A comprehensive, up-to-date revision of the market-leading CISSP training resource

Written by Shon Harris, the number-one name in IT security certification and training, this exam guide offers complete coverage of all the material on the latest release of the Certified Information Systems Security Professional (CISSP) exam. With full treatment of all 10 exam domains, as developed by the International Information Systems Security Certification Consortium (ISC2), this definitive tool contains learning objectives at the beginning of each chapter, sidebars with in-depth technical explanations, practice questions, and real-world scenarios.

Detailed and authoritative, Shon Harris's CISSP All-in-One Exam Guide, Fifth Edition serves as both a comprehensive certification study guide and student work book, and a fundamental on-the-job reference. The CD-ROM includes more than 250 simulated practice questions in a Windows-based test engine, an electronic book, and video training from the author.

A comprehensive CISSP training resource

Written by Shon Harris, the leading IT security certification and training expert, this practice exam book offers hundreds of realistic questions with detailed answers of all the material on the latest release of the Certified Information Systems Security Professional (CISSP) exam. With full treatment of all the 10 exam domains, as developed by the International Information Systems Security Certification Consortium (ISC2), this book allows you to prepare for the certification exam in an in-depth, self paced manner.

Prevent catastrophic network attacks by exposing security flaws, fixing them, and ethically reporting them to the software author. Fully expanded to cover the hacker's latest devious methods, Gray Hat Hacking: The Ethical Hacker's Handbook, Second Edition lays out each exploit alongside line-by-line code samples, detailed countermeasures, and moral disclosure procedures. Find out how to execute effective penetration tests, use fuzzers and sniffers, perform reverse engineering, and find security holes in Windows and Linux applications. You'll also learn how to trap and autopsy stealth worms, viruses, rootkits, adware, and malware.

• Implement vulnerability testing, discovery, and reporting procedures that comply with applicable laws
• Learn the basics of programming, stack operations, buffer overflow and heap vulnerabilities, and exploit development
• Test and exploit systems using Metasploit and other tools
• Break in to Windows and Linux systems with perl scripts, Python scripts, and customized C programs
• Analyze source code using ITS4, RATS, FlawFinder, PREfast, Splint, and decompilers
• Understand the role of IDA Pro scripts, FLAIR tools, and third-party plug-ins in discovering software vulnerabilities
• Reverse-engineer software using decompiling, profiling, memory monitoring, and data flow analysis tools
• Reveal client-side web browser vulnerabilities with MangleMe, AxEnum, and AxMan
• Probe Windows Access Controls to discover insecure access tokens, security descriptors, DACLs, and ACEs
• Find and examine malware and rootkits using honeypots, honeynets, and Norman SandBox technology