tags:

views:

1174

answers:

14
+6  Q: 

What are good books about security, hacking, and computer forensics?

I know this is a broad area, but...

I'm looking at Writing Secure Code, Second Edition, but I was wondering what other good books were out there on the subjects of security, hacking, and computer forensics. A quick search turns up plenty, but I'm not sure where to begin.

For the record, I am a software engineering undergraduate student, so I would like books that aren't all that complex, but I'm sure there are other people here with varied backgrounds and levels of experience and education that might enjoy some more comprehensive books, so feel free to post any good books on the subject. Please identify who they are appropriate for, though.

+4  A: 

Don't waste time looking for "white hat hacking" books - the good ones won't make that distinction, and if you really want to be good at it, what's the point in knowing what the "good guys" are doing anyway?

Read the Phrack articles (start from the beginning), then check out the Shellcoders Handbook.

White hat hacking is just hacking with permission granted by the victim. It has nothing to do with the technique or approach to hacking the system itself.

Steve M  2008-08-26 12:09:59
+2  A: 

Have you seen Hacking Exposed?

IainMH  2008-08-26 12:19:40
+6  A: 

Bruce Schneier's books (in particular, Applied Cryptography) might come in helpful (if that's the kind of security you're interested in!).

OysterD  2008-08-26 12:22:16
A: 

@IainMH: That seems pretty good, but more geared toward networks and not the software side. Is that a wrong assumption, based on the title of the book and not the contents?

Thomas Owens  2008-08-26 12:23:01
This should probably be a comment on lainMH's post
wbowers  2008-10-30 08:23:35
+1  A: 

@Thomas - It probably is more geared towards a system engineering person but there are four main sections. One covers 'software hacking'. It's such a big book, I can't see you not getting at least some value out of getting it out from the library.

You can also check it out here.

IainMH  2008-08-26 12:27:13
+1  A: 

I found WEB HACKING : ATTACKS AND DEFENSE a good read. Its by Stuart McClure, Saumil Shah, Shreeraj Shah published (well here anyway) by McClure. From a coding point of view it outlines many of the things a programmer leaves out or does that leaves a site open to attack. I think its still pretty relevant today.

nso1  2008-08-26 12:39:00
A: 

I own the first edition of Hacking:The Art of Exploitation, and I highly recommend it; offering solid introductions and analysis on some of the most common issues with a unique approach. Primarily the first review highlighted on Amazon and the couple after it are truly right on.

Patrick Loz  2008-08-26 23:13:37
A: 

Also look at

Computer Forensics and Privacy by Michael A. Caloyannides

The details about off-the-shelf forensics are thought provoking.

Tim Williscroft  2008-09-05 05:26:22
+1  A: 

Fyodor in his interview in slashdot recommends Practical Unix and Internet Security 3° Edicion as an starting point

kmilo  2008-09-17 15:40:03
+3  A: 

Security Engineering by Ross Anderson is a must have.

He is a professor at Cambridge University, and his book covers the landscape well including topics such as bank notes, legislation, physical security (eg against burglary) ... There is a great chapter on what security you come up with when you have an unlimited budget - the case study of US security around its nuclear weapons.

There are sample chapters online at the link above, and the entirety of the first edition is also available for download aswell.

It is suitable for undergraduates (I believe it is a massively expanded version of his lecture notes).

Hamish Downer  2008-10-04 17:23:06
I used this as a text for my 4th year undergraduate security course. A very good book. More readable than one could imagine.
Kibbee  2009-01-05 13:51:47
+2  A: 

The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage. It's the story of a system administrator tracking a hacker around the world. It's a really interesting read although the events took place in 1986.

Wikipedia has more info: http://en.wikipedia.org/wiki/The_Cuckoos_Egg

Otherside  2008-10-14 05:59:54
+1  A: 

I recommend 2600 magazine.

BlueGene  2008-10-30 05:06:18
A: 

I found Counter Hack Reloaded to be an excellent read. It really shows you the ins and outs of security, and explains it in such a way that helps you understand the underlying problems with various protocols, and how to prevent it.

Anton  2009-01-05 13:45:58
A: 

You should try Build Your Own Security Lab by Michael Gregg, its a book on security, hacking, and computer forensics. This book is a great starting point for those who wanna experiment with computer software and computer hardware (security wise of course!).

wantoknow  2009-12-07 05:28:50

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security