File | |
---|---|
Hakin9_EN_TBO_02_2014.pdf |
Dear Readers,
We would like to introduce a special The BEST OF issue made by Hakin9. This time will deal with Python. The articles we published are not only for hacker but also will help you program in Python. Moreover, we added some articles on C++. You will learn how to conduct an audit using C++ Code analysis. You can compare it with offensive programming with Python. For sure after reading our step-by-step tutorials you will become a professional auditor with must-have knowledge about Python programming. You will get to know how to analyze source code to find vulnerabilities which will help you to protect your websites and applications. This time you will a reach section Extra articles about Payment Cards, Hardware Hacking and Evidence Analysis.
Enjoy reading,
Ewa & Hakin9 Team
Download Preview
Table Of Contents
C++ – Introduction to Code Analysis and Audit
by Bamidele Ajayi
As a security professional code analysis and auditing is an essential task to unravel flaws and vulnerabilities. Analysis and auditing also sheds more light into what the code actually. This article introduces you to the basics you need to know before embarking on source code audit and analysis with emphasis on C++.
C++ Code Analysis
by Mohammed AlAbbadi
Have you ever wanted to have a superpower? What was yours? The ability to fly? Blow fire? Disappear? Stop time or even go back in time? Run faster? Or be bulletproof? Mine was always the ability to scan objects and see what others couldn’t see, the X-ray vision. Frankly, I wanted it for two reasons: one that was good and the other that was “wak”.
Offensive Python
by Kris Kaspersky
Python was created for fun, but evil hackers use it for profit. Why Python is a new threat for security industry and how tricky Lucifer’s kids are – let’s talk about it. According to Wikipedia: “Python is a widely used general-purpose, high-level programming language. Its design philosophy emphasizes code readability, and its syntax allows programmers to express concepts in fewer lines of code than would be possible in languages such as C”. The first statement would surprise a Windows user (how many victims have Python preinstalled?), but MacBooks and Linux servers is a different story. Python supplies by default and it’s required by many programs, so uninstalling Python is not an option.
Having Fun with Antennas and Why You Need to Make Your Own
by Guillaume Puyo
Antennas (antennae for the serious people and entomologists) are the most omnipresent and the most misunderstood pieces of tech we all have, and yet, as everything keeps getting smaller and smaller they remain one of the few hacker friendly items we can tinker with. In these few pages, let’s have a first basic approach on how they work, learn what’s cool about them and get ready to build our own!
Payment Card Security
by Marios Andreou
There are many standards ensuring minimum level of protection to sensitive information such as the Payment Card Industry Data Security Standard (PCI DSS) which protects the cardholder’s data (CHD), Data Protection Act, FSA regulations for financial information and ISO-27001 the information security Management standard. These standards are built to be more generic helping organisations deal with security risks and not to protect them from all security threats. Therefore, this article focuses on PCI DSS and what can be done and what approach must be followed by the experts to ensure security of information not just compliance with PCI DSS.
Evidence Analysis
by Mudit Sethia
Welcome back to the Novice approach to Evidence Analysis!! By putting the title to be one of a novice, I really mean it to be novice – simple,straight and as it is. There can be no alteration done to the elementary alphabets ABCD ... Agreed?? (btw I know the other 22 alphabets as well ;))
Python: A Guide for Beginners
by Mohit Saxena
Python is an easy and powerful programming language. It has highly efficient data structures with object-oriented programming approach. Its neat syntax and dynamic typing makes it more efficient. It is the best programming language for rapid application development for many platforms.
Starting Python Programming and the Use of Docstring and dir()
by Sotaya Yakubu
Python is an interpreted language and features dynamic system with an automatic memory management. It can be used as a full fledged language, or integrated as a scripting language in another such as C, Java e.t.c The language itself is not limited to a specific programming paradigm, different styles of coding can be used in this language such as; Imperative, Object-oriented, functional and procedural styles.
Beginning with Django
by Alberto Paro
What are the success keys for a web framework? Is it easy to use? Is it easy to deploy? Does it provide user satisfaction? Django framework is more than these answers because, in my opinion, is one of the few framework that is able to hit its goal: it “makes it easier to build better Web apps more quickly and with less code”. There are a lot of good web frameworks, but few of them provide all the “batteries included” that are required to create complex and “custom” web applications.
Better Django Unit Testing Using Factories Instead of Fixtures
by Anton Sipos
Best practices always stress writing unit tests for your applications. But writing useful tests for a Django web application can be difficult, particularly if your data model has lots of related models. In this article we will demonstrate how to make writing of these tests easier using model factories instead of Django’s data fixtures.
Using Python Fabric to Automate GNU/Linux Server Configuration Tasks
by Renato Candido
Fabric is a Python library and command-line tool for automating tasks of application deployment or system administration via SSH. It provides a basic suite of operations for executing local or remote shell commands and transfer files.
The Python Logging Module is Much Better Than Print Statements
by W. Matthew Wilson
A while back, I swore off using adding print statements to my code while debugging. I forced myself to use the python debugger to see values inside my code. I’m really glad I did it. Now I’m comfortable with all those cute single-letter commands that remind me of gdb. The pdb module and the command-line pdb.py script are both good friends now. However, every once in a while, I find myself lapsing back into cramming a bunch of print statements into my code because they’re just so easy. Sometimes I don’t want to walk through my code using breakpoints. I just need to know a simple value when the script runs.
Python, Web Security and Django
by Steve Lott
Web sites must operate securely. Once we get past the basics of asking users to login, what other use cases are there? It turns out that almost everything is security-related. Security must be a pervasive feature of our design. So we’ll focus on Django. Lots of folks like to wring their hands over the Big Vague Concept (BVC) they call “security”. Because it’s nothing more than a BVC, there’s a lot of quibbling. We’ll try to move past the vagueness to concrete and interesting stuff. We’ll focus on Python and Django, specifically.
Building a Console 2-player Chess Board Game in Python
by George Psarakis
Python is a very powerful language particularly for writing server-side backend scripts, although one can also use it for web development tasks through the Django framework (https://www.djangoproject.com) and it is gaining popularity in that field as well. A very thorough and complete documentation, the huge variety of libraries and open-source projects – easily installed with the package managers (https://pypi.python.org/pypi/pip and https://pypi.python.org/pypi/setuptools) and the huge knowledge base in Q&A sites like StackOverflow (https://stackoverflow.com/questions/tagged/python) and mailing lists are among the main characteristics to which the widespread use of Python can be attributed to.
Write a Web App and Learn Python. Background and Primer for Tackling the Django Tutorial
by Adam Nelson
While many resources exist online for anyone interested in taking on Python, as with many programming languages, the best way to get started is often by getting your feet wet on an actual project. Over the past 15 years, I have been involved in many aspects of web development from building out internal intranet applications on Microsoft ASP to writing Perl and PHP for large web sites.
Efficient Data and Financial Analytics with Python
by Dr. Yves J. Hilpisch
In this article, we will be talking about first steps in Python programming, we will show you, the way how to start and make it as easy as possible. You will see how user friendly Python is and what makes it so much popular in the world of programmers.
Test-Driven Development with Python
by Josh VanderLinden
Software development is easier and more accessible now than it ever has been. Unfortunately, rapid development speeds offered by modern programming languages make it easy for us as programmers to overlook the possible error conditions in our code and move on to other parts of a project. Automated tests can provide us with a level of certainty that our code really does handle various situations the way we expect it to, and these tests can save hundreds upon thousands of man-hours over the course of a project’s development lifecycle.
Python Iterators, Iterables, and the Itertool Module
by Saad Bin Akhlaq
Python makes a distinction between iterables and iterators, it is quite essential to know the difference between them. Iterators are stateful objects that know how far they are through their sequence. Once they reach there that is it. Iterables are able to create iterators on demand. Itertool modules includes a set of functions for working with iterable datasets.
Building a Code Instrumentation Library with Python and ZeroMQ
by Rob Martin
Like many people, I confused the Heisenberg Uncertainty Principle with the Observer Effect. The Heisenberg Uncertainty Principle asserts that we cannot accurately measure pairs of physical properties of particles. That is, if we know one value, the other is unknowable. This is best illustrated by the story of Heisenberg being pulled over by a police officer. The officer asks Heisenberg if he knows how fast he was driving. No, but I know where I am, says Heisenberg. The officer says, Sir, you were driving 76 miles per hour. Heisenberg replies, Great. Now I’m lost.
Django and Tornado: Python Web Frameworks
by Michael D’Agosta
Long ago it was enough to put together some ‚server pages’ and attach them to a database, and you had a website. These days, the web is complex, dynamic and it takes a lot of infrastructure to get a website living and breathing on the internet. Fortunately nobody has to write this from scratch anymore, since there are many frameworks in many languages to provide the foundation needed to bring up a website.
Secure Authentication in Python
by Anubhav Sinha
This is a tutorial on implementing user authentication system for your Python based web applications.
Timing Python Scripts with Timeit
by Daniel Zohar
If you’re a performance freak like me, you must have made numerous small optimizations to your code. Reusing variables, optimizing execution order, replacing one function with another etc., are the very basics of writing and optimizing code. It’s always good to measure what you’re doing, to be able to compare a previous state with the new one to make sure you’ve got it right. Today you’ll learn how to easily time code execution in Python.
IronPython – a Acripting Language for the .NET Framework
by Florian Bergmann
The article will describe the basic steps included to fulfill these tasks, from installing IronPython and referencing existing .NET assemblies to executing IronPython inside a C# application.
How to Develop Programs in a Few Lines of Codes
by Rehman Danish Fazlur
The article will firstly pinpoint why Python provides a more feasible and easy to code ideology to solve problems which are little complex in nature. After we have decided that Python enables programmer to write smaller and quicker code, we deal with examples of real world scenarios. How Python provides certain ideology to perform certain task like yielding of data, iteration of long list or how the rich Python library helps programmer build applications with just few lines of codes.
The Web Framework and the Deadline Part 1 (Introduction)
by Renato Oliveira
This tutorial is about web development. You’re going to learn how to develop a web application that could be easily used in the real world. You’ll see some of the many facilities that Django offers. To get the most out of this tutorial you should know something about web development, Python and HTML/CSS.
The Web Framework and the Deadline Part 2
by Renato Oliveira
So, now your client want a page for each product, showing name, description, category and photo. You have to prepare some codes for him and now you can do it right way!
Philosophy of Python
by Douglas Camata
Python’s language begun in the late 1980’s, when it was conceived. Guido van Rossum, its creator and principal author, started the implementation in December 1989, at CWI. Guido’s makes all decisions about the direction of Python and, because of that, he’s called by the community, Benevolent Dictator for Life.
Conditional Expressions In Python
by Lawrence D’Oliveiro
This article will look at the different forms of conditional expression available in Python. It will show how to use lambda-expressions in creative ways to construct such expressions. You should already have a basic grasp of Python 2.x and 3.x, including an understanding of lambda constructs.
Python WebApps – From Zero to Live
by Jader Silva, Leon Waldman, Vinicius Miana
Python is a very versatile language. In this article, we will show the options and guide you to develop and deploy a Web Application and Web Services using Python. Python is an extremely versatile and powerful programming language. In this article, we will present how to setup your development environment, framework options for developing web-services and web applications using Python and a tutorial on how to develop a simple web application that consumes web services. Finally we will show options to consider in order to deploy your application.
Programming Python for Web with WSGI
by Klaus Laube
Python is a spetacular programming language! It’s high level, dynamic but strongly typed and has a lot of “batteries included” that let’s you do things in an amazing velocity and effectiveness, without losing quality. Plug Python with some nice libraries, like Django or Flask, and you will have an awesome set of tools for your Web Project. These solutions grant you a powerful and well tested platform, with minimum (as possible) complexity. Writing applications for Web with these frameworks is very easy, but it was not always so.
ModelForms in Django. A Tutorial with a Perspective on Workflow Enhancement
by Agam Dua, Abhishek
Using ModelForms makes working with forms a simple process. It also tightly binds the forms to the models which is where the data gets stored.
Interview with Mikhail Berman
by The Team
Mikhail Berman, Business Development Director, Devexperts company. He will tell you about backgrounds of his work and their programmers team.
Making Web Development Simpler with Python
by Douglas Soares
Python has been attracting a lot of attention in the last years as it is an easy to learn, powerful and feature-rich programming language which is particularly helping several web developers to deliver better code in less time – in this article, we will talk about some web micro frameworks and some newer tools to ease the web developer job. This article is intended for Python developers that are working with Web Development, mainly with API development and Web Services and it is expected that you know how to use virtualenv and virtualenvwrapper to create virtual python environments and know the basics of Python, like its types and decorators.
Exploiting Format Strings with Python
by Craig Wright
In this article we will look at format strings in the C and C++ programming languages. In particular, how these may be abused. The article progresses to discuss crafting attacks using python in order to attack through DPA (Direct Parameter Access) such that you can enact a 4-byte overwrite in the DTORS and GOT (Global Access Table) and prepares the reader for a follow-up article on exploiting the GOT and injecting shell code. We demonstrate how these simple but still often overlooked and even taught vulnerabilities can be used to read arbitrary locations from memory, write to memory and execute commands and finally to gain a shell.
If you are not a subscriber and want to buy this magazine click here
File | |
---|---|
Hakin9_EN_TBO_02_2014.pdf |
Hi, this is Chipepe from Angola. I sent you an email and would like to put my hands on this issue. How many pages is the magazine.
I am going back to my village next month and I hope I get it by them.
I think it has some nice topics, I am not a newbie with Python or C but I can always leverage from this content.
Hi, I want to buy this particular issue. How much its cost can you email me?
:v
Hi wat sap
hello, how much is it cost to buyonly this one issue?
Send me an email to get it.
Ewa
Ewa.d@hakin9.org
good