Security books – Recommended Reading

This page lists security books that I have found to be highly relevant and useful for learning topics within computer security, digital forensics, incident response, malware analysis, and reverse engineering. These books range from introductory texts to advanced research works. While some of these books may seem dated, the information contained is still very useful to people learning today, and much of the information is essential to becoming proficient in the information security realm.

Please note that, in order to avoid ranking individual books, each category is listed in alphabetical order and each book is listed in alphabetical order within its category.

If you notice any errors with this page or have books that you think should be listed then please contact me. I will only list books that I have personally read and for which I am willing to vouch.

Security books list

 

Application Security – Native

TitleThe Art of Software Security Assessment
Comments: The Bible of source code auditing
Technical Level: Intermediate-Advanced. Ability to read C/C++ required to get full value.

Title: Secure Coding in C and C++
Comments: Arguably the best text for writing secure low-level code
Technical Level: Accessible to all that can read/write C and C++

 

Application Security – Web

Title: The Browser Hacker’s Handbook
Comments: Written by the authors of BeEF. A detailed look into many web security topics
Technical Level: Covers basic through advanced topics

Title: The Database Hacker’s Handbook
Comments: The most detailed book available for attacking databases
Technical Level: Covers basic through advanced topics

Title: The Tangled Web
Comments: A detailed look at the foundations of web protocols followed by a thorough examination of their weakness. Highly, highly recommended
Technical Level: Accessible to all. The beginning chapters cover background needed for later advanced topics

Title: The Web Application Hacker’s Handbook
Comments: Covers a wide range of web security issues
Technical Level: Intermediate

 

Cryptography

Title: Cryptography Engineering
Comments: The (updated) standard for learning cryptography
Technical Level: Ranges from background and introduction to deep algorithms and security considerations

Title: Introduction to Modern Cryptography
Comments: A well-done, formal look at cryptography. Used in many graduate level computer science programs
Technical Level: Advanced – full understanding requires deep mathematical knowledge

 

Database Forensics

Title: Microsoft SQL Server Internals
Comments: Examination of MSSQL akin to the OS-level examination of Windows Internals
Technical Level: Intermediate – learn database basics before reading

Title: SQL Server Forensic Analysis
Comments: A deep look at forensic analysis of MSSQL Systems
Technical Level: Intermediate – learn database basics before reading

 

Digital Forensics and Incident Response

Title: File System Forensic Analysis
Comments: The definitive resource for file system forensics
Technical Level: Intermediate-Advanced

Title: Forensic Discovery
Comments: A foundational text of computer forensics by two of the earliest pioneers
Technical Level: Intermediate

Title: Real Digital Forensics
Comments: A concise introduction to forensic processes
Technical Level: Beginner-Intermediate

Title: Windows Forensic Analysis, Second Edition
Comments: This book, along with the 4th edition, are the best books available for Windows disk forensics
Technical Level: Ranges from basic concepts to advanced analysis

Title: Windows Forensic Analysis, Fourth Edition
Comments: This book, along with the 2nd edition, are the best books available for Windows disk forensics
Technical Level: Ranges from basic concepts to advanced analysis

 

Exploitation / Penetration Testing

Title: A Guide to Kernel Exploitation
Comments: Advanced exploitation of a range of operating systems
Technical Level: Advanced

Title: Android Hacker’s Handbook
Comments: A deep dive into exploitation of Android systems
Technical Level: Intermediate

Title: Hacking: The Art of Exploitation, 1st Edition
Comments: A foundational work of low-level exploitation
Technical Level: Intermediate

Title: iOS Hacker’s Handbook
Comments: A deep dive into exploitation of iOS devices
Technical Level: Intermediate-Advanced

Title: The Mac Hacker’s Handbook
Comments: A deep dive into exploitation of Mac systems
Technical Level: Intermediate-Advanced

Title: Rtfm: Red Team Field Manual
Comments: A concise, well written guide that should be in every penetration tester’s travel bag
Technical Level: Accessible to all people with a pen test background

Title: The Shellcoder’s Handbook
Comments: Crafting shellcode and exploits
Technical Level: Intermediate-Advanced

 

Linux Usage

Title: Linux in a Nutshell
Comments: The best text to learn how to use Linux
Technical Level: Beginner-Intermediate

Title: Running Linux
Comments: Another great text from which to learn Linux
Technical Level: Beginner-Intermediate

 

Malware Development and Analysis

Title: The Art of Computer Virus Research and Defense
Comments: A deep look at many facets of malware analysis
Technical Level: Intermediate

Title: Malware Analyst’s Cookbook
Comments: A “recipe” approach to many topics in malware analysis
Technical Level: Intermediate-Advanced

Title: Malware Forensics
Comments: A well done introduction to malware analysis
Technical Level: Beginner

Title: Practical Malware Analysis
Comments: A very approachable book to many topics in malware analysis
Technical Level: Intermediate

Title: Rootkits: Subverting the Windows Kernel
Comments: A study of many rootkit techniques still in use today
Technical Level: Intermediate-Advanced

Title: The Rootkit Arsenal
Comments: An 800 page epic of rootkit development and analysis
Technical Level: Intermediate-Advanced

 

Memory Forensics

Title: The Art of Memory Forensics
Comments: A 900 page exploration of memory forensics across the major operating systems. NOTE: I am a co-author of this book
Technical Level: Ranges from introductory material to advanced analysis

Title: What Makes It Page?
Comments: A deep look into the Windows memory manager
Technical Level: Intermediate

 

Network Forensics

Title: The Practice of Network Security Monitoring
Comments: Beyond just packet analysis to how to integrate network forensics into a real world environment
Technical Level: Intermediate

Title: Practical Packet Analysis
Comments: An excellent resource for learning to identify and analyze network traffic
Technical Level: Beginner-Intermediate

Title: Wireshark (R) 101
Comments: A deep exploration of Wireshark
Technical Level: Beginner-Intermediate

 

Networking

Title: CCNA Cisco Certified Network Associate Study Guide
Comments: A primer on real world networking and networks
Technical Level: Intermediate

Title: CompTIA Network+ All-In-One Exam Guide
Comments: An essential book for those looking to learn networking
Technical Level: Beginner

Title: TCP/IP Illustrated
Comments: The Bible of networking protocols. A must read
Technical Level: Intermediate

 

Operating Systems Internals – General

Title: Intel Architecture Manuals
Comments: Very well done documentation on the hardware architecture. Free to download
Technical Level: Intermediate-Advanced

Title: Modern Operating Systems
Comments: The classic book from Tanenbaum
Technical Level: Intermediate-Advanced

Title: Operating System Concepts
Comments: “The dinosaur book” of OS internals.
Technical Level: Intermediate-Advanced

 

Operating Systems Internals – Linux

Title: Linux Device Drivers, 3rd Edition
Comments: Best resource to learn Linux’s driver architecture
Technical Level: Intermediate-Advanced

Title: Linux Kernel Development, 3rd Edition
Comments: Rob Love on programming in the Linux kernel
Technical Level: Intermediate-Advanced

Title: The Linux Programming Interface
Comments: Excellent book on programming the Linux environment
Technical Level: Intermediate-Advanced

Title: Understanding the Linux Kernel, Third Edition
Comments: The equivalent of Windows Internals for Linux
Technical Level: Intermediate-Advanced

 

Operating Systems Internals – Mac

Title: Mac OS X Internals: A Systems Approach
Comments: Windows Internals for Mac
Technical Level: Intermediate-Advanced

Title: Mac OS X and iOS Internals
Comments: Read this after reading Mac OS X Internals
Technical Level: Intermediate-Advanced

 

Operating Systems Internals – Windows

Title: Windows Internals
Comments: Read this book if you want to understand Windows
Technical Level: Intermediate-Advanced

Title: Windows System Programming (4th Edition)
Comments: A step-by-step guide through the Windows API
Technical Level: Intermediate

 

Programming – Concepts and Algorithms

Title: Compilers: Principles, Techniques, and Tools
Comments: The famous dragon book on compilers
Technical Level: Advanced – Don’t read until you have a solid understanding of programming and runtime environments

Title: Design Patterns
Comments: Required reading for any serious programmer
Technical Level: Intermediate

Title: Linkers and Loaders
Comments: Required reading for understanding program linking and runtime loading
Technical Level: Intermediate

 

Programming – Language Specific

Title: Advanced Programming in the UNIX(R) Environment
Comments: Deep exploration of programming related to Linux, Mac, and BSD
Technical Level: Beginner-Intermediate

Title: The C Programming Language, 2nd Edition
Comments: “K and R” – required if you want to be proficient with C
Technical Level: Intermediate-Advanced

Title: Violent Python
Comments: Learn Python programming and directly apply it to forensics and security
Technical Level: Basic to advanced topics

 

Reverse Engineering

Title: Assembly Language Step-by-step
Comments: The best resource to learn assembly. Later books focused on “high level” assembly as opposed to actual instructions
Technical Level: Intermediate-Advanced

Title: Hacker Disassembling Uncovered
Comments: A great resource for advanced topics in reverse engineering
Technical Level: Intermediate-Advanced

Title: Hacking the Xbox
Comments: A well written and fun book from which to learn reversing
Technical Level: Intermediate

Title: The IDA Pro Book
Comments: The best resource to learn IDA
Technical Level: Intermediate

Title: Reversing: Secrets of Reverse Engineering
Comments: One of my favorite books. A chapter is dedicated to reversing a Windows API back to C so perfectly that compiling it matches the hash of the Windows DLL
Technical Level: Intermediate-Advanced

Title: Practical Reverse Engineering
Comments: Reversing across Intel and ARM
Technical Level: Intermediate

 

Tradecraft – Digital

Title: Silence on the Wire
Comments: lcamtuf’s exploration of vulnerabilities and attacks that most people would never think of. Strongly recommended
Technical Level: Beginner-Advanced

 

Tradecraft – Traditional

Title: Agent Storm
Comments: Real life story of a European convert who joined Al Qaeda while working for the CIA
Technical Level: Accessible to all

Title: The Art of Intelligence
Comments: Tradecraft and real-world analysis from Henry Crumpton
Technical Level: Beginner-Intermediate

Title: Chinese Intelligence Operations
Comments: A well-written, deep study of Chinese intelligence services
Technical Level: Advanced

Title: See No Evil
Comments: Tradecraft and lessons from a former CIA analyst in the Middle East
Technical Level: Intermediate

Title: Spy Handler: Memoir of a KGB Officer
Comments: Written by the KGB officer whom handled Robert Hanssen and Aldrich Ames. A great text to learn real world tactics and techniques
Technical Level: Beginner-Intermediate

Title: Terrorism and Counterintelligence: How Terrorist Groups Elude Detection
Comments: A deep examination of modern terrorist groups and counterintelligence use
Technical Level: Intermediate

Title: Thwarting Enemies at Home and Abroad: How to Be a Counterintelligence Officer
Comments: Read this first – a textbook on how to be a counter intel officer along with terms, techniques, and tactics
Technical Level: Beginner – make this your first book