Paul L. Snyder on 19 May 2012 20:31:06 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] I need a book recommendation

On Sat, 19 May 2012, Paul L. Snyder wrote:

> On Fri, 18 May 2012, wrote:
> > Excellent! Thank you! I should specify that I want to get more
> > knowledgable about general security stuff, not just Linux, but I
> > would guess most the skills/knowledge is transferable.
> Ross Anderson's _Security Engineering_ is excellent.  It's a great
> introduction to thinking from a security perspective and covers a lot of
> territory even beyond standard compsec topics.  The first edition is
> available for free on his website, but do buy the second edition if you can
> afford it (it's worth it).  I think this book might be the best fit
> for what you say that you're looking for.
> If you're interested in the mechanics of exploit development, Jon Erikson's
> _Hacking: The Art of Exploitation_ is quite enjoyable with lots of
> exercises and hands-on material.  
> Another nice book along the same line is _The Web Application Hacker's
> Handbook: Discovering and Exploiting Security Flaws_, by Stuttard and
> Pinto.  A second edition was released last year; this would be the one
> to pick up given how active the web space has been since the first edition
> was published in 2008 (particularly given the growth of cloud services).
> I've seen recommendations for the online labs they sell as an accompaniment
> to the book, but have not explored them myself.

One more thing to mention (though not a book) is to grab a nice
security-focused Linux distribution so you can play around with tools
you're reading about.  BackTrack is a nice DVD-bootable distro for this
purpose...load it up in a virtualization program, boot another image with
something to attack, and go to town.

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --