More security books...
docrice
Member Posts: 1,706 ■■■■■■■■■■
It recently occurred to me that I spend a lot ... a lot of my off-time reading, either today's news, blogs, whitepapers, vendor sites, mailing list threads, or books (usually certification-related as of late). I'd argue that I have no life beyond infosec, and my skills are still mediocre. It's sad, really.
So there I go again, I just clicked on that "Proceed to Checkout" button and within a couple of weeks I should have:
There was a thread a while back where people listed their favorite books, but I couldn't find it on this forum in a manner that didn't test my patience, so I'll just start another. My search kung-fu is weak tonight.
What are your book purchase plans for this year (aside from the Metasploit one)?
So there I go again, I just clicked on that "Proceed to Checkout" button and within a couple of weeks I should have:
- TCP/IP Illustrated, Vol. 1: The Protocols (W. Richard Stevens)
- Security Metrics: Replacing Fear, Uncertainty, and Doubt (Andrew Jaquith)
- Security Warrior (Cyrus Peikari)
- Inside Network Perimeter Security, 2nd Edition (Stephen Northcutt)
- Network Intrusion Detection, 3rd Edition (Stephen Northcutt)
- BackTrack 4: Assuring Security by Penetration Testing (Shakeel Ali)
There was a thread a while back where people listed their favorite books, but I couldn't find it on this forum in a manner that didn't test my patience, so I'll just start another. My search kung-fu is weak tonight.
What are your book purchase plans for this year (aside from the Metasploit one)?
Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
Comments
-
the_Grinch Member Posts: 4,165 ■■■■■■■■■■Well, I am currently reading the Backtrack book. The plan is to actually finish it this weekend, Monday at the latest. My problem is sometimes my mind tends to wander, so I often read three books at a time. Such as currently I've been reading a book on economics, Atlas Shrugged (been on a philosophy kick the past few months), and the Backtrack 4 book. At this point I will be attempting to finish my CCNA and then will jump into the following books (I already have them):
Amazon.com: Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (9780979958717): Gordon Fyodor Lyon: Books
Amazon.com: Wireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guide (978189393999: Laura Chappell, Gerald Combs: Books
Amazon.com: Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition (9780071742559): Allen Harper, Shon Harris, Jonathan Ness, Chris Eagle, Gideon Lenkey, Terron Williams: Books
Amazon.com: Social Engineering: The Art of Human Hacking (9780470639535): Christopher Hadnagy, Paul Wilson: Books
Amazon.com: Network Security Auditing (Networking Technology: Security) (978158705352: Chris Jackson: Books
Only downside to the Kindle is the fact that I can get the books so quickly. I have others on my list, but these should get me through the next couple of months.WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
NightShade03 Member Posts: 1,383 ■■■■■■■□□□Good topic choice! Here is whats on my list:
Amazon.com: The Tangled Web: Securing Modern Web Applications (9781593273880): Michal Zalewski: Books
Amazon.com: Web Application Security, A Beginner's Guide (9780071776165): Vincent Liu, Bryan Sullivan: Books
Amazon.com: Software Security: Building Security In (9780321356703): Gary McGraw: Books
Amazon.com: XSS Attacks: Cross Site Scripting Exploits and Defense (9781597491549): Seth Fogie, Jeremiah Grossman, Robert Hansen, Anton Rager, Petko D. Petkov: Books
Amazon.com: The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities (9780321444424): Mark Dowd, John McDonald, Justin Schuh: Books
Amazon.com: SQL Injection Attacks and Defense (9781597494243): Justin Clarke: Books
Amazon.com: Code Complete: A Practical Handbook of Software Construction (0790145196705): Steve McConnell: Books
Amazon.com: The Security Development Lifecycle (9780735622142): Michael Howard, Steve Lipner: Books
Amazon.com: Fuzzing: Brute Force Vulnerability Discovery (9780321446114): Michael Sutton, Adam Greene, Pedram Amini: Books
Amazon.com: Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-' (9781597496049): Mario Heiderich, Eduardo Alberto Vela Nava, Gareth Heyes, David Lindsay: Books
Amazon.com: Securing the Cloud: Cloud Computer Security Techniques and Tactics (9781597495929): Vic (J.R.) Winkler: Books
Amazon.com: Client-Side Attacks and Defense (9781597495905): Books
It is a rather aggressive list of books and many aren't really *new* per-se but I have been meaning to get through most of these since last year. -
JDMurray Admin Posts: 13,101 AdminConsider collecting InfoSec people in addition to InfoSec books. I'm always amazed at how much I learn from other security people at conventions, formal security group meetings, or just hanging around people working on InfoSec problems. Next to working shoulder-to-shoulder in solving actual InfoSec problems, hanging out socially with a diverse group of InfoSec people is an excellent way to broaden your InfoSec skills. No one person can know/do everything, so you need to build up your "living Rolodex" of InfoSec cronies to help you out.
-
GAngel Member Posts: 708 ■■■■□□□□□□I've got the CCNP/DP books to round off my networking knowledge besides those its a lite year for me.
-
CircuitMeltdown Registered Users Posts: 5 ■□□□□□□□□□I have TCP/IP illustrated vol 1, but I have not got a chance to look through it yet. I am reading the official wireshark cert study guide.
I was wondering if the books mentioned in Docrine's initial post would help for prestudy for the GCFW. I am sceduled to take it soon, and I really study the concepts that we will be covering since I am relatively new to the field, and I don't have engineer work experience, just Analyst/policy experience. The books listed by Stephen Northcut were recomended to me for this class, but I noticed that they were published a long time ago. Are they still relevant for catching up before the class?
Any other book suggestions are appreciated. I am mainly focusing on things that will specifically help me with the GCFW class and exam right now but any other good security books are appreciated as well. I am trying to transition into an Engineer role, possibily in a SOC. Thanks. -
contentpros Member Posts: 115 ■■■■□□□□□□My $.02 a few other books of my quick list of books to own:
Amazon.com: The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws (9780470170779): Dafydd Stuttard, Marcus Pinto: Books
Amazon.com: Google Hacking for Penetration Testers (9781597491761): Johnny Long: Books
Amazon.com: The Security Development Lifecycle (9780735622142): Michael Howard, Steve Lipner: Books
Amazon.com: Hunting Security Bugs (9780735621879): Tom Gallagher, Lawrence Landauer, Bryan Jeffries: Books
Amazon.com: The Tao of Network Security Monitoring: Beyond Intrusion Detection (9780321246776): Richard Bejtlich: Books
Amazon.com: Extrusion Detection: Security Monitoring for Internal Intrusions (9780321349965): Richard Bejtlich: Books
The following books may be a little dated but are really worth having as a reference on your bookshelf. I highly recommend the "Hardening" series. you can find these used on amazon for $3 or $4 each:
Amazon.com: Hardening Network Security (978007225703: John Mallery, Jason Zann, Patrick Kelly, Wesley Noonan, Eric S. Seagren, Paul Love, Rob Kraft, Mark O'Neill, Robert McMullin: Books
Amazon.com: Hardening Network Infrastructure: Wes Noonan: Books
Amazon.com: Hardening Windows Systems: Roberta Bragg: Books
and there is a Hardening Linux book from the same series I wasn't able to find on Amazon by John H. Terpestra, Paul Love, Ronald P. Reck and Tim Scanlon ISBN: 0-07-225497-1
HTH
~Cp -
contentpros Member Posts: 115 ■■■■□□□□□□Consider collecting InfoSec people in addition to InfoSec books. I'm always amazed at how much I learn from other security people at conventions, formal security group meetings, or just hanging around people working on InfoSec problems. Next to working shoulder-to-shoulder in solving actual InfoSec problems, hanging out socially with a diverse group of InfoSec people is an excellent way to broaden your InfoSec skills. No one person can know/do everything, so you need to build up your "living Rolodex" of InfoSec cronies to help you out.
+1 invaluable advice! I frequent the ISSA, ISACA and OWASP meetings I can. I have made many valuable contacts within the community at these events.
If you are in the Los Angeles area come join us tomorrow night for the OWASP meeting which is held at Symantec. Brian Chess is one of the co-founders of Fortify (now part of HP) will be giving a talk on grey box testing. If you've ever seen Brian speak you know this will be a great presentation.
Get the info or register here:
https://www.owasp.org/index.php/Los_Angeles -
sb97 Member Posts: 109the_Grinch wrote: »Well, I am currently reading the Backtrack book. The plan is to actually finish it this weekend, Monday at the latest. My problem is sometimes my mind tends to wander, so I often read three books at a time. Such as currently I've been reading a book on economics, Atlas Shrugged (been on a philosophy kick the past few months), and the Backtrack 4 book. At this point I will be attempting to finish my CCNA and then will jump into the following books (I already have them):
Amazon.com: Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (9780979958717): Gordon Fyodor Lyon: Books
Amazon.com: Wireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guide (978189393999: Laura Chappell, Gerald Combs: Books
Amazon.com: Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition (9780071742559): Allen Harper, Shon Harris, Jonathan Ness, Chris Eagle, Gideon Lenkey, Terron Williams: Books
Amazon.com: Social Engineering: The Art of Human Hacking (9780470639535): Christopher Hadnagy, Paul Wilson: Books
Amazon.com: Network Security Auditing (Networking Technology: Security) (978158705352: Chris Jackson: Books
Only downside to the Kindle is the fact that I can get the books so quickly. I have others on my list, but these should get me through the next couple of months. -
sb97 Member Posts: 109I am looking for a book that offers guidance on developing log analysis techniques.
-
JDMurray Admin Posts: 13,101 AdminBoy, let me know when you find devoted to log analysis. I scoured O'Reilly's Safari Books Online for that topic and came up with only a few books that even attempt to breech the subject. I'd love to see a full book on it.