Thursday, December 31, 2009

Best Book Bejtlich Read in 2009

It's the end of the year, which means it's time to name the winner of the Best Book Bejtlich Read award for 2009!

Although I've been reading and reviewing digital security books seriously since 2000, this is only the fourth time I've formally announced a winner; see 2008, 2007, and 2006.

2009 was a slow year, due to a general lack of long-haul air travel (where I might read a whole book on one leg) and the general bleed-over from my day work into my outside-work time.

My ratings for 2009 can be summarized as follows:

  • 5 stars: 6 books

  • 4 stars: 5 books

  • 3 stars: 4 books

  • 2 stars: 0 books

  • 1 stars: 0 books


Here's my overall ranking of the five star reviews; this means all of the following are excellent books.

And, the winner of the Best Book Bejtlich Read in 2009 award is...


1. SQL Injection Attacks and Defense by Justin Clarke, et al; Syngress. This was a really tough call. Any of the top 4 books could easily have been the best book I read in 2009. Congratulations to Syngress for publishing another winner. SQL injection is probably the number one problem for any server-side application, and this book is unequaled in its coverage.

Looking at the publisher count, top honors in 2009 go to Syngress for 2 titles, followed by Wiley, Cisco Press, O'Reilly, and devGuide.net, each with one.

Thank you to all publishers who sent me books in 2009. I have plenty more to read in 2010.

Congratulations to all the authors who wrote great books in 2009, and who are publishing titles in 2010!

6 comments:

Wesley McGrew said...

Good list! I have been recommending Web Application Hacker's Handbook to folks for a while.

My choice for best book of 2009 would be Bill Blunden's The Rootkit Arsenal. It's a weighty tome, and absolutely chock-filled with well-written explanations of some very low-level technical stuff. Excellent value for your money, and the author makes it an enjoyable read.

Anonymous said...

Thanks for sharing this. I can confirm that the IPv6 Security Book is really great.

I think I will also get the three web-sec related books as well.

Dying Canaries said...

Agreed on WAHH as #2, the book was awesome. I keep it on my desk as a reference.

mike said...

Speaking of books, I am looking forward to your new one in 2010! I have your 3 other books which are really great! Any plans to update Extrusion Detection or "The Tao of Network Security Monitoring" ?

Richard Bejtlich said...

Hi Mike,

I am working with Keith Jones on another forensics book. I would like to write a new "Network Visibility Survival Guide" book. I'd also like to update Tao, or at least write a new book covering Tao themes. The question, as always, is time!

Anonymous said...

I like the Web application hacker's handbook.

-Nitesh