Hackers Books

From the very first chapter Romina will have you guessing what's around the next corner. Lots of action, lots of technology, what more could you ask for. Oh a plot, its a good one.

This book provided me with hours of enjoyment. Great character development and plot. I enjoyed it through the last page. I'm looking forward to Ms. Wilcox's next book.

I was absorbed by this thriller. Working in a corporate industry, I can relate to the characters, the events, the corporate environment and places. Not only that it will keep you guessing, it is informative, entertaining, and it has a moral value. In the end you're sorry to say goodbye to the characters. Romina Wilcox is as good as today's suspense writers. I hope she is busy writing the next one.

I am by no means a professional writer, I just love to read. I got "Cold Eyes" a while ago and was finally able to read it. I read the book in one sitting because I simply could not put it down. Romina Wilcox has a way of taking you on a journey. It starts off slow and easy then goes all twisty-turney on you. The plot twists were wicked and fun and I enjoyed the novel very much. I found myself saying this person did it then something happened and my mind was changed. That happened a lot in this novel. I would recommend this novel to anyone wanting a good read. Keep up the great work Romina and I'd read anything you would write.

I enjoyed this book so much. It's a cyber suspense and one would think its a book for men readers. Nope! Actually, I supposed its the fact that it's written by a female author made this story so great. In the middle of all the cyber and high-tech stuff, there is a beautiful woman that I can follow. Joanne is a woman of our generation. I can totally relate to her. The characters in Cold Eyes seem so real. The places are real. I was virtually swept into the world of techies. The plot is also complicated but found myself enjoying every page. Read it to see for yourself.

The Bedford Handbook
I was satisfied with my order, and was delivered as it said

i ordered it and got it in a very good condition and in time. customer service is awesome. my blessings. keep up the good work.

this book is good for when you're writing essays and you can't remember a certain format or something and you can flip through the book real quick for examples of essays, outlines and thesis statements, although I wish i had the cd version of it so i can always have it with me instead of toting around the book. they could have made the format of the book better.

for instance i remember seeing a book called "A Writers reference" both are MLA format and one came from my community college and just the way its put together is better over all than this one.

The Bedford Handbook is an excellent guide for anyone enrolled in a college English course. The book gives details on correct grammar usage, as well as descriptions of different essay styles. The book is very helpful to me with my English class.

Diana Hacker has an English comp book for any possible usage, she grinds them out every few years. My college requires me to use this book as a handbook. That is unfortunate.

Of course, this book provides a basic explanation of English composition, grammar, documentation, and document design and critical reading. However, the attempt in this case is to present something that is lighter than Rules for Writers, a full scale manual that is sufficient to use as the only text for a college composition course or as a full writers reference, and her Writers Reference, which is a good handy handbook that is inadequate as a full course book, but is great as a rule book to be used by students taking a course using another text.

Usuing this book, I have had to create supplements from web material for issues that I expect to be covered fully in a college handbook such as the requirements of formal writing.

To be sure there are interesting illustrations and graphics and like her other books, the text is intimately linked with the enormous online network that Hacker and her publishers have created. It is not an awful book to use, but I would prefer Rules for Writers, Jane E. Aaron's Litte Brown Handbook, or Writer's reference.

I have a virtual calculator called the DIY Calculator that accompanies my own book "How Computers Do Math" The Definitive Guide to How Computers Do Math : Featuring the Virtual DIY Calculator.

I recently added a "Conundrums, Puzzles, and Posers" section to the "Programs and Subroutines" page on my DIY Calculator website ([...]) and I've started to build a collection of simple puzzles for people to play with.

One of the first problems I posed was to count the number of ones in the 8-bit accumulator and to present the result as a binary value. I thought I had discovered the best-possible solution, until someone pointed me in the direction of the "Hacker's Delight". (In this context, "Hacker" refers to a hero who is manipulating code; not a nefarious rapscallion who breaks into other people's computer systems.)

I immediately ordered a copy from Amazon, and took delivery just yesterday as I pen these words. This book is fantastic - I kid you not - on the first page of Chapter 2, for example, I discovered at least five or six capriciously clever tricks that blew my solutions out of the water!

I highly recommend this book.

My first introduction to binary operators wizardry was in a 1st year, 1st semester course in Digital Systems at the Technion, IIT. I thought it was fun. While I was trying to write a computer program to compute Karnaugh Maps for me, I run into performance problems, and then some binary hackery helped me get back on the horse.

Since then, whenever I come across some binary trick I write it down with a few examples of usage and sometimes with some reasoning why it works.

Then came "Hacker's Delight" and I felt compelled to buy it.

I wasn't disappointed at all! Not only it contained all of the tricks that I have collected, but also it contains a lot more in depth examples of how these tricks can come in handy when trying to squeeze performance from an implementation or save a few more bytes and bits.

The book also gave me a fresh perspective on the implementation of some well known algorithms with the twist of binary arithmetic. This was very enlightening.

I read the "BASICS" chapter (chapter 2) with a single breath of air, and just couldn't leave it down. Not only it was nice to have all these tricks summarized in one book, but also I liked some of the reasoning and the "so-called" proofs.

Remaining chapters were, as I mentioned before, a fresh look for me on known algorithms. This fresh look was through the glasses of binary arithmetic.

I'd recommend this book to anyone who feels comfortable with binary arithmetic and/or computer organization -- even just for the fun of it!

I'd recommend the book to developers who don't necessarily have a sympathy to this topic, but would like a Copy&Paste solution to some problems they have to tackle.

I really enjoyed reading this book, and I will probably reference it from time to time.

The term "hacker" in this book means someone who enjoys making computers do interesting tricks regardless of whether it turns out to be useful, not someone who is intent on circumventing computer security. Plus, how relevant would those kind of tips be coming from a book that was written in 2002? Don't let the author's definition of a hacker fool you, though - the tricks in this book are very useful.

This book is a collection of small programming tricks on various subjects. The presentation is very informal, and the methods use very basic computer math. You should know your binary number system backwards and forwards before you start this book. Either C or assembly language is used to demonstrate the hacks in code form. When assembly language is used, it is that of a fictitious machine that is representative of RISC computers. That is because the tricks are meant to be platform independent.

After disposing of basic arithmetic operations early in the book, the author turns his attention to more complex math problems such as calculating square roots. His discussion of the subject is both complex and simple. First, he explains Newton's method of computing square roots through a page full of equations that require some effort to follow. Then he gives an implementation that requires fewer than twenty lines of C code. This is followed by another method that is longer and more cryptic but executes faster, by using a binary search algorithm. Whether you are interested in the equations or merely need the C code to do your job, these solutions are efficient and elegant.

Other topics addressed include Gray codes, the Hilbert curve, and prime numbers. Gray codes are a method of arranging the integers from 1 to N in a list so that each number can be visited exactly once by flipping only one bit at a time. The Hilbert curve is a similar idea expressed geometrically: a single continuous curve which, given a space divided into a grid of squares, touches every square exactly once and does not cross itself. In each case, both the mathematical discussion and the code to solve the problem are provided.

The chapter on prime numbers is the most challenging mathematically but also one of the most interesting. It starts with a concise overview of various mathematicians' efforts to devise ways of finding prime numbers. The author is one of those people who periodically become fascinated by some problem and devote themselves to learning more about it and searching for a solution. The chapter ends not with the usual code sample, but instead with an invitation to continue the search for interesting solutions to the problem.

Clearly, the author views this book not as a finished collection, but rather as a snapshot of work in progress. After decades of interest-driven research, the author has amassed a collection of studies big enough to fill a book, and it is fortunate for the rest of us that he has written one.

They don't make them like this anymore. Amid the "Learning XXX in 21 days" and various other computer book for which depth is almost non existent (and are read like eating peanuts), this is a refreshing book that talks about solutions to sometimes common (IMHO) coding problems.
If you enjoy programming gems, or remember that beyond your C code there is a machine that executes your program, this is the book for you. For example, think how would you count the 1 bits in a 32 bit integer - the book has an elegant solution in log(n). Aside from this, the book has about 50 or so problems, with their solutions (and proof).
Bottom line: fine book, worthy to be near my Knoth, R&K and Stroustrup books.

This book is an absolute essential to the right reader. That right reader is either a low-level coder, a high-level logic designer, or someone who builds tools and libraries for same. In other words, not a lot of people. This is hacking at its bit-level finest, though. If you're among those few, or think you might be, or want a good laugh at the people who are, dig in.

It's good for things like counting the number of 1 bits in a word-length integer (hint: if you count the bits, you're doing it the hard way). It's good for things like fast division by an integer constant, or mod to a constant integer modulus (hint: if you perform division by dividing, you're barking up the wrong tree). If you can look into a 32x32 bit multiplication and see a convolution going on, you're way ahead of the game. The only tricks I know that didn't appear here are A) for purposes that almost no one has or B) for machines that almost no one has.

Warren presents the coolest collection of slimy coding tricks ever collected, with full attention to the number of machine cycles and the compiler-writer's unique needs. I've seen a lot, and this is by far the biggest and coolest collection around. I have two complaints, though, a small one and a really big one. The small one is that the author didn't score a direct bullseye on my somewhat offbeat needs. Well, he never tried to - that's just me griping that he didn't write a different book. The big complaint is that pages, lots of them, just fluttered out of this pricey book and onto the floor. GRRR. This takes nothing away from the content of the book, until some critical page flutters off never to be seen again. Still, if you can keep a rubber band around it, this will be one of the deepest mines of coolness in your uber-geek library.

//wiredweird

Hex is an amazing sci-fi trilogy that will keep you enthralled from the very first page. In the late 21st century, scientists created the Hex gene to improve human knowledge of computers. The project was later abandoned, but mutants with the gene, known as Hexes, continued to be sought out and exterminated.
Years later, Raven, a Hex and possibly the most dangerous teenager in the world, along with her brother, Wraith, travel to London in search of their younger sister, Rachel. There they meet Kez, a streetrat, and Ali, a popular and rich girl who has just discovered that she is a Hex. Soon the group becomes engaged in a dangerous mission that could cost them their lives.
Containing interesting characters with distinct personalities, excellent descriptions, and an imaginative portrayal of the future, Hex is one of the best science fiction books you'll come by and the fitting start to a great series.

I read all three books in the trilogy over a year ago and have recently come to pick them up again. The best feature of the book is the idea, I love reading sci-fi books that don't actually feel sci-fi - the books that I enjoy explaining the plot to friends and family. The reason I didn't give the book five stars was because there wasn't enough romance, and there is always room for romance - where are we without it? Also I would have loved to have more information about the way of life that far ahead into the future, on a more day to day level. The last reason is because i didn't like Raven, although i know why she was cold and heartless I think hope goes a long way but i never felt she would change - it is definitely a first for me to love a book and not love the main character. Despite this the book left me wanting to find out more so it definitely earned four stars.

if youve seen the old movie hackers, then you'll love this. I love the dysfunctional family life of brother and sisters, the way the main character is a female, who feels alienated from the world around her because everyone else feels inferiror to her talents. Its a well written series, ive read all three hex books, and i was compleatly satisfied...hmmm, well it woul dhave been good if there was a little romance, but you probably cant have that. You fall in love with Raven, and hate the people she hates, you find them utterly annoying :D its a gotta read

The book was very well done. A bit cliche, but a good read all the same. The characters are believable and the book doesn't make you want to gag with details and mindless information. The only real complaint I have is something seemed to be missing from the explanation. I couldn't finger it, but there was just something not there. But it's definately worth picking up.

The most dangerous person in the 24th century is a 15-year-old girl named Raven --- and officially she doesn't even exist. Why? Raven is a Hex --- part human, part super computer. In the late 21st century, Hexes were created by genetically enhancing human children. Hexes can reach into the Net and access information systems from around the world. They can move around the World Wide Web the way other teenagers stroll around a mall. Raven has awesome powers --- she can control computers with her thoughts. Raven is in hiding, though, and she would like to keep it that way. If the secret government finds out that she is alive, she will be killed.

Children with the Hex gene must either fight for their lives, hide away, or be exterminated. The government doesn't want its people to know that Hexes exist. The CPS, a secret government agency, is on a mission to seek and destroy all Hexes. Most die no matter what they do. Raven's sister, Rachel, is already presumed dead, even though she had never shown any sign of being a Hex. While searching the Internet for some sign of Rachel's existence, Raven runs across another fate that Hexes face. A fate worse than death. It is this discovery that will eventually lead Raven, along with her foxy non-Hex brother Wraith, to the place where Hexes die.

HEX is book one of what promises to be an outstanding series by Rhiannon Lassiter. Lassiter does a great job of making the people in her books as real as possible. Even the minor characters have great personalities.

There is a reference to a New York disaster and some talk about terrorism, which takes some of the fun out of this book. This is minor, though, and doesn't take away from the fact that HEX is a book that you are cursed to enjoy.

--- Reviewed by Kat, recent high school grad and young adult fiction diva

I bought this to help perform research on a security course that I'm preparing. Even though the information on some of the honeypot programs is a bit outdated, I still found the book very helpful. It's well-written, and gives a very good explanation of how to implement honeypots. It was a tremendous help in my research.

This book is written with obvious passion towards honeypots as the author obviously believes in the power of honeypots in making the corporate network a safe place. The discussion cover simple and advanced topics in honeypot motives, creation and trapping hacker information. In all, a well researched book that evangelises the use of honeypot intrusion detection

This book did a great job of presenting the concepts of modern honeypot technology. It begins by covering the basic concepts of what the different types of honeypots can do, the different design concepts of production honeypots vs. research honeypots and how honeypots can be an aid to network security in any organization. The one thing I did'nt like was the "flow" of the book and the way some chapters were written. There was an exessive amount of fluff, some topics were beat like a dead horse. The book could easily have shaved off 50 pages making it a better read. Overall, it was a great book, I learned a lot, and would recomend it to anyone looking for an intro to honeypots. The included CD was a plus as well.

Honeypots is an excellent introduction to the subject of honeypots, useful as a reference for experts as well as for beginners to the subject. It is written very clearly and provides step-by-step instructions with plenty of examples and screenshots. It covers commercial, open source, and do-it-yourself solutions, from very simple low-interaction detection honeypots to very high-interaction research honeypots. A CD-ROM is included with software and example data collected by honeypots. One defect is a fairly large number of typos.

Honeypots: Tracking Hackers By Lance Spitzner (Senior Security Architect for Sun Microsystems, Inc.) is an advanced computer science text to understanding and making use of "honeypots" (technological systems specifically designed to be compromised by online attackers) as burglar alarms, incident response systems, or tools for gathering information about hackers in order to better guard the security of one's compter data. Technical know-how, advanced theory, guidance from three legal experts, and more fill the pages of this excellent and very strongly recommended resource for anyone invested with cyber security responsibilities. An accompanying CD-ROM contains white papers, source code, and data captures of real attacks to facilitate the deployment of honeypot solutions to serious computer problems.

This book is an eye-opener on privacy invasion, and how it can harm you in countless ways. It is a comprehensive study of the many forms privacy invasion can take, especially as practiced on the Internet, and what you can do to protect yourself. Author Dan Tynan has studied these offensive practices for years, and gives us the benefit of his research and findings. Find out what is going on, and what you can do protect yourself, not only on the internet, but in other aspects of your life as well.

Much as we don't want to, privacy is something we all need to think about and protect these days, unless we want to give up our computers and other gadgets and go back to stone tablets. Now we have an easy, funny, understandable guide to protecting ourselves in the online age, and we'd be foolish (and just asking for trouble) to ignore it. Dan Tynan has done all the hard work for us; now we just need to make sure that everyone we know reads this book!

This book covers more than just your digital privacy. It sweeps on a wide variety of privacy topics. I find that a good thing since it's comprehensive. In reality your digital identity is interspersed with your physical identity and both a very important.

This is the most accessible of the privacy books I've read. The advice is presented in bite sized bits that are easy to understand and implement. It gives both background and practical advice. Both of which are necessary to understand the problem and the solutions.

Computer Privacy Annoyances
O'Reilly
By Dan Tynan
ISBN 0596007752

As someone who gets asked questions about Internet use and safety all the time, a book I had been itching to read was "Computer Privacy Annoyances", by Dan Tynan. According to the cover, the book covers "How to avoid the most annoying invasions of your personal and online privacy."

The quick and dirty? The book gives very practical, real-world examples of how your data can be used, yet the author manages to avoid sounding like a doomsayer... even some of the more scary scenarios don't come off sounding like sensationalism, just honest (and sometimes even apologetic) examples of what could very realistically happen. (I thank you, Mr. Tynan.)

I'll take bets on anyone that doesn't learn at least ten new things they didn't know about their privacy rights. Mr. Tynan has taken the proverbial "They" and reduced it to the very organizations that "they" really are. Did you know you can request a copy of your FBI files? Do you know who has the power view it? Do you know who is collecting data on you at this very moment and what they are doing with it?

The book's format allows for a surprisingly fast read. Well organized sections such as privacy at home, on the Internet, in public, at work, and even on a federal level allow for quick chapter absorption. In each chapter, the author states the annoyance, and then the fix. This allows for quick skipping over an 'annoyance' that might not annoy you that much.

I did notice that the author made no mention of the everyday information users give out about themselves without even realizing it, such as usernames that contain birthdates and such. But the Internet privacy chapter is only a small portion of the topics covered in this book. In fact, if I had to find one fault with this book, however, I'd say they lost a much larger audience that could have easily benefited from the book by calling it *Computer* Privacy Annoyances.

As a tech professional, if I could get all my clients, users, friends, family and complete strangers to read this book, I strongly believe identify theft could become a thing of the past. And it might even reduce global blood pressure, too. Bonus!

Privacy? Good luck! Even the slightest misstep on line (or anywhere else, for that matter) can open you up to privacy intrusions that you may not know about. Dan Tynan does a really good job in outlining these areas in Computer Privacy Annoyances. This is pretty much required reading for living in our heavily computerized society.

Contents: Privacy At Risk; Privacy At Home; Privacy On The Net; Privacy At Work; Privacy In Public; Privacy And Uncle Sam; Privacy In The Future; Index

In this Annoyances title, Tynan looks at a wide range of activities and situations that involve a potential unwanted loss of privacy. Using a question and answer format, he effectively shows how seemingly innocent activities (like booking a hotel room or ordering a kosher meal on a flight) can be logged and combined to build a profile of your activities that may not present a very flattering picture of who you are and what you do (and with whom). While there's the obligatory chapters on spam, online registration sites, and the like, there are also excellent chapters that cover privacy at work (what your employers can and can not do) as well as health record concerns. Things may not be as secure and private as you think they are...

Realistically, there's already more information out there to be gleaned than you'd probably expect and be comfortable with. But by reading and digesting the contents of this book, you can start to reduce your exposure going forward. Even just the awareness of privacy concerns will start to cause you to question *why* a merchant might want certain information. They may *want* your zip code or phone number, but that doesn't mean you *have* to give it to them. Even if this book keeps you from making just one mistake that would lead to identity theft, then it's more than paid for itself. A recommended read...

In my opinion, the sign of a great writer is when you read an author's book and find yourself riveted to the page, when you're compelled to keep reading not just to find out what happens next, but because you are blissfully drawn into the world that the author has created. This is what happened to me when I started reading Quantum Ethics: A Thriller. And I can honestly say that, for the most part, it is indeed a thriller of the best kind.

One of the most compelling characters in the book, and now one of my favorite fictional heroes of all time, is a man named John Thunder. He's an enigmatic man who seems to have almost supernatural perception of the world around him, a sixth sense that makes him a tracker and investigator of unmatched skill. His backstory, and the means through which he acquires these skills, is a tragic tale full of ancient mysticism and real-world horror that somehow only makes what could come across as an unbelievable character all the more real. The entire book is filled with colorful and well fleshed out characters like the young genius Cassy and the hulking sidekick to John Thunder named Quaalude. These characters, plus many others whom we get to follow along the way, help to enhance this book as a modern epic tale of the violent and precarious world in which we live today. Unfortunately, I think this is also precisely where the flaws that prevent this excellent book from being perfect are the most evident.

While the story is indeed a thriller, and may I say that Keith Ellis writes extremely well throughout, handling both action and dialogue masterfully, at times the story veers too long from the main plot. There are sections of the book where discussions about Quantum Physics and, as the title suggests, the ethics related to the subject as they relate to the main plot of this story, seem to take a time out to give us lectures on these topics. Well written lectures, mind you, but they are misplaced, distracting and disrupt the forward momentum that this author has the uncanny ability to build with seeming ease. Admittedly the story, about the creation of the world's first quantum computer, the moral and life threatening implications of its very existence, and the fight resulting for control of the device, is rife with deep and real moral implications. But at its heart the book is supposed to be a "thriller" and not a dissertation on social/moral ethics. There are times throughout the book where it loses sight of that fact.

I had the pleasure to read the Amazon Kindle version of this book, and to my delight and surprise I discovered a mention of the device in the midst of the story. And while this in itself should have been a cute moment for us Kindle fanatics, the story again veers off to have one character give the other a lesson on what the Kindle is and how it works. I would love to see a commercial about the Kindle during the commercial break on the Sci Fi Channel for the movie version of this story, but it just doesn't belong in the middle of the book.

And finally, without giving away the ending, I found that some of the characters behaved as if deranged or had no moral compass whatsoever. I love stories where the bad guys and the good guys aren't so cut and dried, because in real life, very few things are indeed clearly black and white. But the good guys should generally be good, and when they suddenly become lustful for death and destruction, particularly when they are people of power and respect, I found it hard to believe. The final confrontation that decided the fate of the world seemed more like the author's proselytizing for an anti-war stance. And I find that particularly regrettable since I don't believe that was the author's intent.

But overall, I loved this book, and though I felt it could have been even better had some of the pauses in action been shorter and less "lecture-like", I would recommend that anyone considering buying this book definitely do so. Another sign of great writing is when the writing itself outshines any flaws you may find in the work, and Quantum Ethics: A Thriller, shines very brightly indeed.

- Gregory Bernard Banks, author, reader, reviewer

This is a keeper. It's a real page turner with virtually non stop action from front to back. A great read! I couldn't put it down. This would make a movie that would put Indiana Jones to shame. How about it Hollywood?

I hope Mr. Ellis is working on another one and that it comes out soon.

WARNING! Don't begin to read Quantum Ethics unless you are prepared to read it all, RIGHT NOW!

As I began to read Quantum Ethics I found it to be a fast-paced, suspenseful, intriguing "thriller," but I was also impressed with the craft Keith Ellis brings to his first novel. About a third of the way through, however, I stopped thinking about all that stuff -- I couldn't wait to find out how Quantum Ethics ends, but at the same time, I didn't want to run out of pages to read.

What a marvelous story! You'll be talking about the book and the characters and situations in it for months.

But try not to finish it like I did -- at 3:30 in the morning. Remember, you were warned....

I was really enjoying this book, until about half way through or so, the author goes into page after page after page of, quantum theory is kind of like, and it's kind of like, and it's kind of like... Nobody really knows what it is, but it's kind of like, etc., etc., etc. I thought it was really over worked. He immediately follows that with his theories on religion and God, which is not only over worked , but has nothing to do with the story. I very nearly quit reading at this point. In retrospect, that would have been a mistake. The remainder of the book was an interesting, exciting, fast read. I would recommend this book, but I suggest that when you come to this section, you skip it entirely. In my opinion, it greatly detracts from a good book.

"Quantum Ethics" would certainly be a terrific beach read, but I can't imagine you'd want to wait that long! In fact, Keith Ellis' newest work appears to have been created to exactly fit my Merriam-Webster's definition of a thriller: "one that thrills; especially: a work of fiction or drama designed to hold the interest by the use of a high degree of intrigue, adventure...suspense".

Ellis' dynamic style pulled me into "Quantum" so quickly that I'd covered over 100 pages before I realized how comfortably I'd adopted his wonderful characters and how completely I'd become a part of his fast-paced literary world of "intrigue, adventure and suspense". This book fairly begs for a series!

This book is a complete guide and very easy to read. Simple said it's GOOD.

Mauri

This is the most important IT security title written in the past year or more. Why? Custom web applications offer more opportunities for exploitation than all of the publicized vulnerabilities your hear about combined. This book gives expert treatment to the subject. I found the writing to be very clear and concise in this 727 page volume. There is minimal fluff. While everything is clearly explained, this is not a beginners book. The authors assume that you can read html, JavaScript, etc... Usually with a book like this there are a few really good chapters and some so-so chapters, but that's not the case here. Chapters 3-18 in this book rock all the way through. Another huge plus is the tools in this book are free.

The first few chapters provide context and background information. Chapter 3 on Web Application Technologies provides particularly useful background info. The next 666 pages of the book are all about attacking the applications.

There next five chapters cover mapping application functionality, client side controls, authentication, sessions, and access controls. The coverage is comprehensive. I'm not new to these topics, but I learned so much in every chapter. The depth of coverage is amazing.

The next six chapters are the heart of this book. They cover injection, path traversal, application logic, XSS and related attacks, automating attacks, and information disclosure. You'll find full treatment of attacks we're all familiar with like SQL injection and cross site scripting as well as many that most of us haven't heard of before. The danger is real and these chapters need to be read.

The final next four chapters cover attacks against compiled applications, application architecture, web servers, and source code. The final two chapters are more useful as a quick reference. They provide an overview of the tools covered throughout the book and describe attack methodology discussed throughout the book for exploiting each technology.

This book scores five easily based on the relevance and value of the information.

This is an excellent book. Many books of this nature leave you wanting. They talk in complicated jargon, excite you about learning new concepts, and then leave you hanging with no real application of what you are learning. This is not the case with This book.

This book is excellent for both the beginner and the advanced! Plenty of real examples! Walks the beginner through the concepts of foot printing. It explains the technologies and then for the advanced it talks about creating custom code for each vulnerability.

This is a must have for any security professional's library! it was worth every penny!

This is a great read for anyone interested in the security of modern web applications. It covers the hacking process from mapping the attack surface to exploiting input validation, access control, session management, and authentication vulnerabilities using real-world examples and diagrams. There is an in-depth 100pg chapter on injecting code(e.g. SQL, OS, script, etc injection) and a 95pg chapter on attacking other users(e.g. XSS, request forgery, etc attacks). There is information about bypassing common sanitization techniques in cases where user input is sanitized. The book also covers how to write your own scripts to automate complex attacks. At the end of each section are the steps necessary to defend your application against the attacks that were described with an emphasis on "defense-in-depth"; an approach where one tries to prevent the compromise of the whole application even if one component of it is already compromised.

This book is extremely up to date with its coverage of new AJAX and XSS-type attacks while still covering the relatively old vulnerabilities like buffer overflows and sql injections.

The authors are both professional penetration testers which gives them credibility over the information they provide in this book, and one of them is the author of the excellent free web application hacking tool called Burp Suite.

I would recommend this book to anyone that has a basic knowledge of how the Web works (http, javascript, cookies, html, and basics of a programming language like php or java) although you could learn these technologies as you are reading the book which would take some more time.

If you do any type of professional Web Application Assessments then this is your bible. I have read many books on web app assessments and perform many Web Application Assessments for many large companies and government agencies and this is an excellent resource. I use Dafydd's Burp Suite and I can not say enough about it. If you are serious about Web Application security then this is a must read. Thanks to Dafydd and Marcus for a great book.

Kevin

I needed this book when I first became a manager 10 years ago, but at least I have it now. Ms. Hacker did a great job of organizing the chapters and making the book understandable. I hire people almost weekly and finally know why I have had problems in the past. This book showed me how to organize my search and zero in on the right person for the job. I was using the hit or miss approach in the past. I ended up hiring lots of misfits. Thank you Ms. Hacker for making my job easier. Are you writing another book?

This book is a great guide for anyone who is responsible for hiring. It's well-written and to the point. I found myself picking it up and putting it down as I had time. I bought copies for each of my managers.

This book is written for the manager who must hire good people. After reading this book I feel I know how to stay focused in my search as well as where to get people. The questions that can be asked during the interview located in the Appendix were EXTREMELY helpful. I used to think that I ran a high risk of asking something illegal, but now realize that there are many questions I can lawfully ask. Overall, this book was an excellent investment.

This book is written for managers both new and experienced. I have been supervising people for more than 20 years. I found this book to be loaded with good, solid information that I could use and share with my staff. Hiring good people that mesh with the rest of the team isn't easy, especially given the low unemployemnt rate. The author organized this book in a manner that made it convenient to pick up and put down as time permitted. I learned a number of things that have changed the way I recruit for my department. I have 500 people I'm responsible for as a plant manager. I needed this book 20 years ago!

Carol Hacker has done a service to those who are serious about weeding out the costly bad hires that are waiting out there to harm your organization. She makes excellent points and warns about the huge costs of making a mistake.

Wayne D. Ford, Ph.D., author of "How to Spot a Liar in a Job Interview" and "How to Spot a Phony Resume" docwifford@msn.com

excellent reference material has been invaluable to me in the last week and has steered me into making some difficult choices easily

This book, especially if used in conjunction with the author's web site (see ASIN B0000C7RBX), is one of the most valuable additions to the IT security profession that I've read. My reasons for making this bold statement include:

- The book provides a coherent and focused approach to developing and implementing a security plan. You can find numerous books on writing and implementing policies and procedures, or establishing a security posture, but this is the first book I've read that steps you through the process of conceiving, implementing and keeping alive a viable security plan.

- By separating the process into three distinct domains (referred to as 'stacks') you ensure that your plan encompasses and integrates the technology, process and business elements into a coherent strategy.

- Artifacts in the form of a complete set of worksheets provide a set of tools that give a framework and speed up the planning process.

The planning approach set forth in the book is straightforward and realistic - you're led through the preliminaries, which includes conceiving a plan that matches your needs, and selling the plan to sponsors (an often overlooked, but essential activity when fighting for budget). The next step is to perform an impact analysis, and this is where the book shines, because the author focuses on business issues instead of technology. This promotes awareness and goes a long way towards getting buy-in and funding, as well as laying a solid foundation for a long-term security plan. Next the author shows how to select the correct security model and avoid common pitfalls. These lead to building organizational consensus - buy-in from all stakeholders. The difference between this step and the preliminary step of selling to a sponsor and obtaining funding, which is vertical, you need to promote the plan horizontally as well. The final steps are to implement and continuously refine the plan.

Of course, the overview above only describes the approach contained within the book. There is much more to commend it, such as clear writing, superb page design that portrays information in graphs, illustrations and tables, and the details the author provides. There is not a single statement or recommendation that is unsupported, and the material is both sensible and accurate.

In Mission-Critical Security Planner, Greenberg lays out all the security elements that should concern you and what questions you should ask about them. With this book, half the battle is won because you at least know how to do the planning. You still have to do the planning, but with the worksheets and tips provided in the book, that will be much easier than it used to be.

I read the book twice: once to get an idea of what all the worksheets were about and once to really read them with all the technical and practical details provided by Greenberg.

Greenberg identifies 28 security elements, including 15 fundamental elements, (six of which are core elements), and 13 wrap-up elements. Core elements include things like authorization and access control, authentication, encryption, integrity, nonrepudiation, and privacy. Those may seem obvious, but Greenberg has a lot of useful things to say about them that others haven't said.

Perhaps the most valuable part of the book is all the other elements, which we tend to forget, including addressing and routing (with tips on how to get those right from a security point of view), configuration management, directory services, time services, staff management, legal issues, and so on.

I'd be interested to see some projects get implemented with Greenberg's methods. I think it should work quite well, although due to entropy, laziness, over-worked engineers, and other such factors, I would guess that some of the numerous worksheets will fall by the wayside. But I think Greenberg would be OK with that as long as most of the worksheets are maintained and the company adopts security as a way of thinking.

In summary, this book is definitely worth reading, probably numerous times!

The truth is, hackers and other attackers won't take no for an answer, and while there is absolutely no way to stop attackers from trying; there are ways to stop them in their tracks.

With that, Mission-Critical Security Planner is a surprisingly good book, aimed at someone looking to start developing their information security infrastructure. Rather than having to reinvent the wheel, the book provides planners with the framework and tools they need to create their information security infrastructure.

One good feature of the book it is large collection of templates and worksheets on various security elements. .../

The book is not overly technical and is quite good for those who need to get their security group up and running in a short timeframe.

For those that are serious about security, they will find that Mission-Critical Security Planner is like a cookbook. They can use it to prepare their security as needed.

Overall, Mission-Critical Security Planner is a very readable and useful book. Those who have an imperative to get their security groups up and running will find huge value in the book immediately.

It is very rarely, that you'd see a good high-level security book nowadays. There are lots of great "worm-eye view" books with nice detailed descriptions of attacks, defenses, secure configuration options, tools and tricks. However, many of the high-level books resolve to quoting some outdated CSI/FBI survey, blabbering about security policy and giving out piles of outworldly advice on how to "mitigate risks".

This visionary book proves the opposite: you can have a high-level security book, which is not just practical, but actionable. "Mission Critical Security Planner" delivers a portion of the security process, packed into one toolkit. Make no mistake - this book is about planning how to do security, not how to tweak your scanner or configure a firewall. However, planning is indeed a critical (and, as the author points out, often missing) piece of security conundrum, and the book delivers on that.

An awesome component of the book is a large collection of templates and worksheets on "selling" security measures, planning the implementations, organizing security team, dealing with various business people and many other occasions. The book has the printed versions while its companion website criticalsecurity.com has the download.

The main part of the book is organized around "security fundamentals", large domains of security (such as authentication, encryption, integrity, privacy, etc), which are used to structure the security planning process, described by the author. For each of the fundamentals, the content is organized in sections: summary, security stack (covering various aspects from physical to application level), life-cycle management (from technology selection to response), business (on dealing with various categories of business people, such as suppliers and customers) and selling security (to execs, managers and staff). All of the above contain various templates.

Among the more fun parts, the section on negotiating with hackers is just exclusive and of the never-seen-before kind. Section in hacker profiling is also of interest, since it seems to originate from author's experiences (and not in just reading about it on the news). The book also demystifies such elusive notions as "impact analysis", "security ROI". PKI also has a prominent role in the book. While PKI (as it is defined today) might or might not fly, the book gives a great example of large-scale production implementation, running for many years. Another great feature of the book is author's "future 10 attacks list" with his predictions on threat landscape.

Overall, the book seems indispensable to those responsible for securing networks. Security managers and CSOs will likely gain maximum benefits from using it (due to the book targeting), but other security professionals will benefit as well. Notice, that the benefits can be derived from "using" it as opposed to just "reading" it, although even the latter will prove highly enlightening. The "selling security" templates alone are likely worth their weigh in gold. The book is well-written and, while not possessing the lively style of some recent security books, will beat some of them hands down in real-world applicability. After all, even if you very well know that IDS is valuable, who will help you to "sell" it to the CIO? This book just might!

Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org