Book Review on System Overlord

Book Review: Designing Secure Software

david@systemoverlord.com (David Tomaschik) — Wed, 24 Nov 2021 00:00:00 +0000

Designing Secure Software (Amazon, No Starch Press) by Loren Kohnfelder is one of the latest entries in No Starch Press’s line of security books. This book stands out to me for two big reasons. First, this is one of the most mindset-centric books I’ve seen (which means it is likely to age better than a lot of more technically-specific books). Second, this book caters to developers more than security professionals (but don’t take this to mean it’s only for developers), which is definitely a distinguishing feature from so many other security books.

Book Review: Bug Bounty Bootcamp

david@systemoverlord.com (David Tomaschik) — Fri, 05 Nov 2021 00:00:00 +0000

Bug Bounty Bootcamp (Amazon, No Starch Press) by Vickie Li is one of No Starch Press’s newest offerings in the security space. The alliterative title is also the best three word summary I could possibly offer of the book – it is clearly focused on getting the reader into a position to participate in Bug Bounties from the first page to the last. This differentiates this book well against other web security books, despite covering many of the same vulnerabilities.

Comparing 3 Great Web Security Books

david@systemoverlord.com (David Tomaschik) — Fri, 10 Jul 2020 00:00:00 +0000

I thought about using a clickbait title like “Is this the best web security book?”, but I just couldn’t do that to you all. Instead, I want to compare and contrast 3 books, all of which I consider great books about web security. I won’t declare any single book “the best” because that’s too subjective. Best depends on where you’re coming from and what you’re trying to achieve.

The 3 books I’m taking a look at are:

Book Review: Operator Handbook

david@systemoverlord.com (David Tomaschik) — Mon, 25 May 2020 00:00:00 +0000

When Netmux first released the Operator Handbook, I had to check it out. I had some initial impressions, but wanted to take some time to refine my thoughts on it before putting together a full review of the book. The book review will be a bit short, but that’s because this is a rather straightforward book.

{:.right}

I think the first things to know is that this book is strictly a reference. There’s nothing to read and learn things from in a cohesive way. It would be like reading a dictionary or a theasaurus – while you might learn things reading it, it’s not going to be in any meaningful way. There’s lots of things you can learn on a particular very narrow topic, but it is mostly organized to be “in the moment”, not as a “learning in advance” kind of thing.

Book Review: Red Team by Micah Zenko

david@systemoverlord.com (David Tomaschik) — Sat, 10 Feb 2018 00:00:00 +0000

Red Team: How to Succeed By Thinking Like the Enemy by Micah Zenko focuses on the role that red teaming plays in a variety of institutions, ranging from the Department of Defense to cybersecurity. It’s an excellent book that describes the thought process behind red teaming, when red teaming is a success and when it can be a failure, and the way a red team can best fit into an organization and provide value. If you’re looking for a book that’s highly technical or focused entirely on information security engineering, this book may disappoint. There’s only a single chapter covering the application of red teaming in the information security space (particularly “vulnerability probes” as Zenko refers to many of the tests), but that doesn’t make the rest of the content any less useful – or interesting – to the Red Team practitioner.

Book Review: The Hacker Playbook...

david@systemoverlord.com (David Tomaschik) — Wed, 21 May 2014 01:10:54 +0000

The Hacker Playbook: Practical Guide To Penetration Testing is an attempt to use a continuous series of football metaphors to describe the process of a network penetration test. Maybe the metaphors would work better for someone who actually watches sports, but I felt they were a bit strained and forced at times. That being said, the actual content and techniques described are solid and generally useful information. It’s arranged in the stages of a good penetration test, and reads like a strong guide for those relatively new to penetration testing. Unfortunately, it doesn’t set up general guides for each area as much as describing specific “plays” for each area, so once those techniques start to fall flat, it doesn’t leave you with a lot of depth.

Homeland by Cory Doctorow

david@systemoverlord.com (David Tomaschik) — Wed, 06 Feb 2013 10:12:50 +0000

Those who know me will not be surprised to learn that I have stayed up until 1:45 AM reading Cory Doctorow's new book, Homeland. Homeland is the sequel to Little Brother, Cory's first novel about a dystopian near-future/present of the American Surveillance State, which was one of my favorite novels of all time. Homeland doesn't disappoint -- it's realistic enough to be scary, but sufficiently fictional to not be downright terrifying. Little Brother and Homeland are the Nineteen Eighty-Four of the 21^st century -- a warning of an issue that society is largely ignoring, and that will affect every one of us.

Social Engineering: The Art of Human Hacking

david@systemoverlord.com (David Tomaschik) — Sun, 02 Dec 2012 21:49:25 +0000

I just got done reading Christopher Hadnagy's Social Engineering: The Art of Human Hacking. If you are interested in the social aspects of information security, this provides an in-depth view of the actual techniques and science behind social engineering. While books like Kevin Mitnick's The Art of Deception and The Art of Intrusion tell amusing and noteworthy stories of social engineering hacking, Hadnagy's book tells you why and how it works. Hadnagy's exposure all reveals the most important lesson -- how to defend against the attacks.

Review: The Art of Community (Jono Bacon)

david@systemoverlord.com (David Tomaschik) — Tue, 06 Oct 2009 21:55:24 +0000

I had the privilege of receiving an early copy of The Art of Community by Jono Bacon for review. It's taken a little longer than I had hoped to get through it, but that's by no means a reflection of the book.

"The Art of Community" tackles a very difficult question in the Open Source world: how do you build a strong community around your project? Jono addresses this by using anecdotal evidence of good community organization, and discussing the facets that apply to community development. Jono's varied experiences are shown through anecdotes about the Ubuntu community and other communities he has participated in. The stories he shares are concise and clear, but demonstrate their points effectively and thoughtfully. Jono's writing skills are first-rate, with strong points made clearly. He builds the community idea from grassroots to the enterprise and shows how community participation can help -- and harm -- at each step along the way. It's obvious that Jono knows what he's talking about, and he communicates it well. I highly recommend this book for anyone interested in the dynamics of a community or any project leader looking to build from the ground up.

'Embedded Linux Primer': A Review

david@systemoverlord.com (David Tomaschik) — Sun, 20 May 2007 05:44:10 +0000

A review originally published on LinuxQuestions.org:

"Embedded Linux Primer" by Christopher Hallinan is an excellent resource for anyone looking to use Linux in an embedded system. It does not cover basics, so is more targeted to experienced Linux or embedded systems developers looking to move to Linux embedded systems.

The book covers a variety of topics including the Linux kernel's interaction with hardware, system initialization, design considerations when working with an embedded system, and porting Linux. The book provides a detailed description of most of these topics, including many step-by-step directions on reference implementations.