Shop now Shop now Shop Clothing clo_fly_aw15_NA_shoes Shop All Shop All Amazon Fashion Cloud Drive Photos Shop Amazon Fire TV Shop now Shop Fire HD 6 Shop Kindle Voyage Shop Now Shop now
Security Warrior and over 2 million other books are available for Amazon Kindle . Learn more
FREE Delivery in the UK.
Only 1 left in stock (more on the way).
Dispatched from and sold by Amazon.
Gift-wrap available.
Quantity:1
Security Warrior has been added to your Basket
Condition: Used: Good
Comment: Used Good condition book may have signs of cover wear and/or marks on corners and page edges. Inside pages may have highlighting, writing and underlining. All purchases eligible for Amazon customer service and a 30-day return policy.
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 2 images

Security Warrior Paperback – 22 Jan 2004

1 customer review

See all formats and editions Hide other formats and editions
Amazon Price New from Used from
Kindle Edition
"Please retry"
Paperback
"Please retry"
£29.99
£15.16 £0.01
£29.99 FREE Delivery in the UK. Only 1 left in stock (more on the way). Dispatched from and sold by Amazon. Gift-wrap available.

Special Offers and Product Promotions

  • Save £20 on Amazon.co.uk with the aqua Classic card. Get an initial credit line of £250-£1,200 and build your credit rating. Representative 32.9% APR (variable). Subject to term and conditions. Learn more.



Product details

  • Paperback: 556 pages
  • Publisher: O'Reilly Media; 1 edition (22 Jan. 2004)
  • Language: English
  • ISBN-10: 0596005458
  • ISBN-13: 978-0596005450
  • Product Dimensions: 17.8 x 2.5 x 23.3 cm
  • Average Customer Review: 4.0 out of 5 stars  See all reviews (1 customer review)
  • Amazon Bestsellers Rank: 643,582 in Books (See Top 100 in Books)
  • See Complete Table of Contents

More About the Authors

Discover books, learn about writers, and more.

Product Description

Review

"An essential knowedge base going beyond usual." -- Linux User & Developer, Issue 38

About the Author

Dr. Cyrus Peikari is currently the Chief Technical Officer of Airscanner Corporation, a leading mobile security software company. He personally holds several patents in the anti-virus and infosec fields. In addition to numerous radio and television appearances, he is a popular speaker at technology and network security conferences. He has co-authored four bestselling security books, two of them as lead author, including Maximum Wireless Security, Windows .Net Server Security Handbook, and Windows Internet Security.

Dr. Cyrus Peikari is currently the Chief Technical Officer of Airscanner Corporation, a leading mobile security software company. He personally holds several patents in the anti-virus and infosec fields. In addition to numerous radio and television appearances, he is a popular speaker at technology and network security conferences. He has co-authored four bestselling security books, two of them as lead author, including Maximum Wireless Security, Windows .Net Server Security Handbook, and Windows Internet Security.


Inside This Book

(Learn More)
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index | Back Cover
Search inside this book:

What Other Items Do Customers Buy After Viewing This Item?

Customer Reviews

4.0 out of 5 stars
5 star
0
4 star
1
3 star
0
2 star
0
1 star
0
See the customer review
Share your thoughts with other customers

Most Helpful Customer Reviews

6 of 8 people found the following review helpful By Joel Stobart on 25 Mar. 2004
Format: Paperback
Useful book, the book covers network hacks and (quite well) defence that you would expect to use in hack attacks. It does however delve fairly deep into binary disassembly and decompilation. Well worth reading this one after you have read the oreilly unix security book.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Most Helpful Customer Reviews on Amazon.com (beta)

Amazon.com: 30 reviews
50 of 52 people found the following review helpful
Don't be fooled by the skinny Sumo wrestlers... 9 Feb. 2004
By Richard Bejtlich - Published on Amazon.com
Format: Paperback
..."Security Warrior" is a heavyweight contender. Peikari and Chuvakin offer a dark counterpart to O'Reilly classics like "Practical UNIX and Internet Security" (PUAIS) and "Securing Windows NT/2000 Servers for the Internet." If you've been waiting for the next good security book from O'Reilly, "Security Warrior" (SW) is it.
Part I, "Software Cracking," was my favorite section. This material is largely not for beginners, which marked a welcome change from many competing books. Part I gave an introduction to assembly language, followed by reverse engineering exercises on Windows, Linux, and Windows CE. I admit a good portion of the section was beyond my skill level, but I was able to "patch" binaries to alter program flow and even use a buffer overflow to execute previously unreachable code in a sample program. These sorts of "hands-on" exercises were informative and enjoyable.
In the second part, "Network Stalking," I was pleased to see page 181 correctly state the role played by TCP sequence numbers. (Many authors are confused by this concept, oddly.) An entire chapter on social engineering advice was certainly novel. For the rest of the book, my favorite chapter (number 10) discussed techniques to frustrate forensic analysis. A fairly brief chapter on SQL injection made good points as did an examination of mathematics' role in intrusion detection in chapter 19.
My only real criticism of SW centers on inclusion of generic security information. I didn't mark the book down for chapters on securing UNIX, for example, as the material is sound. However, if you've got PUAIS you can skip chapters 11 and 12.
SW has something for everyone in the security community. It's a broad survey of current security issues, ranging from detailed analysis of assembly language to case studies on incident response. The authors have packed a lot of value into their 500+ page work.
35 of 39 people found the following review helpful
You really should check out this book... 21 Mar. 2004
By Thomas Duff - Published on Amazon.com
Format: Paperback
Target Audience
Intermediate to advanced programmers, network administrators, or security administrators who need an in-depth understanding of how software and systems can be exploited.
Contents
This is a detailed guide on how to reverse-engineer and analyze software and systems for vulnerabilities and exploits.
The book is divided into five parts:
Part 1 - Software Cracking - Assembly Language; Windows Reverse Engineering; Linux Reverse Engineering; Windows CE Reverse Engineering; Overflow Attacks
Part 2 - Network Stalking - TCP/IP Analysis; Social Engineering; Reconnaissance; OS Fingerprinting; Hiding The Tracks
Part 3 - Platform Attacks - Unix Defense; Unix Attacks; Windows Client Attacks; Windows Server Attacks; SOAP XML Web Services Security; SQL Injection; Wireless Security
Part 4 - Advanced Defenses - Audit Trail Analysis; Intrusion Detection Systems; Honeypots; Incident Response; Forensics and Antiforensics
Part 5 - Appendix
Review
"Know Your Enemy". This phrase is on the cover of the book Security Warrior, and it is an apt subtitle for the book. Very few security books on the market today do more than just tell you about the types of software and network attacks that exist. Peikari and Chuvakin go beyond the "what" of attacks and show you "how" to exploit systems and software.
This book is definitely geared to the experienced developer or network administrator. For instance, the first eight pages is an explanation of assembly language, registers, stacks and the like. Each following chapter on reverse engineering then takes that knowledge and walks you through how to analyze an executable using tools that you can purchase or download. Obviously, if you have absolutely no assembler language knowledge, you'll be lost here. But if you have that background, you'll start to learn how hackers develop exploits, and how you can build more secure software once you understand the vulnerabilities.
At the end of each chapter, the authors list a number of additional references (both books and websites) that can help you to further your understanding of the material presented. This is a great addition if you are looking to focus in on a particular type of attack, like those related to wireless security. At the website for the book, they have also made sample programs available that can be used by the reader to work through exercises in the book. For instance, when they present information on reverse engineering, they also provide a sample program that you can analyze and crack. A perfect way to lead the reader from theory to practical knowledge.
The argument could be made that this book could be used by crackers to learn how to break software. The reality is that this information is already out there. A book like this will help those who are trying to prevent break-ins understand the methods that are being used against them. And henceforth, the sub-title "Know Your Enemy".
One caveat about the book... Be very careful with the material presented in the reverse engineering section. Under the Digital Millennium Copyright Act (DMCA), reverse engineering can be considered a crime in certain circumstances. The authors acknowledge this, and that's probably why they provide their own sample programs for you to work on. Still, just remember that this knowledge, if misused, could land you in some very hot water.
My only complaint about the book... The sumo wrestlers on the cover really needed to be bigger... :-)
Conclusion
This is one of the few books that goes beyond the "what" and deals with the "how" of system and software security. A thorough reading and study of this book will arm you with the tools and knowledge you need to analyze and bight back against software
14 of 15 people found the following review helpful
Phenomenal Book about the "Dark Side of Security" 11 Feb. 2004
By Todd Hawley - Published on Amazon.com
Format: Paperback
A programmer friend of mine recently opined to me that security books tend not only to inform the "good guys" (sys admins and network security folk) about how attacks and hacker invasions occur, but also the "bad guys." I suspect most of the so-called "bad guys" already know the information presented in books like these. And if the "bad guys" already know most of the tricks, what better way to fight them than to use those "tricks" against them?
This is the book's main purpose, to show the reader computer security from the perspective of the person trying to attack and invade your computer or network. This is clearly not a book for beginners, as the book's introduction states this. It is for system admins and others interested in learning all they can about computer security. It truly provides a wealth of information in its 500 pages about different ways those so inclined can wreak havoc on your computer system or network.
There are chapters on "reverse engineering" programs (after a brief introduction to assembly language which the book points out gives you lots of control over a computer's CPU). These are ways you can reverse engineer programs in Windows, Windows CE (interesting how before reading this book I'd never given thought to how handheld devices could also be attacked and/or infected with virii or worms), and Linux. This of course proves that even the Linux OS is not as secure as some might think.
I liked the chapter on social engineering because it proves how you can infiltrate a system by researching the company for specific names and charm your way into getting sensitive information, which leads into "online reconnaissance" and also ways to hide your tracks (or is this known as "covering your ass?) so you don't get caught?
There's a whole section of the book that describes attacks on various platforms (Unix, Windows Client & Windows Server, SQL and Wireless) and the book's last section describes methods of defense against them.
This is a book with an amazing amount of information that at first glance may scare the living daylights out of some sys admins when they learn of the relative ease with which a system can be compromised. Then again, most security experts know of the risks and dangers involved with computer security. And I've always felt that to defend yourself against an attack, you should "know the enemy." This book offers lots of ways and "tricks" to do just that.
14 of 16 people found the following review helpful
Something for everyone 19 April 2004
By Stephen Northcutt - Published on Amazon.com
Format: Paperback
The scope of this book isn't just broad, it's encyclopedic. Want to understand how hackers hide their tracks? It's in here. Need to know more about wireless security? That's in here, too. The chapter on reconnaissance is particularly interesting. Another chapter, on social engineering, will make you re-examine your security in terms of the people in your own organization who can compromise that security. That's one element many books fail to consider.
Any infosec professional worth his or her salt already knows a lot of what you'll find in here. But none of us knows everything; the authors aim to fill in the blanks in any professional's knowledge. The great thing about this book is that you can instantly flip to the section on what you need to know more about and find clear, in-depth information. If that's not enough, each topic includes a list of additional references to help you learn more.
If I have any complaint about this book, it's the pages and pages of code. How many of us actually read all that code when we encounter it in a book? When code is needed to make a point, I'd like to see no more than ten - fifteen lines of it at a time with appropriate comments in the text. If we really need the rest, it would be far more helpful in appendices at the back of the book, or, better yet, on a CD-ROM included with the book. That said, this book is likely to become an indispensable reference for your library, and well worth the price.
14 of 16 people found the following review helpful
Great book, but not for a novice 26 April 2004
By akempo - Published on Amazon.com
Format: Paperback
This excellent, well-written book can be an enugma at times. The authors indicate that the material is for someone who has read on the subject before, although there is quite a bit of material geared more towards novices like myself. In other places I was defintely out of my depth, not having enough of a C/*Nix background to fully comprehend the material. The authors cover reverse engineering, network attacks, platform attacks, and defense/intrusion detection methods.
I very much liked the samples and references to existing tools, although they clearly indicate the possible criminal repercussions of using some of these tools/techniques. The samples provide invaluable insight and experience into learning the techniques, and how to thwart them, if it's possible at this time. The intrusion detection/defense material is split between information that would benefit everyone, including home pc users, and techniques more suited to professionals, such as advanced intrusion detection and network defense. This would be a very good second book on the subject, and barring any sudden changes in the security landscape, this book should hold it's value for some time to come.
Were these reviews helpful? Let us know


Feedback