Open Close

Must Have Security Books


(In No Order of Preference. Hover over links for book previews)

Penetration Testing

  1. Penetration Tester’s Open Source Toolkit, Vol. 2
  2. Dissecting the Hack: The F0rb1dd3n Network, Revised Edition
  3. Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques
  4. Hacking: The Next Generation (Animal Guide)
  5. Gray Hat Hacking, Second Edition: The Ethical Hacker’s Handbook
  6. Google Hacking for Penetration Testers
  7. Professional Pen Testing for Web Applications (Programmer to Programmer)
  8. WarDriving and Wireless Penetration Testing
  9. The Hacker’s Handbook: The Strategy Behind Breaking into and Defending Networks

Building a Security Lab

Professional Penetration Testing by Richard is good starting point for most of the average professional out there to start and operate a formal hacking and pentesting lab. For advanced folks, some chapters may be little generic but nevertheless provides good dos and don’ts while designing a lab. Both the books will help you to achive:

  • If you already having some bit of pentesting and skills, you can turn it into a serious business!
  • Learn to carry out attacks in a controlled enviroment with plenty of examples.
  • Understand the basic project management skills required to gear up for a ethical hacking business.
  • Security metrics which provides meaningful insights to findings and the pentest report.
  1. Professional Penetration Testing: Creating and Operating a Formal Hacking Lab
  2. Build Your Own Security Lab: A Field Guide for Network Testing

Application Security Books

  1. The Web Application Hacker’s Handbook: Discovering and Exploiting Security Flaws
  2. Web Application Vulnerabilities: Detect, Exploit, Prevent
  3. Foundations of Security: What Every Programmer Needs to Know (Expert’s Voice)
  4. Hacking Exposed Web Applications, 3rd Edition
  5. Seven Deadliest Web Application Attacks (Syngrass Seven Deadlest Attacks)
  6. Software Security: Building Security In
  7. The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
  8. The Database Hacker’s Handbook: Defending Database Servers
  9. Web 2.0 Security – Defending AJAX, RIA, AND SOA
  10. Web Services Security
  11. Gray Hat Python: Python Programming for Hackers and Reverse Engineers
  12. SQL Injection Attacks and Defense

Network Security Books

  1. Z4ck – Bypass Any Network Security!
  2. Network Security Essentials: Applications and Standards (4th Edition)
  3. Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses (2nd Edition)
  4. Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
  5. Hacking Exposed: Network Security Secrets and Solutions, Sixth Edition
  6. Seven Deadliest Network Attacks (Syngress Seven Deadliest Attacks)

Exploitation and Vulnerability Research Books

  1. The Shellcoder’s Handbook: Discovering and Exploiting Security Holes
  2. Reversing: Secrets of Reverse Engineering
  3. The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System
  4. Hacking: The Art of Exploitation, 2nd Edition
  5. Malware Analyst’s Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
  6. Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research
  7. The Mac Hacker’s Handbook
  8. Rootkits: Subverting the Windows Kernel
  9. The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler
  10. Exploiting Software: How to Break Code
  11. Advanced Windows Debugging

Cryptography Books

  1. Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition
  2. Cryptography Engineering: Design Principles and Practical Applications
  3. Cryptography Demystified

General Security Management

  1. Information Security: Principles and Practices
  2. Corporate Computer and Network Security (2nd Edition)
  3. Security Policies and Procedures: Principles and Practices
  4. Managing Information Security

Certification Books

  1. CISSP All-in-One Exam Guide, Fifth Edition
  2. Official (ISC)2 Guide to the CISSP CBK, Second Edition ((ISC)2 Press)
  3. Mike Meyers’ CISSP(R) Certification Passport
  4. CEH Certified Ethical Hacker Study Guide
  5. The Official CHFI Study Guide (Exam 312-49): for Computer Hacking Forensic Investigator
  6. Ethical Hacking Official Guide from EC Council
  7. CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide

1 comment

  1. Temeka says:

    Having read tҺіs I thouǥht it was really informative.
    I aƿpreciate уоu finding the time ɑnd energy tօ put thіs infoгmation togеther.
    I oոce again fіnԁ myself personally spending ɑ lot of
    time Ƅoth reading аnԁ leaving comments. Вut so wҺat, it was still worth іt!

Leave a comment

All fields marked (*) are required