April 13, 2008

How good are these security books ?

I`m kind of guy who reads books. I`m one of those who reads A LOT of books , and to be more detailed , it rarely happens that a (security related) book is published and I`ve not checked it , at least as fast as checking only titles and chapter descriptions . But I still believe that checking Google beside known good resources which publish new papers and findings , is more effective than reading books . Of course , there are some exceptions too . But generally , I find the "Index" part of published books as their most valuable part ! why ? Because it help you to get idea what the book is about , and try to search & find more/better contents on web ,rather than reviewing entire chapter for nothing new or exciting .
Recently we`re faced with a wave of new books in the field of information security . Checking a site like Amazon for known topics like "web application security" will return more than 20 books covering this field , but are all of them really covering NEW information ? No . Almost all of them are copying already published papers and materials , and even worse , most of the time simply converting available readme or man pages to a book ! this readme-to-book seems getting more popular these years . Most of Books covering security tools , are true samples of this case . Syngress is #1 in this conversion IMO . Checking most of books from this publisher , you`ll see that it`s some times a modified copy/paste from documentations of products. You may have picked up new books covering Snort , Ethereal , Nmap , ISA , Exchange , .... and you dedicate your valuable time for reading them. It`s considered that you`ve already tried available manuals/readme/Help-menu and you`re purchasing the book to learn something new . But when you finish reading the book cover to cover , you`ll be like "wtf ?! I knew all of these from the software/product documentation . what about those shining bold fonts on cover announcing NEW tips ? " . I`m sorry to say that most of them (covers) are designed to cheat you !

There are yet some better books . Those who copy good old contents from previous books , to keep the book pass quality control ! Here`s how it happens :
You get a new book covering "Buffer overflow attacks" . Some chapters teach you already-known information in new and some times better ways . well , you like the book at the end , cus it was something useful for you . Another new book is published from the same published covering " Writing Security tools..." . This time fewer useful contents , and some of chapters are exact copy/paste of past book . well , you don`t like this book much . Same publisher release another book covering "Metasploit Framework" . Wow, finally some dedicated book for MSF . it must have valuable contents , so let`s try it . This time you`ll hate not only the book , but also the publisher ! why ? Cus here`s how this book was cooked : Good OLD chapters of first book , copy/paste of chapters from the other book on same topic , and finally rehashed manual pages and documentations of the tool itself ! what make it even more annoying is that the authors have not even tried to update contents . You`re reading 2005 contents in 2008 . And you know what '3 years' means in information security !

So , should you stop reading books ? no . I`m trying to say don`t consider any book , a real book ! If you want to learn a new topic , before choosing a book for reading cover to cover , be sure it have something new , or at least it`s well organized , to be able to reduce your Googleing time .
How to know if it`s a real/good book ? Most of the times , Those who are working in same topic/field as the book they`re authoring , the result will be a good book . Check Amazon again , searching for top rated or most popular security books . You`ll see that in almost all of the cases co-authors of the book are known authorities in the field . "The {shellcoders/DB hackers/Oracle Hackers/Web App Hackers} Handbook" series by Wiley are all excellent books authored by smart geeks . There are many other good samples but mentioning all will just make this post longer .

Next tip for those who want to pick books covering specific tool/solution/product/device/appliance : Forget about The Book ! Believe me or not the best refrence for learning them is available manuals and documented already provided beside it . The only case that override this assumption is when the developer/company itself attempt to write a book . New "Nmap In the Enterprise" book from Syngress is a great sample. Checking cover and titles even caused me to look inside the book , because I`ve seen some words about "NSE" or Nmap Scripting Language , which I`m currently learning it . I though I`ve finally the resource to review some real working samples . But when I checked related chapter , it was few paragraphs on how to use the "-sC" switch !!! Now I feel like an 'NSE' expert ! Fydoro is working on his Nmap book too , and I`ve seen some prepared contents . It`s funny when you compare these two books ! Let`s see how it will be rated when released .

And Final tip for reading (security) books :
If you want to learn what you read , don`t just read ! try and experience every single topic you read , in real-world and with real samples , not even books test cases. Other ways you won`t get much from that book. This is specifically matching the books trying to teach you techniques , not the concepts . There`s not much to try when you`re learning how designing a secure network by design, but tens of ways to write exploits for a single overflow case , or injection possibility . So get your hands dirty ! Reading books without experiencing them will make you lazy and book-depended soon or later .

No comments:

Post a Comment