views:

1174

answers:

14

I know this is a broad area, but...

I'm looking at Writing Secure Code, Second Edition, but I was wondering what other good books were out there on the subjects of security, hacking, and computer forensics. A quick search turns up plenty, but I'm not sure where to begin.

For the record, I am a software engineering undergraduate student, so I would like books that aren't all that complex, but I'm sure there are other people here with varied backgrounds and levels of experience and education that might enjoy some more comprehensive books, so feel free to post any good books on the subject. Please identify who they are appropriate for, though.

+4  A: 

Don't waste time looking for "white hat hacking" books - the good ones won't make that distinction, and if you really want to be good at it, what's the point in knowing what the "good guys" are doing anyway?

Read the Phrack articles (start from the beginning), then check out the Shellcoders Handbook.

White hat hacking is just hacking with permission granted by the victim. It has nothing to do with the technique or approach to hacking the system itself.

Steve M
+2  A: 

Have you seen Hacking Exposed?

IainMH
+6  A: 

Bruce Schneier's books (in particular, Applied Cryptography) might come in helpful (if that's the kind of security you're interested in!).

OysterD
A: 

@IainMH: That seems pretty good, but more geared toward networks and not the software side. Is that a wrong assumption, based on the title of the book and not the contents?

Thomas Owens
This should probably be a comment on lainMH's post
wbowers
+1  A: 

@Thomas - It probably is more geared towards a system engineering person but there are four main sections. One covers 'software hacking'. It's such a big book, I can't see you not getting at least some value out of getting it out from the library.

You can also check it out here.

IainMH
+1  A: 

I found WEB HACKING : ATTACKS AND DEFENSE a good read. Its by Stuart McClure, Saumil Shah, Shreeraj Shah published (well here anyway) by McClure. From a coding point of view it outlines many of the things a programmer leaves out or does that leaves a site open to attack. I think its still pretty relevant today.

nso1
A: 

I own the first edition of Hacking:The Art of Exploitation, and I highly recommend it; offering solid introductions and analysis on some of the most common issues with a unique approach. Primarily the first review highlighted on Amazon and the couple after it are truly right on.

Patrick Loz
A: 

Also look at

Computer Forensics and Privacy by Michael A. Caloyannides

The details about off-the-shelf forensics are thought provoking.

Tim Williscroft
+1  A: 

Fyodor in his interview in slashdot recommends Practical Unix and Internet Security 3° Edicion as an starting point

kmilo
+3  A: 

Security Engineering by Ross Anderson is a must have.

He is a professor at Cambridge University, and his book covers the landscape well including topics such as bank notes, legislation, physical security (eg against burglary) ... There is a great chapter on what security you come up with when you have an unlimited budget - the case study of US security around its nuclear weapons.

There are sample chapters online at the link above, and the entirety of the first edition is also available for download aswell.

It is suitable for undergraduates (I believe it is a massively expanded version of his lecture notes).

Hamish Downer
I used this as a text for my 4th year undergraduate security course. A very good book. More readable than one could imagine.
Kibbee
+2  A: 

The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage. It's the story of a system administrator tracking a hacker around the world. It's a really interesting read although the events took place in 1986.

Wikipedia has more info: http://en.wikipedia.org/wiki/The_Cuckoos_Egg

Otherside
+1  A: 

I recommend 2600 magazine.

BlueGene
A: 

I found Counter Hack Reloaded to be an excellent read. It really shows you the ins and outs of security, and explains it in such a way that helps you understand the underlying problems with various protocols, and how to prevent it.

Anton
A: 

You should try Build Your Own Security Lab by Michael Gregg, its a book on security, hacking, and computer forensics. This book is a great starting point for those who wanna experiment with computer software and computer hardware (security wise of course!).

wantoknow