I don’t know about you guys, but I’m constantly on Amazon looking for new books to read.  I’ve managed to acquire a decent collection of books and read through the majority of them.  I figured I’d share a few of my favorites, and give a little insight on each of them.

The Web Application Hacker’s Handbook (2^nd Edition)

Even though this was published back in 2011, it is by far one of the best books I’ve read so far.  The language isn’t overly complicated, it covers a wide variety of web application vulnerabilities, and it gives plenty of real-world examples.  Even without a strong foundation of web application security knowledge, this book is still an easy and interesting read.  I found myself hopping from chapter to chapter picking out topics that interested me at the time.  I would highly recommend it for anyone interested in web application security.

Black Hat Python/PytHon For Hackers

Honestly, I just couldn’t pick between the two.  Both of these books focus on using the darker side of a very powerful scripting language.  They do require a strong knowledge of Python, but if you are comfortable in your scripting knowledge it is a very educational read.  It will walk you through writing network sniffers, manipulating packets, infecting virtual machines, creating trojans, and more.  I enjoyed that it even covered creating Burp Suite extensions.  PytHon For Hackers covers much of the same topics, but it was written by a very knowledgeable security researcher named Ajay Kumar (you should check out some of his other works if you have a chance).

Hacking: The Art of Exploitation (2^nd Edition)

This was the first book I bought and read as an information security student.  It was a little complex for me at the time, but I still found it interesting and enjoyable to read.  If you have an understanding of the C language, this is the book for you.  The author, Jon Erickson, looks at hacking from a problem solving standpoint.  The book is full of example C code that he walks you through, and it even comes with a LiveCD that provides a complete Linux programming and debugging environment-all without modifying your current operating system.  Covering topics such as debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, Erickson doesn’t just teach you theory, he shows you why and how the exploits work.

Web Security: A WhiteHat Perspective

Web Security: A WhiteHat Perspective is a recently released book that covers how malicious hackers work and explains why companies of different scale require different security methodologies.  It’s an in depth guide to web security, and explains how companies can build a highly effective and sustainable security system.  It’s almost like the author, Wu Hanqing, read my job description and wrote a book based on it.  Although I haven’t finished reading it yet, I can tell you that if you work in web application security, this is a must have on your book shelf.  It covers almost every web application security topic you can name, and gives a detailed analysis for each choice of security methodology.

The Hacker Playbook 2: Practical Guide To Penetration Testing

I just love the setup of this book.  I read the first edition, and when I saw a second edition was published in June, I had to have it.  It breaks hacking down into “plays”, and addresses any roadblocks that penetration testers might face during their work.  The second edition includes all the best content from the first, with the addition of the latest attacks, tools, and lessons learned (for example, Shellshock and Heartbleed).  I listed the complexity as 4/5, but this book has valuable knowledge for all levels of expertise.

Gray Hat Hacking: The Ethical Hacker’s Handbook (4^th Edition)

This was an interesting read for me.  I didn’t go through the entire book, merely because I bought it for a few chapters that sounded extremely interesting:

• Scan for flaws in Web applications using Fiddler and the x5 plugin
• Bypass Web authentication via MySQL type conversion and MD5 injection attacks
• Inject your shellcode into a browser’s memory using the latest Heap Spray techniques
• Hijack Web browsers with Metasploit and the BeEF Injection Framework

There’s much more content to this book than just these chapters.  I’d suggest taking a look for yourself and seeing if it’s something you’d be interested in.  I can say that I did enjoy the chapters I bought it for.  It was very well written, understandable, and gives detailed examples.