Security

CompTIA Security+ Training Kit (Exam SY0-301) by David Seidl, Mike Chapple, James Michael Stewart (Microsoft Press)

Posted on April 30, 2013

After few months after the review of CompTIA Security+ Rapid Review, I’m now here to speak about it’s bigger brother: the Training kit. With its 569 pages, this book is more than twice the length of the Rapid Review one. Even if someone can think that they did a better summary in the Rapid Review one, I have to say that this is not the case for these two books. While the Rapid Review allows you to pass the exam if you already know the certification contents and you only need to evaluate your level and to refresh some contents, the Training Kit will teach you the certification contents.

Read More

Hacking Web Apps by Mike Shema (Elsevier/Syngress)

Posted on April 16, 2013

Have you ever thought that the website you are developing or using is secure? Well, this book will make you change your opinion. This book will change your idea of security and therefor you’ll start to see anything as “probably having some security glitch”. Mike Shema speaks about a lot of different kind of attacks in his book in a real deep way, at the point that sometimes I wondered if he was planning to instruct people how to hack websites or only how to secure own websites.

Read More

Wireless Reconnaissance in Penetration Testing by Matthew Neely, Alex Hamerstone, Chris Sanyk (Elsevier/Syngress)

Posted on March 19, 2013

When someone says the word “wireless”, 99.9% of the audience thinks at the Wireless Networking Technologies (802.11 family). Very few think to the Bluetooth. Even fewer people think to all the other technologies that use wireless technology to work, such as cordless phone, guard radios, headsets, wireless camera etc. This book embrace the last point of view. The first chapter provides basic information and motivation for Wireless Profiling. The chapter 2 provides the reader with all the information she needs to be able to understand the wireless technology and it’s usage.

Read More

Metasploit by Mati Aharoni, Devon Kearns, Jim O'Gorman, David Kennedy (No Starch Press)

Posted on March 12, 2013

Metasploit is the most common and complete framework for testing security. Metasploit isĀ an entire suite of tools and methodologies designed for testing the security of computers and networks.

The book is written for both experienced penetration tester and people new to the security field. For the first group, one of the most interesting thing is the explanation of the rules and ideas that formed the Penetration Test Execution Standard, while for users new to the field, is really interesting what can be done and how.One thing that make this book so unique is the fact that is written by four people with really different backgrounds and this help the read to understand different ways to see the security.

Read More

CompTIA Security+ Rapid Review (Exam SY0-301) by Michael Gregg (Microsoft Press)

Posted on January 8, 2013

After the CompTIA Network+ Training Kit I find myself to review the CompTIA Security+ Rapid Exam Review. This book is pretty short (258 pages long) but is very dense. It is divided into 6 chapters + one appendix. For each atomic argument, the author does propose 1 to 3 True-or-False questions, their answer and the explanation. I did like the question-answer approach, since you understand immediately which is your level, therefore you can understand which parts you have to cover more and which less.

Read More