SecurityCertified

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Thursday, December 31, 2009

Best Book Bejtlich Read in 2009

Posted on 5:51 PM by Unknown
It's the end of the year, which means it's time to name the winner of the Best Book Bejtlich Read award for 2009!



Although I've been reading and reviewing digital security books seriously since 2000, this is only the fourth time I've formally announced a winner; see 2008, 2007, and 2006.



2009 was a slow year, due to a general lack of long-haul air travel (where I might read a whole book on one leg) and the general bleed-over from my day work into my outside-work time.



My ratings for 2009 can be summarized as follows:



  • 5 stars: 6 books


  • 4 stars: 5 books


  • 3 stars: 4 books


  • 2 stars: 0 books


  • 1 stars: 0 books




Here's my overall ranking of the five star reviews; this means all of the following are excellent books.



  • 6. Vi(1) Tips by Jacek Artymiak; devGuide.net. Every Unix admin should know how to use vi(1), and Jacek's book provides the right balance of commands and examples.


  • 5. Web Security Testing Cookbook: Systematic Techniques to Find Problems Fast by Paco Hope; O'Reilly. Even though I am not a Web developer, I found this book to be very clear and helpful for security analysts trying to understand Web traffic.


  • 4. IPv6 Security by Scott Hogg; Cisco Press. When it comes to IPv6 security books, there is really no alternative, and thankfully this book delivers.


  • 3. Windows Forensic Analysis DVD Toolkit, Second Edition by Harlan A. Carvey; Syngress. Harlan's update to the first edition of his book is another winner; you must read this book.


  • 2. The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws by Marcus Pinto; Wiley. This is an excellent book. I read several books on Web application security recently, and this is my favorite.




And, the winner of the Best Book Bejtlich Read in 2009 award is...



1. SQL Injection Attacks and Defense by Justin Clarke, et al; Syngress. This was a really tough call. Any of the top 4 books could easily have been the best book I read in 2009. Congratulations to Syngress for publishing another winner. SQL injection is probably the number one problem for any server-side application, and this book is unequaled in its coverage.



Looking at the publisher count, top honors in 2009 go to Syngress for 2 titles, followed by Wiley, Cisco Press, O'Reilly, and devGuide.net, each with one.



Thank you to all publishers who sent me books in 2009. I have plenty more to read in 2010.



Congratulations to all the authors who wrote great books in 2009, and who are publishing titles in 2010!

Email ThisBlogThis!Share to XShare to Facebook
Posted in bestbook, reviews | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • DojoCon Videos Online
    Props to Marcus Carey for live streaming talks from DojoCon . I appeared in my keynote , plus panels on incident response and cloud secur...
  • Bejtlich Speaking at TechTarget Emerging Threats Events in Seattle and New York
    I will be speaking at two events organized by TechTarget , for whom I used to write my Snort Report and Traffic Talk articles. The one-da...
  • Review of Crypto Posted
    Amazon.com just posted my four star review of Crypto by Steven Levy. From the review : Steven Levy's "Crypto" is a fascinati...
  • SANS WhatWorks Summit in Forensics and Incident Response
    I wanted to remind everyone about the SANS WhatWorks Summit in Forensics and Incident Response in DC, 8-9 July 2010. The Agenda looks gre...
  • A Book for the Korean Cyber Armies
    I've got a book for the Korean cyber armies, North and South. That's right, it's my first book , The Tao of Network Security Mo...
  • Sguil 0.7.0 on Ubuntu 9.10
    Today I installed a Sguil client on a fresh installation of Ubuntu 9.10. It was really easy with the exception of one issue I had to troubl...
  • Microsoft Updates MS09-048 to Show XP Vulnerable to 2 of 3 CVEs
    Microsoft published a Major Revision of MS09-048 to show that Windows XP Service Pack 2 and Windows XP Service Pack 3* are now Affected So...
  • Understanding Responsible Disclosure of Threat Intelligence
    Imagine you're hiking in the woods one day. While stopping for a break you happen to find a mysterious package off to the side of the t...
  • Embedded Hardware and Software Pen Tester Positions in GE Smart Grid
    I was asked to help locate two candidates for positions in the GE Smart Grid initiative. We're looking for an Embedded Hardware Penetr...
  • BeyondTrust Report on Removing Administrator: Correct?
    Last week BeyondTrust published a report titled BeyondTrust 2009 Microsoft Vulnerability Analysis . The report offers several interesting ...

Categories

  • afcert
  • Air Force
  • analysis
  • announcement
  • apt
  • attribution
  • bestbook
  • blackhat
  • books
  • breakers
  • bro
  • bruins
  • certification
  • china
  • cisco
  • cissp
  • cloud
  • clowns
  • commodore
  • conferences
  • controls
  • correlation
  • counterintelligence
  • cybercommand
  • cyberwar
  • dfm
  • education
  • engineering
  • feds
  • fisma
  • freebsd
  • GE
  • ge-cirt
  • hakin9
  • history
  • impressions
  • information warfare
  • ipv6
  • law
  • leadership
  • malware
  • mandiant
  • microsoft
  • mssp
  • nsm
  • offense
  • oisf
  • packetstash
  • philosophy
  • pirates
  • powerpoint
  • press
  • psirt
  • reading
  • redteam
  • reviews
  • russia
  • sans
  • sec
  • sguil
  • snorby
  • spying
  • threat model
  • threats
  • Traffic Talk
  • training
  • tufte
  • tv
  • ubuntu
  • usenix
  • verizon
  • vulnerabilities
  • wisdom
  • writing

Blog Archive

  • ►  2013 (16)
    • ►  September (1)
    • ►  August (1)
    • ►  June (2)
    • ►  April (2)
    • ►  March (1)
    • ►  February (3)
    • ►  January (6)
  • ►  2012 (60)
    • ►  December (4)
    • ►  November (5)
    • ►  October (3)
    • ►  September (10)
    • ►  August (2)
    • ►  July (6)
    • ►  June (6)
    • ►  May (4)
    • ►  April (2)
    • ►  March (9)
    • ►  February (6)
    • ►  January (3)
  • ►  2011 (108)
    • ►  December (3)
    • ►  November (7)
    • ►  October (11)
    • ►  September (9)
    • ►  August (18)
    • ►  July (10)
    • ►  June (5)
    • ►  May (4)
    • ►  April (13)
    • ►  March (17)
    • ►  February (2)
    • ►  January (9)
  • ►  2010 (193)
    • ►  December (14)
    • ►  November (11)
    • ►  October (6)
    • ►  September (16)
    • ►  August (15)
    • ►  July (26)
    • ►  June (15)
    • ►  May (15)
    • ►  April (15)
    • ►  March (16)
    • ►  February (19)
    • ►  January (25)
  • ▼  2009 (123)
    • ▼  December (10)
      • Best Book Bejtlich Read in 2009
      • Every Software Vendor Must Read and Heed
      • Difference Between Bejtlich Class and SANS Class
      • Reminder: Bejtlich Teaching at Black Hat DC 2010
      • Favorite Speaker Quotes from SANS Incident Detecti...
      • Notes from Tony Sager Keynote at SANS
      • Keeping FreeBSD Up-to-Date in BSD Magazine
      • Thanks for a Great Incident Detection Summit
      • Troubleshooting FreeBSD Wireless Problem
      • Let a Hundred Flowers Blossom
    • ►  November (17)
    • ►  October (21)
    • ►  September (13)
    • ►  August (20)
    • ►  July (21)
    • ►  June (21)
Powered by Blogger.

About Me

Unknown
View my complete profile