Thursday, March 31, 2011

Review of Hacking Exposed: Web Applications, 3rd Ed just published my four star review of Hacking Exposed: Web Applications, 3rd Ed by Joel Scambray, Vincient Liu, and Caleb Sima. From the review:

This is the third Hacking Exposed: Web Applications (HE:WA) book I've reviewed, having reviewed the second edition in 2006 and the first edition in 2002. While I gave the earlier editions each five stars, I don't think HE:WA3E quite meets my expectations of a five star web application security book -- at least not one bearing the Hacking Exposed (HE) series name.

In my opinion, the winning formula for a good HE book was set by the first in the series, back in 1999: 1) explain a technology of interest; 2) show exactly how to exploit it; 3) recommend countermeasures. For me, these three steps MUST be followed, and any book with HE in the title that fails to follow this recipe is likely to fall flat. The reason I like this approach is simple; in many cases, defenders first encounter a new technology only after a researcher or intruder has broken it! In other words, the offensive side is usually far ahead of the defensive side, because offenders often specialize in a promising new area and pursue it relentlessly until they break it. Good HE books help redress this imbalance by getting the defender up to speed on a new technology, showing how to break it, and then suggesting defensive measures.


Geek4god said...

Trying to build a library and consume as much of it as possible so I appreciate these reviews. When you review a book that was less than perfect or heck even one that was perfect could you also suggest some alternatives? This would be especially helpful on the low score books. Knowing books to avoid or be cautious of is great, but if the subject interest me it would also be great to see some suggestions of other books I might want to take a look at as well..

Anonymous said...

I read you reveiw and loved it, very educational and to the point. I hold your reviews and recommendations at very high regards.

I know you are rather busy, but if and when you have time, would you create a list of "recommended books" in regards to Web Applications Security.

Many thanks in advance.