Preamble

I often get asked ‘what books do you recommend for [insert topic here]’, so I thought I’d write down in one place the books that I’ve so-far read and think are of value. I’ll keep this page updated with whatever books I think deserve adding.

Fair warning, I’ve become a bit of a No Starch Press fanboy.

The Books

Title: Real World Bug Hunting

ISBN-13: 978-1-59327-861-8

Link: https://nostarch.com/bughunting

Review: The subject of bug bounty can sometimes be perceived as a black box, within the purview only of tech wizards who no-doubt dream in jargon. This book goes a long way to breaking down some of those perceived barriers; success in bug bounty is often a matter of experience, but it’s learning from the experience of others who have come before that is crucial. That is where this book shines: it introduces each category of vulnerability, and then walks through case-studies of real bug bounty reports.

Conclusion: A must-read for anybody who wants to try their hand at bug bounty programmes.

Title: Security Engineering — Third Edition

ISBN-13: 9781119642817

Link: https://www.cl.cam.ac.uk/~rja14/book.html

Review: This book is a beast. It’s almost biblical, in a way. It’s not light night-time reading, rather an extremely comprehensive tour of the landscape facing the security engineers of today, and never fails to recommend additional reading materials in the event that the reader wants to dive deeper into any particular topic.

Conclusion: A degree in a book. Just buy it.

Title: The Linux Command Line — Second Edition

ISBN-13: 9781593279523

Link: https://nostarch.com/tlcl2

Review: Not quite as flashy as the other books in this list, but I will always remember this as the book that made me love the Linux command line. It’s concise, easy to understand, and widely applicable.

Conclusion: If your Linux knowledge is a little weak, this is a must-read.

Title: The Tangled Web

ISBN-13: 9781593273880

Link: https://nostarch.com/tangledweb

Review: I’ve somewhat mixed feelings about this book. On one hand, it’s an extremely comprehensive breakdown of the principles of web application security. On the other hand, more than a few references to long-since patched browser quirks betrays the publication date of 2011. Many of the principles discussed are, of course, still extremely relevant. However, there is some burden on the reader to use a little judgement when reading. I just wish there was a second edition that I could point to. Maybe one day.

Conclusion: If you already have some awareness of web applications, this book will fill many gaps in your knowledge.

Title: How to Hack Like a Ghost

ISBN-13: 9781718501263

Link: https://nostarch.com/how-hack-ghost

Review: I often find infosec books talk more about ‘what’, and not so much about ‘how’. There’s a good reason for this: for one, as soon as you run through a practical scenario, you’ve dated your book. This book is a bit different, in that it revolves around a walkthrough of a potential scenario facing a hacker. I found great insight in the commentary which explained the thought process at each stage of exploitation, even demonstrating that often an avenue of exploration is a dead end, but not a waste of time.

Conclusion: If you want insight into how a hacker might think, read this book.