Recommended Reading

Fri
09
Oct

Cryptography in the Database: The Last Line of Defense

Written by Kevin Kenan

When I pick up a Symantec Press book, I will either love them or dislike them. I never have mixed emotions about them. This book I love. His book should be titled, Database Security. While the primary focus is on encryption, the author dives into several topics I wish some of my past DBAs had known.

The book is divided into four major parts: Database Security, A Crpytographic Infrastructure, The Cryptographic project, and Example Code. I however would calssify the book into two major parts. The first part is reading and understanding some fundamentals that are very important. Throughout this first part, there are many graphical presentations to help the reader understand, in a graphical way, what the author is discussing. This is most visible in the third chapter entitled An overview of Cryptographic Infrastructure.

Fri
09
Oct

Extrusion Detection: Security Monitoring for Internal Intrusions

Written by Richard Bejtlich

First, this book should be called The Engineers Guide to Implementing Security to Detect and Prevent Malicious Traffic in Your Network. This is a very thorough book on how to detect malicious traffic leaving a network (hence Extrusion), with great illustrations and walkthroughs. There are chapters on planning, deployment, tuning and other key, often overlooked, aspects surrounding the wonderful world of Intrusion Detection.

The first hint that this book was a bit different is noticed in the Foreward. Marcus Ranum wrote the forward, or I should say guided the direction of the Foreward. Marcus opts for an interview with the author, versus "telling you a bunch of stuff about the book". The Foreward is a must when browsing this book. Very creative, something perhaps missing in the world of Information Security these days.

Fri
09
Oct

Mapping Security: The Corporate Security Sourcebook for Today's Global Economy

Written by Tom Patterson with Scott Gleeson Blue

Now this is a first for the book review section, a book written about the process of Information Security. This is not a technical book, but one designed for those who find themselves in the position to manage Information Security at their company. Rightfully so, the subtitle for the book is "The Corporate Security Sourcebook for Today's Global Economy".

Fri
09
Oct

How to Break Web Software: Functional and Security Testing of Web Applications and Web Services

Written by Mike Andrews

This is a hard topic to find good reading. Most books are usually targeted towards operating systems or malware specifically. However, from the first page, I knew this was something worthwhile. A key part to this book being so good is the format Mike and James use to present each topic thus providing something for attackers and security folks. It also could provide pen testers and auditors some good ammo to use as well.

The layout of the chapters starts with gathering information on targets. Then takes a step towards client side attacks, server side attacks, Language based attacks, Authentication, Privacy, and Web Services. They even throw in a chapter outlining the last 50 years or so of web software defects. Surprisingly, or not so surprisingly, we have not always learned from our mistakes.

Fri
09
Oct

Rootkits: Subverting the Windows Kernel

Written by Greg Hoglund

Pages

Subscribe to RSS - Recommended Reading