security books. recommend some.
Moderator: General Moderators
security books. recommend some.
Hi,
What security books would you recommend buying. Unfortunately I can choosen only one for now, so I would like to hear you suggestions.
These are the books I currently have in mind in order of precedence.
1. http://www.microsoft.com/mspress/books/5957.aspx
2. http://www.swsec.com/
3. http://www.mhprofessional.com/product.p ... promocode=
Please ignore price on links provided, only content matters.
I am php developer so I am looking for either php security specific book (I don't think there any good), or some general security development book.
Thanks for you comments.
What security books would you recommend buying. Unfortunately I can choosen only one for now, so I would like to hear you suggestions.
These are the books I currently have in mind in order of precedence.
1. http://www.microsoft.com/mspress/books/5957.aspx
2. http://www.swsec.com/
3. http://www.mhprofessional.com/product.p ... promocode=
Please ignore price on links provided, only content matters.
I am php developer so I am looking for either php security specific book (I don't think there any good), or some general security development book.
Thanks for you comments.
Books can only get you so far. I wouldn't say security books are the best answer either. The best way to attempt at securing a box as much as humanly possible is to learn the OS you are dealing with, and then trying to crack it yourself. Read up on the tutorials and exploits people write on how to take advantage of a site. Find the scripts and appy's most of the script kiddies are using to take control of the box with their 31337 cracking skills. once you know the exploits and vulnerabilities, that's when you know where to look for protecting yourself. That would probably be the best source of information than any book could ever teach you. Not to mention that most books cover old, outdated and obsolete exploits that havce been patched for years.
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
if you mean this one.d11wtq wrote:Chris Shifflet has a good O'Reilly one out (and he posts here on occassion).
http://phpsecurity.org/
I already got it.
@infolock
I think you miss the point. There is no ultimate security. But good books about the topic exists no matter what. And it definately don't have to be OS specific or whaterver. There are just general developement principles and stuff that is just hard to guess yourself as newbie programmer and good developers, actually write about them. So in my opinion, a book might make a huge difference.
Last edited by jmut on Mon Mar 05, 2007 9:11 am, edited 1 time in total.
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
- seodevhead
- Forum Regular
- Posts: 705
- Joined: Sat Oct 08, 2005 8:18 pm
- Location: Windermere, FL
I guess the point i missed was the type of security you were talking about. I was speaking of network security, not code security. So, in a sense, I guess I was missing the point, that being my interpretation of "What security books would you recommend buying" =)jmut wrote: @infolock
I think you miss the point. There is no ultimate security. But good books about the topic exists no matter what. And it definately don't have to be OS specific or whaterver. There are just general developement principles and stuff that is just hard to guess yourself as newbie programmer and good developers, actually write about them. So in my opinion, a book might make a huge difference.
Secondly, I agree 100% about there not being a ultimate security. I don't think I stated there was (= In either case, that is why I recommended what I did and I still stand by it
On a network prespective, it's all about determining the methods in which the intruder (or script kiddie/cracker) attempts to break in. In the code world, it's all about what to look for when dealing with data, and how to prevent overflows/escape sequences that could allow them to jump down to console.
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
Besides the books from Shiflett and Ilia which I also can recommend, there is Pro PHP securityby Chris Snyder. It's a bigger and - for me - more difficult book then the other two. Snyders book goes a lot deeper into server config stuff. Haven't read it all yet, only a few chapters, but it seems like a good book. So much to read, so little time ..
Re: security books. recommend some.
I have the M$ book, but I don't think you'll benefit from it with regards to PHP security, go for it only if you're interested in C/C++ development. I have skimmed over some PHP security books (I think I've read Shiflett's almost in full) and found that they basically cover the same ground. I also found nothing that I didn't know before from reading the manual, so that's another option for youjmut wrote:Hi,
What security books would you recommend buying. Unfortunately I can choosen only one for now, so I would like to hear you suggestions.
These are the books I currently have in mind in order of precedence.
1. http://www.microsoft.com/mspress/books/5957.aspx
2. http://www.swsec.com/
3. http://www.mhprofessional.com/product.p ... promocode=
Please ignore price on links provided, only content matters.
I am php developer so I am looking for either php security specific book (I don't think there any good), or some general security development book.
Thanks for you comments.
Doing *cough* pen tests to sites is also extremely beneficial to one's security awareness, and reading vulnerability mailing lists also helps. They are lately spammed with too much fake PHP vulns to be really helpful right away, but there is the long-term benefit of having seen many different vulnerabilities as they happened in real-life living code.
Re: security books. recommend some.
Would you recommend any?Mordred wrote:..and reading vulnerability mailing lists also helps. ...
I am currently following this RSS feed
http://www.securityfocus.com/rss/vulnerabilities.xml
Good stuff but by no means php specific.
You mean this one http://phpsec.org/projects/guide/ ?Everah wrote:I have Shiflett's book and Ilia Alshanetsky's book 'Guide to PHP Security'. It has a foreword by Rasmus Lerdorf. It is a very handy reference.
I'll just dump the mails, you'll easily find how to subscribe
web-related:
webappsec@securityfocus.com
websecurity@webappsec.org
(the above two are not the same)
General purpose, higher traffic, but this is where the bulk of bugs are reported:
bugtraq@securityfocus.com
full-disclosure@lists.grok.org.uk
Penetration testing, sometimes relevant:
pen-test@securityfocus.com
Can someone recommend more resources?
web-related:
webappsec@securityfocus.com
websecurity@webappsec.org
(the above two are not the same)
General purpose, higher traffic, but this is where the bulk of bugs are reported:
bugtraq@securityfocus.com
full-disclosure@lists.grok.org.uk
Penetration testing, sometimes relevant:
pen-test@securityfocus.com
Can someone recommend more resources?
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
Nope, this one.jmut wrote:You mean this one http://phpsec.org/projects/guide/ ?Everah wrote:I have Shiflett's book and Ilia Alshanetsky's book 'Guide to PHP Security'. It has a foreword by Rasmus Lerdorf. It is a very handy reference.
- Buddha443556
- Forum Regular
- Posts: 873
- Joined: Fri Mar 19, 2004 1:51 pm