System Security Resources

This is a collection of system security resources that I found it interesting.

Web

Book image

Tangled Web, A Guide to Securing Modern Web Applications.

Michal Zalewski

A fantastic guide to understand the web and the browser. It starts from a historic view of the web and evolves to cover the modern world.

Threat modeling

Book image

Threat Modeling: Designing for Security

Adam Shostack

Book image

The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

Mark Dowd, John McDonald, Justin Schuh

Secure coding

Book image

Secure Coding in C and C++

Robert C. Seacord

A fantastic guide to really understand behind the hoods of a C/C++ program. It covers the explanations of different vulnerabilities but it does not guide you to exploit them. It covers the discussion on different coding standard, e.g., C99, OpenBSD and C11. One of the best book I have read.

Exploitation

Book image

Hacking, the Art of Exploitation

Jon Erickson

One of the bibles on exploitation. It covers shellcode, assembly, the exploitation of different vulnerabilities as well as some network and crypto attacks. Although the examples are mainly for 32 bit architecture, it is still a very good source of knowledge.

Reverse engineering

Book image

Practical Binary Analysis, Build Your Own Linux Tools for Instrumenting, Analyzing, and Disassembling Binaries

Dennis Andriesse

It covers entirely the binary and its parts. It is a fairly new book and most of the examples are on 64 bit architecture. It covers also dynamic taint analysis and symbolic execution with practical tools.

Book image

The IDA Pro Book, The Unofficial Guide to the World's Most Popular Disassembler

Chris Eagle

Book image

Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation

Bruce Dang, Alexandre Gazet, Elias Bachaalany, S├ębastien Josse

Book image

Reversing: Secrets of Reverse Engineering

Eldad Eilam