Bookshelf

Welcome to the bookshelf. This page contains a list of all the books we have read and own. It serves as a resource for us and for anyone who’s interested in the topics we enjoy reading and writing about. The following list of books are all recommended to anyone who’s looking to further advance their understanding and knowledge of network, system, software and web security.

Recommended reading

• Advanced Windows Debugging
• Ajax Security
• Designing BSD Rootkits: An Introduction to Kernel Hacking
• DNS and BIND
• File System Forensic Analysis
• Network Warrior
• Operating Systems Design and Implementation (3rd Edition)
• Reversing: Secrets of Reverse Engineering
• Secure Programming with Static Analysis
• Security Engineering: A Guide to Building Dependable Distributed Systems
• Security Metrics: Replacing Fear, Uncertainty, and Doubt
• Security Power Tools
• Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks
• Software Security: Building Security In
• TCP/IP Illustrated: The Protocols
• The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
• The Database Hacker’s Handbook
• The IDA Pro Book
• The Practice of System and Network Administration (2nd Edition)
• The Security Development Lifecycle
• The Shellcoder’s Handbook: Discovering and Exploiting Security Holes
• The Tao of Network Security Monitoring: Beyond Intrusion Detection
• The Web Application Hacker s Handbook: Discovering and Exploiting Security Flaws
• Windows Internals
• Writing Security Tools and Exploits

Papers

• Looking to add papers to this list… Submit one if you’d like

Articles, Directives, Regulations

• SANS’ Reading Room
• NIST Special Publications
• Export Administration Regulations
• The International Traffic in Arms Regulations (ITAR)
• DoD 5200.28-STD, “Trusted Computer System Evaluation Criteria”
• NCSC-TG-005, “Trusted Network Interpretation”
• DoD 5220.22-M, “National Industrial Security Program Operating Manual”
• DCID 6/3, “Protecting Sensitive Compartmented Information Within Information Systems”
• DCID 6/9, “Physical Security Standards for Sensitive Compartmented Information Facilities”
• FM 2-22.3, “Human Intelligence Collector Operations”

RFCs

• RFC 791 - Internet Protocol
• RFC 793 - Transmission Control Protocol
• RFC 1918 - Address Allocation for Private Internets
• RFC 2616 - Hypertext Transfer Protocol — HTTP/1.1