days as a sales consultant and implementation engineer, to joining the development organization where he was one of the founders of ArcSight’s Strategic Application Solutions team delivering content solutions to solve real world problems such as compliance and insider threat.

Colby has held several consulting positions at companies; such as Veritas where he was responsible for deploying their global IDS infrastructure and ThinkLink Inc, where he maintained an enterprise VoIP network.

Colby attended San Francisco State University and holds both the SANS Intrusion Analyst (GCIA) and Network Auditor (GCNA) certifications

Affiliations and Expertise

GCIA, GCNA Manager, Technical Marketing, ArcSight, Inc., CA

Michael Gregg

Michael Gregg is the President of Superior Solutions, Inc. and has more than 20 years' experience in the IT field. He holds two associate’s degrees, a bachelor’s degree, and a master’s degree and is certified as CISSP, MCSE, MCT, CTT+, A+, N+, Security+, CNA, CCNA, CIW Security Analyst, CCE, CEH, CHFI, CEI, DCNP, ES Dragon IDS, ES Advanced Dragon IDS, and TICSA. Michael's primary duty is to serve as project lead for security assessments, helping businesses and state agencies secure their IT resources and assets. Michael has authored four books, including Inside Network Security Assessment, CISSP Prep Questions, CISSP Exam Cram2, and Certified Ethical Hacker Exam Prep2. He has developed four high-level security classes, including Global Knowledge's Advanced Security Boot Camp, Intense School's Professional Hacking Lab Guide, ASPE's Network Security Essentials, and Assessing Network Vulnerabilities. He has written over 50 articles featured in magazines and Web sites, including Certification Magazine, GoCertify, The El Paso Times, and SearchSecurity. Michael is also a faculty member of Villanova University and creator of Villanova's college-level security classes, including Essentials of IS Security, Mastering IS Security, and Advanced Security Management. He also serves as a site expert for four TechTarget sites, including SearchNetworking, SearchSecurity, SearchMobileNetworking, and SearchSmallBiz. He is a member of the TechTarget Editorial Board.

Affiliations and Expertise

President, Superior Solutions, Inc.

Ratings and Reviews