Detectify team’s 10 favourite security books


November 30 is Computer Security Day, a day dedicated to security awareness and education. To celebrate, we have put together a list of our team’s 10 favourite reads, ranging from books about the history of hacking to technical web security guides. Get ready to add some new titles to your winter reading list and learn about security!

Fredrik Nordberg Almroth, Security Researcher and Co-Founder

The Tangled Web: A Guide to Securing Modern Web Applications by Michal Zalewski
Contains a bunch of tips for finding flaws in various web applications. It also shows how different aspects of the web hang together and how you can abuse the different moving parts to hack applications.

The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws by Dafydd Stuttard and Marcus Pinto
A bit old, but contains solid research regarding multiple commonly spotted web vulnerabilities. The research may be outdated, but old vulnerabilities have a tendency to show up elsewhere.

Web Hacking 101 by Peter Yaworski
The book comes straight from the ethical hacking/bug bounty community, with real life examples and tricks people have used on F500’s and silicon valley companies.

PoC||GTFO by Manul Laphroaig
Follows the footsteps of the old hacking magazines and covers everything from reverse engineering, system internals and other offensive security research.

Cryptography Engineering: Design Principles and Practical Applications by Niels Ferguson,‎ Bruce Schneier and Tadayoshi Kohno
Awesome book that demystifies some of the principles in modern cryptography.

Johan Edholm, SysOp and Co-founder

Johan Edholm, Detectify

Exploding phone by Phil Lapsley
A really good book about how the telephone system was built, how it works, and how people exploited it. It goes all the way back to the telegraph and shows how that technology provided a foundation for the telephone system.

Yasmin Tilles, PR and Marketing Manager

Yasmin Tilles, Detectify

Future Crimes by Marc Goodman
A good intro to the security and privacy implications of new technology. This is a great read if you’d like to learn more about why security matters and how to become more security-conscious.

Linus Särud, Security Researcher

Linus Särud, Detectify

The Art of Deception: Controlling the Human Element of Security by Kevin D. Mitnick
Think this is the first security related book I read. It shows just how easy it is to fool someone or to get fooled, and has affected how I think about security.

Our Mathematical Universe: My Quest for the Ultimate Nature of Reality by Max Tengmark
A logical reasoning about the universe and the meaning of life. Not about security in any way, but programmers tend to be logical in their way of thinking and I think this book could be appreciated by many.

Christoffer Fjellström, Backend Developer

Detectify team’s 10 favourite security books

Hacking: The Art of Exploitation by Jon Erickson
Gives some very good fundamentals on a very broad array of subjects in application security. Great explanations on why each part of what they’re going through is important which gives you a good base to adapt the technique to whatever your use case is and helps understand how to mitigate similar issues in your own code.



Source link