Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For any nonsense or banter that doesn't fit anywhere else. LoL! omg! ROFL! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Book shelf
Posted by: adam
Date: November 29, 2006 07:02PM

What interesting computer books do you guys have? It is nearly(ish) Christmas and all. I noticed Rsnake had a massive book shelf :o!

Anyone recommend anything for festive reading?

Adam

Options: ReplyQuote
Re: Book shelf
Posted by: rsnake
Date: November 29, 2006 09:26PM

I was thinking about picking up "Silence on the Wire". Passive fingerprinting is becoming more and more interesting to me. I've got some ideas that go way way beyond the data you see in TCP/IP packets and I am just getting my brain wrapped around a new classification of forensics that for lack of a better term I am calling "meta signatures". Things that people pass without even realizing they pass.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Book shelf
Posted by: jungsonn
Date: November 30, 2006 03:51AM

A few on my wishlist:

- Essential XUL Programming
- Malicious Cryptography: Exposing Cryptovirology
- Elliptic Curves (Discrete Mathematics and Its Applications)
- The Design of Rijndael: AES.

Options: ReplyQuote
Re: Book shelf
Posted by: rsnake
Date: November 30, 2006 11:20AM

Ah, a cryto guy.... sweet! I left my math skills in my other suit or I might have picked up crypto as a living. I love it, I just never had patience for the math.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Book shelf
Posted by: adam
Date: November 30, 2006 01:24PM

They're pretty specific books ;).

Anything good for general interest web security, I currently only have Hacking Web Applications Secured.

Adam

Options: ReplyQuote
Re: Book shelf
Posted by: rsnake
Date: November 30, 2006 01:36PM

I'm part way through Hacking Web Applications Exposed. It's a great book. I'm really enjoying it. The part on XSS is a little thin but they were trying to cover an aweful lot in that book.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Book shelf
Posted by: adam
Date: November 30, 2006 06:00PM

Yeh I have been dipping in and out of sections that interest me. Will try and give it a thorough read soon!

Options: ReplyQuote
Re: Book shelf
Posted by: jungsonn
Date: November 30, 2006 08:12PM

I think any in-depth book on TCP/IP networking would be a great book. my knowledge is not sufficient enough to cover the complete tale, it would really help to understand any webbased application layers on top of that and how they interact. So such book is going to end on my wishlist fore sure.

Options: ReplyQuote
Re: Book shelf
Posted by: adam
Date: December 01, 2006 06:51PM

Did they tell you they were going to mention you Rsnake ;)? I think that book is how I found this site tbh.

Adam

Options: ReplyQuote
Re: Book shelf
Posted by: jungsonn
Date: December 01, 2006 07:36PM

RSnake is mentioned in a few e-books i read, so it could be :)

Options: ReplyQuote
Re: Book shelf
Posted by: WhiteAcid
Date: December 01, 2006 07:52PM

He's mentioned in a few propper books too, atleast the xss cheat sheet it.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: Book shelf
Posted by: Mephisto
Date: December 03, 2006 08:47AM

I've got the following web security books:

Web Hacking
Hacking Exposed: Web Applications 2nd Edition
Pen Testing for Web Applications

plus a couple of crypto books on the way...

Options: ReplyQuote
Re: Book shelf
Posted by: rsnake
Date: December 03, 2006 09:34PM

I'm really not that aware of many books that have mentioned me or the Cheat Sheet, so if there are others out there I'd be curious to know what they are. If nothing else, my gfnd would get a kick out of seeing my nick/site in a book.

But yah, picking up a good book on TCP/IP is valuable, but really I've been focusing a lot more on all of the OSI model. I think there are a lot of issues in the interaction between all of the various technologies that enable the web that we have barely scratched the surface of.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Book shelf
Posted by: WhiteAcid
Date: December 04, 2006 01:46AM

I can't remember the book's title, I was just flicking through the XSS section of some web app sec book at a linux convention a month or two ago.

I have yet to buy security books myself, I just borrow a few things from my university library.
Hands on networking with Internet Technologies - great book for those who don't yet know much about how the net works, lets you go very deep into the protocols and mechanisms though.
Web services essentials - It's ok, never got that into it.
Computer networking; A top down-down approach featuring the internet - Fantastic, goes down the OSI layers with great detail in each.
Hacker's Challenge - ugh. didn't like this
Hacker's Challenge 3 - I really should have bought one and read it before buying the other.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: Book shelf
Posted by: adam
Date: December 04, 2006 12:43PM

Well I just bought Intermediate Perl - helping me to understand objects, and modules and things. Your mentioned at least once in Hacking Web Applications Exposed, Rsnake!

Adam

Options: ReplyQuote
Re: Book shelf
Posted by: rsnake
Date: December 04, 2006 12:56PM

Speaking as a PERL guy, I wouldn't bother picking up PERL. It's a dying language these days. You are way better off picking up PHP as it is the new modern language being used by a lot more people these days. I love PERL (I was a PERL developer for years), but it's practically useless these days.

.Net and Java are the two that you should know if you want to work in a big corporate environment. PHP isn't often used in large companies in comparison.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Book shelf
Posted by: adam
Date: December 04, 2006 04:24PM

Yeh we use it at work though, probably the only agency that does use it - so I need to know it ;)!

Options: ReplyQuote
Re: Book shelf
Posted by: rsnake
Date: December 05, 2006 11:36AM

In that case go for it. You'll never find a language easier to prototype with. If you need PERL help, lemme know. I'm glad to help out newbie PERL types. :)

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Book shelf
Posted by: jungsonn
Date: December 05, 2006 11:55AM

I'm a pure PHP guy. I started with perl i think back in 1999, but it bothered me to much. I tryed python, but it's more specific. So i stay with PHP & javascript and a little JAVA, it's nice they all follow the C structure, so if you know C it's easy to jump right in.

Options: ReplyQuote
Re: Book shelf
Posted by: WhiteAcid
Date: December 06, 2006 06:46AM

I have to say, suprised no one here is a ruby on rails guy. There was a decent discussion on it here, though you may benefit reading the wikipedia page about it too.

I have to thank you guys for these books, I'm compiling a list to send to my folks as a wish list. For you serious PHPers Advanced PHP Programming (ISBN: 0672325616) looks great. I haven't read it yet, but reviews give it a big thumbs up.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: Book shelf
Posted by: jungsonn
Date: December 06, 2006 06:57AM

I don't like Ruby, cause it's all so predefined, i like to name my own variables instead of fixed ones. The idea behind it is nice, i had some ideas of developing something like it for many years, but it would build it otherwise. More freedom.
And the code of ruby, i dunno, it looks like BASIC :)

on PHP, i don't buy books for it anymore, most of them cover what i already know. Think i know 80% of all the php functions, and only 4% of them i actually use in the real world. :)

so that's a kind of weird situation.

Options: ReplyQuote
Re: Book shelf
Posted by: jungsonn
Date: December 06, 2006 07:17AM

@ Adam

I really enjoy those SAMS phrasebooks:

http://www.samspublishing.com/series/series.asp?st=44614&rl=1

There very good and packed with info for quick examples on the topic.

Options: ReplyQuote
Re: Book shelf
Posted by: WhiteAcid
Date: December 06, 2006 07:55AM

jungson, I don't know what you've been reading but I've never actually used a book for PHP. Having said that I feel I have learned quite a lot about the language and consider myself pretty damn good at it. That is, until I read the reviews for that book. It's aimed at exactly people like me, it doesn't discuss syntax or loops, instead it talks about pre-compiling the scripts so they excecute faster, scaling PHP to work on large systems, different types of caching... well... I may get the book, then go into more details myself.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: Book shelf
Posted by: rsnake
Date: December 06, 2006 09:46AM

Yah, WhiteAcid, let me know how that book goes. I like the more advanced stuff. If there are really good tips in there, I might pick it up myself.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Book shelf
Posted by: jungsonn
Date: December 06, 2006 11:56AM

Sure, i'm also interested what that book has to offer.

Most things i read on we're pretty advanced topics like session handeling, but caching and scaling PHP i'm not so interested in. i only use what is needed to do the job. IMHO, I think a good book on SQL/MySql would give me ways and a better practice to distribute the load, like stored procedures and triggers in MySql then just caching scripts.

Options: ReplyQuote
Re: Book shelf
Posted by: Mephisto
Date: December 22, 2006 07:39AM

rsnake Wrote:
-------------------------------------------------------
> I'm really not that aware of many books that have
> mentioned me or the Cheat Sheet, so if there are
> others out there I'd be curious to know what they
> are. If nothing else, my gfnd would get a kick
> out of seeing my nick/site in a book.

Just thought I would point out where RSnake and ha.ckers/sla.ckers are mentioned in "Hacking Exposed: Web Applications 2nd Edition.

Chapter 6: Input Validation Attacks

Page 224: "More information about XSS and alternate ways in which payloads can be encoded is found at http://ha.ckers.org/xss.html

Page 233: You are listed under the "References and Further Reading" section.
"XSS Cheat Sheet by RSnake - http://ha.ckers.org/xss.html"

There may be more references, but I haven't gotten past Chap. 6 yet!

Options: ReplyQuote
Re: Book shelf
Posted by: WhiteAcid
Date: December 22, 2006 12:43PM

I saw that, but then Jeremiah Grossman does the foreword, so I expect rsnake to already know about this.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: Book shelf
Posted by: ntp
Date: December 23, 2006 08:46PM

best book i've read lately -
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

best book on web application security -
Hacking Web Applications Exposed, 2nd Edition

best book on security tools outside of web application security -
Writing Security Tools and Exploits

best book on secure programming -
Hunting Security Bugs

book i want most right now, but just came out -
The Art of Software Security Testing: Identifying Software Security Flaws

book i wanted most a month ago -
Hacking Web Services

book i'm most anticipating the imminent release of -
Developers Guide to Web Application Security

book i want most for someone who is probably reading this to write -
Javascript Cookbook for Evil Geniuses
(note that this doesn't exist, but you can guess what would be in it)

book i don't know anything about but wish i did, somebody please review this for me -
How to Break Web Software: Functional and Security Testing of Web Applications and Web Services

additional must-haves -
Pen Testing for Web Applications
Apache Security
Network Security Hacks, 2nd Edition
Network Security Tools
Preventing Web Attacks with Apache
Software Security: Building Security In
Wi-Foo: The Secrets of Wireless Hacking

i highly suggest access to http://safari.oreilly.com/library which has a lot of the O'Reilly, Prentice Hall, and Addison-Wesley books, as well as http://www.books24x7.com which has a lot of the Syngress, APress, and McGrawHill titles. Access to http://syngress.com (Syngress only) and http://osoft.com (mostly NoStarch Press) might also be useful.

For Networking (I own pretty much every Cisco Press book since 1997) I highly recommend CCSP Flash Cards and Exam Practice Pack. It sounds cheesy but it is not. If you want more theory than practice go for Network Security Architectures. Actually, get both. Wi-Foo (mentioned above) is excellent for networking concepts and wireless security, but it may be a little advanced for a novice to networking.

Options: ReplyQuote
Re: Book shelf
Posted by: rsnake
Date: December 24, 2006 04:44PM

Thanks, Mephisto... yah, actually I did see that recently. I actually didn't know I was mentioned until after I bought it. Yah, Jeremiah did the forward, but I don't know if he read it before it was finished. Either way I was actually surprised to see it. Cool!

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote


Sorry, only registered users may post in this forum.