Best Infosec Books

Clm · July 2016

Just looking to pick up some good info sec books to read not looking for any specific cert related books just general books

jcundiff · July 2016

Counter Hack Reloaded

aderon · July 2016

jcundiff wrote: »

Counter Hack Reloaded

Is that book still relevant? I bought it like a decade ago, but never got around to reading it. And I've been shying away from it now because it seems like most of the info wouldn't be up to date anymore.

If it's got staying power though, I'll have to add it back to my reading list.

jcundiff · July 2016

aderon wrote: »

Is that book still relevant? I bought it like a decade ago, but never got around to reading it. And I've been shying away from it now because it seems like most of the info wouldn't be up to date anymore.

If it's got staying power though, I'll have to add it back to my reading list.

My former boss is very high on it and think it has been revised, its my next on the book shelf ( after all the required stuff for school as time allows), but given the fact that the majority of compromises are being done using decades old vulns I would say yeah

beads · July 2016

Finding Threat Modeling: Designing for Security to be quite helpful. Most items the author is bringing up about a quarter the way through are either things that I didn't know I was already doing (relief) or new ways of doing things that I could be doing more efficiently (helpful).

Any of the 'Hacking Exposed' books are worth going through as well. They may seem a bit dated but if your reading the SANS diary on a daily basis you'll see there aren't really a lot of new or novel hacks coming our way. What you see is more and more DoS and "new tricks for old dogs" types of hacks and exploits. Basically everything old is new again in our world. Seen a new class of hack lately?

Reloaded is much the same and very much worthwhile for the same reasons above. It doesn't have to be cutting edge to worth reading, just applicable.

- b/eads

iBrokeIT · July 2016

For social engineering, the Kevin Mitnick books like Ghost in Wires and The Art of Deception are really good...

Clm · July 2016

iBrokeIT wrote: »

For social engineering, the Kevin Mitnick books like Ghost in Wires and The Art of Deception are really good...

I read ghost in the wire when it came out a few years ago it was great

Clm · July 2016

beads wrote: »

Finding Threat Modeling: Designing for Security to be quite helpful. Most items the author is bringing up about a quarter the way through are either things that I didn't know I was already doing (relief) or new ways of doing things that I could be doing more efficiently (helpful).

Any of the 'Hacking Exposed' books are worth going through as well. They may seem a bit dated but if your reading the SANS diary on a daily basis you'll see there aren't really a lot of new or novel hacks coming our way. What you see is more and more DoS and "new tricks for old dogs" types of hacks and exploits. Basically everything old is new again in our world. Seen a new class of hack lately?

Reloaded is much the same and very much worthwhile for the same reasons above. It doesn't have to be cutting edge to worth reading, just applicable.

- b/eads

Just double checking Is this the book you are referring to? / Wiley: Threat Modeling: Designing for Security - Adam Shostack

beads · July 2016

@CLM;

Yep. That's the baddie. I got turned on to it by reading the review in InfoSec Magazine while doing my bi-monthly quiz for the CISSP. Adam definitely has some excellent insights and some head slappers as well.

- b/eads

wes allen · July 2016

This is a great book on risk:

https://www.amazon.com/Measuring-Managing-Information-Risk-Approach/dp/0124202314

And, if you need a little non fiction to break things up - cryptonomicon and reamde are great reads.

jcundiff · July 2016

wes allen wrote: »

This is a great book on risk:

https://www.amazon.com/Measuring-Managing-Information-Risk-Approach/dp/0124202314

And, if you need a little non fiction to break things up - cryptonomicon and reamde are great reads.

Why ebay united Kingdom when you are in Lexington? Yeah the FAIR Risk model is pretty good... I actually was trained in it by Jack himself

Ertaz · July 2016

Great thread. Good recommendations. So much Kentucky. LOL

Best Infosec Books

Comments