Estou fechando a compra de /alguns/ livros pela Amazon focados em segurança. Claro tenho alguns títulos de S.O.(Sistema Operacional), JAVA, Arquitetura e afins, mas gostaria da ajuda de vocês em estar escolhendo os melhores livros para estudo, focados é claro no que eu já falei.
Por este motivo, eu lanço a seguinte promoção: A melhor indicação de livro de segurança, performance e sistema operacional que eu não tenha colocado no meu carrinho de compras da Amazon e que eu não possua na minha biblioteca levará o seguinte kit:
Coloquem as dicas nos comentários logo abaixo deste post. A promoção irá até a próxima segunda-feira, 18/07, às 14:00, horário o qual eu fecharei a compra dos livros. Serão 3 kits.
Não achem que é fácil não, a minha lista atual já está em 52 livros 🙂
Segue a lista dos livros, até agora:
HACKING EXPOSED WEB APPLICATIONS, 3rd Edition – Joel Scambray
Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition – Allen Harper
UNIX and Linux System Administration Handbook (4th Edition) – Evi Nemeth
UNIX and Linux System Administration Handbook (4th Edition) – Evi Nemeth
Solaris™ Performance and Tools: DTrace and MDB Techniques for Solaris 10 and OpenSolaris – Richard McDougall
Oracle Solaris 10 System Virtualization Essentials (Oracle Solaris System Administration Series) – Jeff Victor
The Art of Software Security Testing: Identifying Software Security Flaws – Chris Wysopal
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities – Mark Dowd
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities – Mark Dowd
Fuzzing: Brute Force Vulnerability Discovery – Michael Sutton
Network Maintenance and Troubleshooting Guide: Field Tested Solutions for Everyday Problems (2nd Edition) – Neal Allen
The Shellcoder’s Handbook: Discovering and Exploiting Security Holes – Chris Anley
The Shellcoder’s Handbook: Discovering and Exploiting Security Holes – Chris Anley
The Web Application Hacker’s Handbook: Discovering and Exploiting Security Flaws – Dafydd Stuttard
Assembly Language Step-by-Step: Programming with Linux – Jeff Duntemann
Malware Analyst’s Cookbook and DVD: Tools and Techniques for Fighting Malicious Code – Michael Ligh
Hacker Techniques, Tools, and Incident Handling (Jones & Bartlett Learning Information Systems Security & Assurance Series) – Sean-Philip Oriyano
Security Strategies in Linux Platforms and Applications (Information Systems Security & Assurance) – Michael Jang
Reversing: Secrets of Reverse Engineering – Eldad Eilam
Live Hacking: The Ultimate Guide to Hacking Techniques & Countermeasures for Ethical Hackers & IT Security Experts – Ali Jahangiri
LPIC-2 Linux Professional Institute Certification Study Guide: Exams 201 and 202 – Roderick W. Smith
The Web Application Hacker’s Handbook: Discovering and Exploiting Security Flaws – Dafydd Stuttard
JUNOS Security – Rob Cameron
Network Warrior – Gary A. Donahue
Junos Enterprise Routing: A Practical Guide to Junos Routing and Certification – Peter Southwick
Hardening Apache – Tony Mobily
Write Great Code: Volume 1: Understanding the Machine – Randall Hyde
Write Great Code, Volume 2: Thinking Low-Level, Writing High-Level – Randall Hyde
Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems – Chris Sanders
The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler – Chris Eagle
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software – Michael Sikorski
Penetration Tester’s Open Source Toolkit, Vol. 2 – Jeremy Faircloth
Windows Forensic Analysis DVD Toolkit, Second Edition – Harlan Carvey
A Guide to Kernel Exploitation: Attacking the Core – Enrico Perla B.Sc. Computer Science University of Torino M.Sc. Computer Science Trinity College Dublin
Network and System Security – John R. Vacca
Seven Deadliest Wireless Technologies Attacks (Seven Deadliest Attacks) – Brad Haines
Seven Deadliest Web Application Attacks (Seven Deadliest Attacks) – Mike Shema
Seven Deadliest Network Attacks (Seven Deadliest Attacks) – Stacy Prowell
Seven Deadliest Microsoft Attacks (Seven Deadliest Attacks) – Rob Kraus
Dissecting the Hack: The F0rb1dd3n Network, Revised Edition – Jayson E. Street
Managed Code Rootkits: Hooking into Runtime Environments – Erez Metula
Web Application Obfuscation: ‘-/WAFs..Evasion..Filters//alert(/Obfuscation/)-‘ – Mario Heiderich
Web Application Obfuscation: ‘-/WAFs..Evasion..Filters//alert(/Obfuscation/)-‘ – Mario Heiderich
Practical Lock Picking: A Physical Penetration Tester’s Training Guide – Deviant Ollam
Penetration Tester’s Open Source Toolkit, Third Edition – Jeremy Faircloth
The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy – Patrick Engebretson
Coding for Penetration Testers: Building Better Tools – Jason Andress
The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System – Bill Blunden
BackTrack 4: Assuring Security by Penetration Testing – Shakeel Ali
Nginx 1 Web Server Implementation Cookbook – Dipankar Sarkar
O pequeno Principe.
Esse eu tenho.. hehehe
Corporate Computer and Network Security (2nd Edition) – R. R. Panko
uma amigo meu tem este livro e gostou muito! hehe
Livro Hacking: A próxima geração
Poxa…fiquei feliz com o post, acabei de fazer a compra de 4 livros na amazon e enviei para um amigo que está em NY e voltando para cá 🙂
Não sei se vale pra promoçoção mas……
Vão os títulos:
“Hacking Exposed: Network Security Secrets and Solutions, Sixth Edition”
Stuart McClure;
“Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition”
Allen Harper;
“Hacking: The Next Generation (Animal Guide)”
Nitesh Dhanjani;
“Hands-On Information Security Lab Manual”
Michael E. Whitman;
Não comprei agora mas o tenho há um tempinho e acho sensacional:
UNIX and Linux System Administration Handbook (4th Edition)
Evi Nemeth (Author), Garth Snyder (Author), Trent R. Hein (Author), Ben Whaley (Author)
esse não tem na amazon para vender.. só o em inglês e eu já possuo-o.
Certificação Security + da Prática Para o Exame Syo – 301
Mauser, Daniel; Diogenes, Yuri
Novaterra
É só inglês mesmo =\
Só para coloborar mesmo sem a intenção de ganhar nada, um grande amigo, Luiz Vieria que é Consultor em Segurança da Informação
Pentester – Investigador Forense Digital da 4Linux.
me recomendou um que ele acha muito bom.
Wiley Security Engineering 2nd.Edition.Apr.2008
mais ainda não deu T$em$$p$$o para ver.
Abraços
Outra recomendação do Luiz Vieira é o
PRACTICAL PACKET ANALYSIS 2 N D E D I T I O N
Using Wireshark to Solve Real-World Network Problems.
ainda estou procurando T$emp$$p$$o para vê-los.
Abraços
Pelo visto meu Ir.’. Luis já passou por aqui 🙂
Gustavo meu brother, para quem trabalha na área de gestão e política de segurança eu indico esse:
http://www.amazon.com/Information-Security-Policies-Made-Version/dp/1881585166/ref=sr_1_1?ie=UTF8&qid=1310753340&sr=8-1
Security Information Policies Made Easy
Baratinho, baratinho =)
Outros bons:
McGraw Hill – Hacker’s Challenge
Syngress – Cyber Warfare
Tem outros, mas agora estou dando aula e sem tempo de postar mais hehehe
Luiz,
o primeiro que vc indicou e que é bem baratinho daria para comprar, mas eu deixaria uns 10 para trás.. em um outro momento.. o Hacker’s Challenge é de 2006, desatualizado.
Valeu pelas dicas
Think outside the box!
“Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques”
Thomas Wilhelm, Jason Andress
http://www.amazon.com/Ninja-Hacking-Unconventional-Penetration-Techniques/dp/1597495883/ref=sr_1_1?s=books&ie=UTF8&qid=1310755293&sr=1-1
segue…
The Linux Programming Interface
Michael Kerrisk e
Book of PF, 2nd Edition
Peter N.M. Hansteen
Bom palpite ? 😉
Construindo Supercomputadores Com Linux – Marcos Pitanga
Creio que vc já tenha, mas com certeza vale a compra !
Outro do grande Marcos Pitanga – Honeypots, a Arte de iludir Hackers.
Estes são os que eu comprei esse ano, aproximado dos temas que vc deseja:
Engenharia de Software – Wilson de Pádua Paula Filho
Use a Cabeça Java – Kathy Sierra & Bert Bates
Fundamentos de Sistemas Operacionais – Silberschatz, Galvin, Gagne
O Melhor do Java – Jim Waldo
Código Limpo – Robert C.Martin (muito bom)
Algoritmos O guia Essencial – George T Heineman
Computação em Nuvem – Anthony T.Velte/Toby J.Velte/Robert Elsenpeter
Java Efetivo – Joshua Bloch
Java Web Services – Martin Kalin
Use a Cabeça Java Script
Avaliaçao de desempenho de sistemas computacionais – Thienne Johnson e Mauro Marganho
Redes Linux Livro de receitas – Carla Schroder
Projeto Digital – Conceitos e principios – Mohammad A.Karim/Xinghao Chen
Segredos do Hacker Ético
by Marcos Flávio Araújo Assunção.
Rootkits: Subverting the Windows Kernel
The Design and Implementation of the FreeBSD Operating System
Professional vSphere 5: Implementation and Management
😀
Auditing Cloud Computing: A Security and Privacy Guide (Wiley Corporate F&A)
Bom vou dar meu pitaco:
Writing Security Tools and Exploits (Paperback) by James C. Foster
Sockets, Shellcode, Porting, and Coding (Paperback) by James C Foster
Malware Analyst’s Cookbook and DVD (Paperback) by Michael Ligh
Build Your Own Security Lab: A Field Guide for Network Testing [Paperback] by Michael Gregg (Author)
Gray Hat Python: Python Programm… (Paperback) by Justin Seitz
Botnets: The Killer Web App [Illustrated] [Paperback]
97 Things Every Programmer Should Know: Collective Wisdom from the Experts [Paperback]
Linux Perfomance e Monitoramento da editora Brasport, Marcelo Alves fez um belo trabalho nesse livro.
Segurança em Sistemas Linux da Ciência Moderna; tem uma boa compilação de boas praticas.
Gustavo, compartilha sua lista de livros com a gente
São em inglês é são maravilhoso! 😉
Cryptography Engineering: Design Principles and Practical Applications.
http://www.amazon.com/Cryptography-Engineering-Principles-Practical-Applications/dp/0470474246/ref=sr_1_2?s=books&ie=UTF8&qid=1310831143&sr=1-2
Official (ISC)2 Guide to the CISSP CBK, Second Edition ((ISC)2 Press)
http://www.amazon.com/Official-Guide-CISSP-Second-Press/dp/1439809593/ref=pd_rhf_shvl_2
BackTrack 4: Assuring Security by Penetration Testing
http://www.amazon.com/BackTrack-Assuring-Security-Penetration-Testing/dp/1849513945/ref=pd_sim_b_14
Eu recomendo esse:
LPIC-1: Linux Professional Institute Certification Study Guide: (Exams 101 and 102)
Referencia:
http://www.amazon.com/Secrets-Lies-Digital-Security-Networked/dp/0471453803/ref=sr_1_1?s=books&ie=UTF8&qid=1310918282&sr=1-1
Gustavo, não sei se ja tem este, mas fica aqui mais uma recomendação “Protocolo TCP/IP – Behrouz A. Forouzan, Ed. Mc Graw Hill”
Gustavo, se me permite vou mudar um pouco o assunto. Vi que você vai adquirir alguns livros que tratam sobre Solaris.
Estou assumindo o setor de infra da empresa e possuímos alguns servidores solaris, gostaria de saber sua opnião e a dos nossos colegas sobre este sistema operacional comparado aos outros, vale a pena?
Bem, não sei se você tem estes, mas em todo o caso:
Cyber War: The Next Threat to National Security and What to Do About It – Richard A. Clarke;
VMware ESX and ESXi in the Enterprise: Planning Deployment of Virtualization Servers (2nd Edition); e
VMware vSphere 5 Clustering Technical Deepdive (Volume 2).
Abraços!
Ah sim, já ia esquecendo do Cisco Firewalls, do brazuca Alexandre Moraes.
🙂
“The Black book from Bitwise” Hacker’s Delight by Henry S. Warren
“Wizard Book”Structure and Interpretation of Computer Programs, Second Edition by Harold Abelson, Gerald Jay Sussman and Julie Sussman ,
“The Legendary K&R book”C Programming Language (2nd Edition) by Brian W. Kernighan and Dennis M. Ritchie
“The Dragon Book” Compilers: Principles, Techniques, and Tools (2nd Edition) by Alfred V. Aho, Monica S. Lam, Ravi Sethi and
“Sockets book” Unix Network Programming, Volume 1: The Sockets Networking API (3rd Edition) by W. Stevens, Bill Fenner and Andrew M. Rudoff (Nov 24, 2003)
Jeffrey D. Ullman
“Minix book” Operating Systems Design and Implementation (3rd Edition) by Andrew S. Tanenbaum and Albert S. Woodhull
“gnu book” Debugging with GDB: The GNU Source-Level Debugger by Richard M. Stallman, Roland Pesch and Stan Shebs
(Linux ASM book) Programming from the Ground Up by Jonathan Bartlett and Dominick Bruno Jr
(the cammel book)Programming Perl by Larry Wall ..
Linux System Programming: Talking Directly to the Kernel and C Library by Robert Love
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More by John Viega
Secure Coding: Principles and Practices by Mark G. Graff and Kenneth R. Van Wyk (Jul 2003)
Secure Coding in C and C++ by Robert C. Seacord
Secure TCP/IP Programming with SSL: Developer’s Guide by Edward Zaremba
The Book of PF: A No-Nonsense Guide to the OpenBSD Firewall by Peter N. M. Hansteen
Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort by Michael Rash
Web Security Testing Cookbook: Systematic Techniques to Find Problems Fast by Paco Hope and Ben Walther
Webbots, Spiders, and Screen Scrapers: A Guide to Developing Internet Agents with PHP/CURL by Michael Schrenk
Linux Security Cookbook by Daniel J. Barrett, Richard E. Silverman and Robert G. Byrnes
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Gordon Fyodor Lyon
Hacking: The Art of Exploitation, 2nd Edition
Jon Erickson
Reversing: Secrets of Reverse Engineering
eldad eilam
IPv6 Essentials by Silvia Hagen
IPv6 Socket API Extensions: Programmer’s Guide by Qing Li, Jinmei Tatuya and Keiichi Shima
Open Source Fuzzing Tools by Noam Rathaus and Gadi Evron
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities by Mark Dowd, John McDonald and Justin Schuh
The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System by Bill Blunden
WarDriving and Wireless Penetration Testing by Chris Hurley, Russ Rogers, Frank Thornton and Brian Baker
Electronics Sensors for the Evil Genius: 54 Electrifying Projects
thomas petruzellis
30 Arduino Projects for the Evil Genius by Simon Monk
(EMP GUN neste book xD )Electronic Gadgets for the Evil Genius : 28 Build-It-Yourself by Robert E. Iannini
Exame de Redes Com Nmap – Lyon Gordon
esse é otimo!