EH-Net

Features => Book Reviews => Topic started by: joe_fun on October 04, 2009, 11:12:35 PM


Title: Reviewing my List of Books
Post by: joe_fun on October 04, 2009, 11:12:35 PM
Hello Guys,
I just found this website and it looks very interesting, here is my first post so i apologize in advance if i am posting in the wrong section or my post is too long ...
I have academic background in networking, and i am interested in specializing in security, and i wanted to have a solid base in security from the application side as well, and i believe i will need to know some programming languages , i did some research online and i asked couple of my friends who are programmers, and i reached the conclusion that many of the programmers actually miss some fundamental basics, so based on their recommendations i compiled a list of 10 books that i can gradually read to build on my future programming knowledge step-by-step,  and from then focus more on the security aspect of it,
I wanted to get your opinions in the books themselves and the order chosen, and whether it covers all aspects of programming from theory to practical, and from low to high level languages concepts? and any recommendations/warnings?

Write Great Code: Volume 1: Understanding the Machine
http://www.amazon.com/Write-Great-Code-Understanding-Machine/dp/1593270038

Write Great Code, Volume 2: Thinking Low-Level, Writing High-Level
http://www.amazon.com/Write-Great-Code-Low-Level-High-Level/dp/1593270658

code complete
http://www.amazon.com/Code-Complete-Practical-Handbook-Construction/dp/073561967

object oriented thought process 3 edition
http://www.amazon.com/Object-Oriented-Thought-Process-3rd/dp/0672330164

Memory as a Programming Concept in C and C++
http://www.amazon.com/Memory-Programming-Concept-Frantisek-Franek/dp/0521520436/

the c programming language 2 edition
http://www.amazon.com/Programming-Language-2nd-Brian-Kernighan/dp/0131103628

Secure Coding in C and C++
http://www.amazon.com/Secure-Coding-Robert-C-Seacord/dp/0321335724

19 Deadly Sins of Software Security: Programming Flaws and How to Fix Them
http://www.amazon.com/Deadly-Sins-Software-Security-Programming/dp/0072260858

A Practical Guide to Ubuntu Linux
http://www.amazon.com/Practical-Guide-Ubuntu-Linux-Versions/dp/0137003889

Hacking: The Art of Exploitation, 2nd Edition
http://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/

Thanks in Advance

Title: Re: Reviewing my List of Books
Post by: Ketchup on October 05, 2009, 07:30:27 AM
Welcome to the forums!

I can only comment on the last one, as I haven't read the other ones.  It's one of the best books I have ever read.  It makes exploitation and shellcoding very easy to understand.  It covers both high level concepts and hands on coding.  

Title: Re: Reviewing my List of Books
Post by: joe_fun on October 05, 2009, 10:57:40 AM
Tnx Ketchup,
any idea how much background in programming is needed before attempting the "the art of exploitation"?
Tnx

Title: Re: Reviewing my List of Books
Post by: Ketchup on October 05, 2009, 11:04:53 AM
I would say that you need a basic understanding of C language, especially when it comes to memory management concepts.  ASM knowledge will probably help you with the shellcoding portion, but I don't think anything is required.   The author has a great intro to both. 

Title: Re: Reviewing my List of Books
Post by: joe_fun on October 06, 2009, 03:41:18 PM
Tnx Ketchup,
ill start reading that book and if i get stuck i will check some of the other books in the list,

Title: Re: Reviewing my List of Books
Post by: UNIX on October 09, 2009, 01:20:25 AM
If you are not very familiar with programming languages, I would not start with Hacking: The Art of Exploitation for several reasons. Starting with one which covers the basic concepts and ideas, you will get more out of the H:TAoE and it will be easier to follow each topic.

Title: Re: Reviewing my List of Books
Post by: joe_fun on October 10, 2009, 04:39:26 PM
Tnx awesec,
I guess a good idea to start with a memory book and a programming book before going with a more specialized book,

Title: Re: Reviewing my List of Books
Post by: sethmisenar on October 16, 2009, 09:11:53 AM
Not really what you asked for, but I hope this is helpful...

Check out the OWASP Podcast: http://www.owasp.org/index.php/OWASP_Podcast

I find this to be one of the more professional podcasts out there.  Although OWASP is ostensibly focused on Web Application Security, more general software security is definitely a well represented topic.  Also, if you aren't already familiar with OWASP, I highly recommend that you spend some time with this organization (reviewing the site, joining mailing lists of projects that interest you, joining a local chapter <if available in your area>).

19 Deadly Sins is a strong book.  You also might want to check out Software Security by Gary McGraw.

http://www.amazon.com/Software-Security-Building-Gary-McGraw/dp/0321356705

Hope this helps.

Seth

Title: Re: Reviewing my List of Books
Post by: joe_fun on October 16, 2009, 11:49:41 AM
Tnx Seth,
i wasnt familiar with OWASP organization, tnx for its link, i glanced at their podcasts and they do seem to be more than newbies tutorials but a much more professional interviews,
Definitely in my bookmarks,
Tnx again


Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com