Books about cybersecurity: 5+ recommendations from our experts

Published on August 20, 2014

Books about cybersecurity: 5+ recommendations from our experts

    Recently, I had a show talk with Alexei Malanov, an employee of the Laboratory and an experienced malware researcher , about whether, for example, an employee of the public relations department (= not a techie) can become a virus analyst? The answer was simple and complex at the same time: the basics of programming, processor architecture, features of operating systems, network protocols ... In general, "buy an Assembler book and come back in five years."

    But what if you go up one level? From the analysis of specific instances of malware (which is not easy in itself), to a comprehensive investigation of computer incidents? This is what the Global Research and Analysis Team does.(GReaT). I recently turned to them with a similar question: what books can they recommend to other computer security specialists (bearing in mind that the basics of programming and other basic things have already been mastered)? The result is a list of five books - and actually of ten :-), - which can be found under the cut.


    To begin with, a small disclaimer: just below you will see a lot of links to Amazon, and not because our experts prefer to buy books there. First, we took the initial list of popular books on security, which was shown to experts, from there. Experts noted interesting books and added their recommendations, and we received feedback from our colleagues from 10 different countries of the world. It would be wrong to limit specialists to only books translated into Russian. Fortunately, in English all the publications mentioned here are available in electronic form (at least in the Amazon version of the Kindle Edition, and possibly from other sellers). If you know about the publication of books from the list in Russian - let me know in the comments. Let's go!

    1. Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation
    Bruce Dang; 2014
    Link

    If, as a result of reading the first chapter, you get the impression of a certain lightness of presentation, then this impression is false. Reading this book, I was even glad that everything was stated in a simple and understandable language even for a layman, and immediately paid for it.

    After joining you, a stream of detailed information about reverse engineering, the features of the Windows kernel and processor architectures immediately collapses without special discounts on the level of training. However, this is more of a textbook than a reference guide for an experienced professional. The work of a security researcher most often begins with the analysis of malicious code, and this book is quite suitable for familiarization with this task.

    2. The Practice of Network Security Monitoring: Understanding Incident Detection and Response
    Richard Bejtlich; 2013
    Link

    The book provides a qualitative overview of tools for monitoring network security. What is important, the description of monitoring tools is supplemented by practical examples of their application. It is not clear the truth why in the book in such a volume dumps of network traffic are given - this is especially striking in the paper edition. According to our experts, if this is your first introduction to the topic of security in computer networks, then this book is one of the best manuals.

    3. Threat Modeling: Designing for Security
    Adam Shostack; 2014 year
    Link

    Although each of us is intuitively involved in threat modeling, very few do it professionally. Adam Shostak is one of such rare pros. His hard-working job at Microsoft is called Security Development Lifecycle Threat Modeling; accumulated work experience was embodied in a thick six-page book, which will be useful to both beginners and experienced professionals.

    Starting with simple things like the four-way “What are we building”, “What can go wrong with what is built”, “What can we do about what can go wrong” and “Is our analysis good,” Shostak plunges into each of aspects of threat modeling are very deep, offering proven methods, software tools, and small tricks to help build an effective threat model for anything. By the way, the book clearly defines aspects that are more useful to application developers, IT system architects, and security specialists, which is also useful.

    Reading a book greatly brightens up the intelligent trolling, to which the author resorts regularly, describing cliches that often pop up when modeling threats, or situations at meetings with project participants (for example, it’s not a computer at all, but a human problem in the style of “so who is responsible for checking this SQL a request? ”).

    4. Android Hacker's Handbook
    Joshua J. Drake; 2014 year
    Link

    In contrast to the PC ecosystem, where, due to the number and “age” of threats, scientific and practical work on their analysis has been ongoing for a long time, the Android platform is a fast-catching beginner. Therefore, there is only one Android security book on our list, and it is devoted not so much to malware analysis as to an overview of the entire spectrum of threats for mobile devices - from vulnerabilities in the OS to application development taking into account security requirements. The book annotation states that this is “the first edition for IT professionals responsible for smartphone security.” The 500-page volume is not enough to describe in detail all aspects of mobile security, but most of these problems in this book are at least outlined. One of the authors of this book, by the way, used to be an expert at Kaspersky Lab.

    5. The Art of Computer Virus Research and Defense
    Peter Szor; 2005
    Link

    The only book of the five, released as much as 9 years ago. Before the advent of Android and iOS, tablets and the practice of using personal computers at work, cyber weapons and many other elements of modern computer-network reality. Nevertheless, the age of this particular book does not interfere at all, and for one simple reason: the development of the cyber threat protection industry is described here in retrospect. And to understand, “where did that come from” is very important, regardless of what you do. For example, because threats on mobile devices develop in almost the same scenario as threats for ordinary PCs (only much faster).

    By the way, follow the activities of our experts from GReaT on Twitter. A regularly updated twitter list can be found here .

    Bonus tracks :)
    Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
    Michael Sikorski; 2012
    Link
    This book can be seen as an alternative to Bruce Dang's work or as an addition.

    Reversing: Secrets of Reverse Engineering
    Eldad Eilam; 2005
    Link
    Examples in this book, also released 9 years ago, may seem dated. But the (relative) simplicity of the presentation of the topic for someone will be more valuable than the relevance of platforms and tools.

    The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities (Mark Dowd; 2006; link ).

    The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler (Chris Eagle; 2011; link ).

    The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory (Michael Hale Ligh; 2014; link ).

    And what books on this subject would you recommend?