List price: $49.95 (that's 30% off!)
Used price: $24.00
Buy one from zShops for: $24.99
Still the idea was very interesting (information directly from the real experts), and I kept waiting for a new edition.
Well the second edition is now out, and not only fulfills, but exceeds all my original expectations !!
Let's take a look:
The Approach:
Understanding attacks and vulnerabilities, by understanding 'how to hack' (good hacking of course. . . .ahem )
The Book:
Rewritten, expanded and improved, the book consists of 800+ pages well structured into 18 chapters (against 450+ pages and 15 chapters of the first edition).
Well written, well presented, with a real fancy table of contents, the chapters include url's, a FAQ section and a SOLUTIONS FAST TRACK one.
A lot of CLEVER code is included as well as helpful 'Tool & Traps' and 'Notes from the Underground. . . ' outlines.
The new sections (all outstanding) include:
- Hardware Hacking (otherwise only found in papers)
- Tunneling (excellent)
- IDS evasion (very easily explained)
- Format strings attacks
The Intended Audience:
People willing to become network security pros.
Contents:
- Introduction to Security, Attacks and related Methodologies.
- Cryptography.
- Unexpected Input, Buffer Overflow, Format Strings.
- Sniffing, Hijacking and Spoofing.
- Tunneling, Hardware Hacking, Viruses (et al.).
- IDS Evasion.
- Automated Tools.
- Reporting Security Problems.
The Bottom Line:
It is not just a good book, it is the best book among high level network security books, and the only that compares with specialized papers. Only quite easier.
I got more than 60 papers on buffer overflows. None compares with the classical 'Smashing The Stack For Fun And Profit' by Aleph One. IMHO, however, the corresponding chapter from this book, does compare and is really easier to understand.
Finally, the 'piece de resistance' of the book, is the chapter about Spoofing. Really enjoyed it, and by the way got surprised reading the innovative (to me) technique to 'Spoof Connectivity Through Asymmetric Firewalls'. Good Job Dan ;-)
As an added bonus, as an owner of this book, you'll find a lot of code files, applications and links...
Used price: $36.25
Buy one from zShops for: $144.90
Used price: $171.49
Buy one from zShops for: $171.50
Used price: $50.00
Used price: $15.76
Used price: $1.01
Collectible price: $2.64
Buy one from zShops for: $11.20
Used price: $0.20
Collectible price: $5.04
Buy one from zShops for: $9.99
HPYN2E shines in many respects. The "laws of security" in chapter 2 are accurate and enlightening. Chapter 4 helps teach secure programming techniques by comparing insecure and secure code snippets. Chapter 4 also demonstrates debugging and disassembling code, usually not seen in security texts. Chapter 8 probably contains the most advanced coverage of buffer overflows I've read in a book. By actually showing and explaining stack traces, the authors share a level of detail sufficient to satisfy all but the most elite coders. Chapters on "diffing" (5) and format strings (9) are robust. Hardware hacking, thoroughly described in chapter 14, is fascinating. The author cared enough to include numerous clear photographs of disassembled equipment, and mentioned many helpful external web references.
While these great chapters comprise more than half of HPYN2E, the remainder is not exceptional. I was not happy with the rambling, wordy chapters on spoofing (12) and tunneling (13). Spare us the quotes from Dante's "Divine Comedy"! Still, this material is easily skimmed.
Because HPYN2E is written more from an intruder's point of view, the title doesn't seem to reflect the material. The book isn't exactly a "how to hack" manual, but it expertly illuminates many facets of compromising information resources.