Google Hacking: For Penetration Tester

Front Cover
Syngress Press [Imprint], 2005 - Computers - 502 pages
20 Reviews
Google, the most popular search engine worldwide, provides web surfers with an easy-to-use guide to the Internet, with web and image searches, language translation, and a range of features that make web navigation simple enough for even the novice user. What many users dont realize is that the deceptively simple components that make Google so easy to use are the same features that generously unlock security flaws for the malicious hacker. Vulnerabilities in website security can be discovered through Google hacking, techniques applied to the search engine by computer criminals, identity thieves, and even terrorists to uncover secure information. This book beats Google hackers to the punch, equipping web administrators with penetration testing applications to ensure their site is invulnerable to a hackers search. Penetration Testing with Google Hacks explores the explosive growth of a technique known as "Google Hacking." When the modern security landscape includes such heady topics as "blind SQL injection" and "integer overflows," it's refreshing to see such a deceptively simple tool bent to achieve such amazing results; this is hacking in the purest sense of the word. Readers will learn how to torque Google to detect SQL injection points and login portals, execute port scans and CGI scans, fingerprint web servers, locate incredible information caches such as firewall and IDS logs, password databases, SQL dumps and much more - all without sending a single packet to the target! Borrowing the techniques pioneered by malicious "Google hackers," this talk aims to show security practitioners how to properly protect clients from this often overlooked and dangerous form of information leakage. *First book about Google targeting IT professionals and security leaks through web browsing. *Author Johnny Long, the authority on Google hacking, will be speaking about "Google Hacking" at the Black Hat 2004 Briefing. His presentation on penetrating security flaws with Google is expected to create a lot of buzz and exposure for the topic. *Johnny Long's Web site hosts the largest repository of Google security exposures and is the most popular destination for security professionals who want to learn about the dark side of Google.

What people are saying - Write a review

User ratings

5 stars
13
4 stars
3
3 stars
2
2 stars
1
1 star
1

Review: Google Hacking for Penetration Testers, Volume 2

User Review  - عَبدُالكَرِيمْ الهاشمي - Goodreads

Get ready to use Google in a way a typical user wont. Google is always one of the first starting point to gather information about your target in this book you will learn how to use the advanced terms of google search to get the most sensitive data you could ever imagine. Read full review

Review: Google Hacking for Penetration Testers, Volume 1

User Review  - Edwin - Goodreads

Must read for searchers. This is about using Google beyond advanced search. This is super advanced search Read full review

References to this book

About the author (2005)

Johnny Long has presented at SANS and other computer security conferences nationwide, including the Black Hat Briefings. In addition, he has presented before several government entities During his career as an attack and penetration specialist, he performed active network and physical security assessments (one in the cube is worth twenty on the net) for hundreds of government and commercial clients. He is a Black Hat featured speaker, and his website can be found at http://johnny.ihackstuff.com

Ed Skoudis is a founder and senior security consultant for the Washington, D.C.-based network security consultancy, Intelguardians Network Intelligence, LLC. His expertise includes hacker attacks and defenses, the information security industry, and computer privacy issues. He has performed numerous security assessments, designed information security governance and operations teams for Fortune 500 companies, and responded to computer attacks for clients in financial, high technology, health care, and other industries. Ed has demonstrated hacker techniques for the U.S. Senate and is a frequent speaker on issues associated with hacker tools and defenses. He was also awarded 2004 and 2005 Microsoft MVP awards for Windows Server Security and is an alumnus of the Honeynet Project. Prior to Intelguardians, Ed served as a security consultant with International Network Services (INS), Predictive Systems, Global Integrity, SAIC, and Bell Communications Research (Bellcore).

Tom Liston is a senior analyst for the Washington, D.C.-based network security consultancy, Intelguardians Network Intelligence, LLC. He is the author of the popular open source network tarpit, LaBrea, for which he was a finalist for "eWeek" and "PC Magazine"'s Innovations In Infrastructure (i3) award in 2002. He is one of the handlers at the SANS Institute's Internet Storm Center, where he deals daily with cutting edge security issues and authors a popular series of articles under the title "Follow the Bouncing Malware." Mr. Liston resides in the teeming metropolis of Johnsburg, Illinois, and has four beautiful children (who demanded to be mentioned): Mary, Maggie, Erin, and Victoria.

Bibliographic information