Monday, February 14, 2005

Pre-Reviews: On Bejtlich's Bookshelf

Many publishers have been kind enough to send review copies of interesting books. I am especially grateful when publishers send books I definitely plan to read. Unfortunately, in some cases the time between my receipt of the book and my review is longer than I would like. The purpose of this blog entry is to let you know of the great books I have waiting on my bookshelf. They are the same ones listed on my reading list. As I receive books on my Wish List, I'll pre-review those as well.

First up is Beginning Perl, 2nd Ed by James Lee and published by Apress. James also co-wrote Hacking Linux Exposed, 2nd Ed, which I enjoyed. I do not plan to read this book and become a Perl guru. Instead, I hope to become familiar enough with Perl to understand applications that use the langauge. Oinkmaster, the Snort rules update script, is one example.

My plan to start seriously learning Python begins with Practical Python by Magnus Lie Hetland and published by Apress. I gained an introduction to Python when I read Learning Python, 2nd Ed by Mark Lutz. Two subjects which were never really addressed in that book, however, were accepting user input and network programming. I hope this Python book and those that follow help me to put Python to work.

My next Python book is Dive Into Python by Mark Pilgrim and published by Apress. This book expects readers to have some knowledge of programming, so there is less hand-holding than an introductory book might have. I am reading this and other Python books because the language seems like a good way to accomplish programming tasks that don't require the low-level bit handling power of C.

My last Python reference is Foundations of Python Network Programming by John Goerzen and also published by Apress. By now you should see I think Apress is bringing a lot of helpful programming texts to the world. I intend to read this book to learn how to write client-server networking programs.

My last book on interpreted languages is Practical Programming in Tcl and Tk, 4th Ed by Brent Welch, Ken Jones, and Jeffrey Hobbs, and published by PHPTR. I'd like to gain some familiarity with Tcl/Tk because it's the language in which Sguil is written. I would like to contribute more to Sguil than the few modifications I've already submitted.

Next is Beginning C, 3rd Ed by Ivor Horton and published by Apress. C is everywhere, from operating systems to security applications like Snort. As with Perl, I don't expect to read this book and become a C wizard. I already gained a passing familiarity with C by reading Stephen Prata's C Primer Plus, 4th Ed. I hope to read this new C book and improve my ability to understand other people's C, and perhaps make tweaks if needed.

I have similar hopes for Practical C Programming, 3rd Ed by Steve Oualline and published by O'Reilly. I actually started to read this book before any other book on C. I became frustrated when I found some of the exercises required knowledge of programming topics not yet introduced in the book. With a little more C understanding, I think I could complete the exercises and gain additional insights into C.

If you thought learning C would be tough, try a book on assembly like Professional Assembly Language by Richard Blum and published by Wrox, a Wiley imprint. I am definitely not reading this book to become an assembly programmer. I am also not reading the book to modify assembly produced by the compiler, as is the stated goal of the text. Rather, I frequently encounter assembly when looking at exploit code. I would like to be able to follow what the code is doing, and thereby improve my understanding of the enemy's capabilities.

The next series of books builds upon the programming knowledge gained from the previous titles. I start with Exploiting Software by Greg Hoglund and Gary McGraw, published by Addison-Wesley. This is a very popular book, but I have held off reading it until I have the necessary programming background to really appreciate it. This is in some ways the second book in a series on security programming; the first was Building Secure Software.

The next book in the attacking software category is Buffer Overflow Attacks by James C. Foster, et al, published by Syngress. I find it interesting to see an entire book devoted to this class of attack. I am looking forward to gaining a good understanding of this sort of exploit. The book features several strong contributing authors.

My last book on attacking software is the very popular Shellcoder's Handbook by Jack Koziol, et al, published by Wiley. This book is similar to Exploiting Software; I prefer not to read it until I have a better understanding of C and assembly. This book featured a number of zero-day attacks that were not fixed until after the book's publication.

I plan to move from attacking software to defending it by reading Writing Secure Code, 2nd Ed by Michael Howard and David C. LeBlanc, published by Microsoft Press. If anyone needs to read this book, it is certainly Microsoft. Whereas Building Secure Code was more UNIX-oriented, this book supposedly addressed Windows vulnerabilities.

I plan to temporarily leave the security world behind once I start reading the Pocket Guide to TCP/IP Sockets (C Version) by Michael J. Donahoo and Kenneth L. Calvert, published by Morgan Kaufmann. This is a short book, but it provides an introduction to socket programming in C. The authors assume some command of C, so my earlier reading should prepare me.

Next I hope to read Understanding UNIX/LINUX Programming: A Guide to Theory and Practice by Bruce Molay, published by PHPTR. I would like to gain a general appreciation for programming in the UNIX environment when reading this book. I am not planning to hack any kernels or userland applications, but I want to know more about what is happening under the hood of my UNIX systems.

The next book is one that some people thought might never be published. It's Unix Network Programming, Vol. 1: The Sockets Networking API, 3rd Ed, by the late W. Richard Stevens, and updated by Bill Fenner and Andrew M. Rudoff, published by Addison-Wesley. When Richard Stevens passed away in late 1999, the world lost an exceptionally talented author and person. This book is an update to his 2nd edition, and I look forward to reading it.

The last book waiting to be read on my bookshelf is BSD Sockets Programming from a Multi-Language Perspective by M. Tim Jones, published by Charles River Media. I think this is a good way to end my programming reading, because it shows how to accomplish network programming tasks in a comparative manner. Jones covers socket programming in C, Java, Ruby, Perl, Python, and Tcl. While I will not have any Java or Ruby experience, I expect to learn a lot by comparing the various approaches for the languages with which I am somewhat familiar.

I have other unread books on my shelf, but these are the ones I currently possess and plan to read. My Wish List shows over 30 other titles I hope to acquire in the coming months (or probably years). At some point I will integrate them into my upcoming reading list, or just do individual pre-reviews as I acquire them. Stay tuned. :)


Adam said...

As an avid user of FreeBSD and php I am courious to your stance on Php. I find it very easy to create scripts and set them in a cron job to acheive many of the repetive tasks on my system. And in many cases give them a browser front end to manange them. Thanks for you blog. It constantly helps me and gives me new idea's.

Richard Bejtlich said...

Hello Adam,

I'm afraid I have no experience with PHP. Anyone else?

Anonymous said...

I'm curious since it seems that you post a book review every few days. In general, how long does it really take you to read a book? Were there some speed reading classes you took along the way? Married, full-time job, writing a book, how do you find the time? =)

btw, I read your blog religiously and thank you for all your contributions.


Richard Bejtlich said...

Hi Dustin,

I usually squeeze time in to read when my family is sleeping, or when my wife is looking after our daughter. She is very supportive in this way since she believes my reading and writing helps create professional opportunities.

I've never taken any speed-reading classes. I was a history/poli sci major at the Air Force Academy, so I learned to read and absorb a good deal of info in a short period of time. I think I read about 50-60 pages per hour, but that rate is not "burst mode." 50-60 pages per hour gives me time to look up info on the Web, take a break, etc. I could probably read faster but I wouldn't remember as much. Still, I don't seem to read fast enough as my backlog stretches for about 50 books!

Anonymous said...
This comment has been removed by a blog administrator.