Pragmatic Information Security Textbooks

Question

I am currently enrolled in an information security class and have, thus far, been unimpressed by our assigned textbook. After doing a quick check at Amazon for other security texts, a common complaint amongst reviewers was that their books offer a cursory, entirely theoretical look at hacking and defense with no real world examples.

I'd like to find a text that discusses both the offensive and defensive aspects of security. As it stands, I have a very vague concept of how an actual attack is executed and how an attentive programmer could have avoided that security hole. Does anyone have any suggestions?

Answer 1

For web application security, The Web Application Hacker's Handbook has been recommended to me (although I haven't read it yet).

There are other books in that series as well:

• The Database Hacker's Handbook
• The Shellcoder's Handbook

as well as a more general book: Hacking: The Art of Exploitation, 2nd Edition.

If you really want to learn the details of making secure systems, you have to learn how systems are broken into, so these books seem to fit the bill.

Answer 2

Check out the answers to these related questions:

• What are good books about security, hacking, and computer forensics?
• How can I stay up-to-date on computer (especially software) security?

Answer 3

As well as everything mentioned in the previous posts, I have gotten some good information from Network Security Assessment.