|
 |
|
 |
 |
Gray Hat Hacking : The Ethical Hacker's Handbook
|
by Shon Harris, Allen Harper, Chris Eagle, and Jonathan Ness
Sales Rank: 230342
|
Discount: 34 %
List Price: $49.99
$31.49
At Amazon
|
|
Paperback: 434 pages
Publisher: McGraw-Hill Osborne Media; 1 edition November 9, 2004
Language: English
ISBN-10: 0072257091
ISBN-13: 978-0072257090
Product Dimensions:
8.8 x 7.4 x 0.9 inches
Shipping Weight: 1.7 pounds
Information Security, January 2005
smorgasbord of topicssome deep technical issuesgreat command of…materiala few refreshingly different topicsdeliver[s]ethical obligations…formidable understanding of…material.
Product Review
Information Security Magazine : Excerpts from review by Patrick Mueller
a proficient workoffers a smorgasbord of topics geared towards moderate- and advanced-level practitionersThe authors touch on some deep technical issues, such as automated penetration testing and shellcode exploit constructiongreat command of the material[authors] discuss a few refreshingly different topics -- such as vulnerability disclosure protocols -- that are hardly covered elsewhere.
The authors diddeliver on their ethical obligations to provide accurate countermeasures to attack methods they describe -- a true value to readers. security professionals will find value in the authors' formidable understanding of the material.
Customer Reviews & Comments
'Gray Hat Hacking' (GHH) is positioned as a next-generation book for so-called ethical hackers, moving beyond the tool-centric discussions of books like 'Hacking Exposed.' The authors leave their definition of 'gray hat' unresolved until ch 3, where they claim that a 'white hat' is a person who 'uncovers a vulnerability and exploits it with authorization;' a 'black hat' is one who 'uncovers a vulnerability and illegally exploits it and/or tells others how to;' and a 'gray hat' is one who 'uncovers a vulnerability, does not illegally exploit it or tell others how to do it, but works with the vendor.' I disagree and prefer SearchSecurity.com's definitions, where white hats find vulnerabilities and tell vendors without providing public exploit code; black hats find vulnerabilities, code exploits, and maliciously attack victims; and gray hats find vulnerabilities, publish exploits, but do not illegally use them. According to these more common definitions, the book should have been called 'White Hat Hacking.' I doubt it would sell as well with that title! Content-wise, the book mixes ethical and legal advice with tool overviews and technical information. Many reviewers note the good legal overview in ch 3, where I found the tables summarizing various laws to be helpful. The authors provide a sound rationale for penetration testing: 'Nothing should be trusted until it is tested' (p. 13). I enjoyed the disclosure discussion in ch 3 as well. I liked the brief tool descriptions of Core IMPACT, Immunity Security's CANVAS, and the Metasploit Framework. Some of the other discussions (e.g., Amap, P0f, Ettercap) didn't go deeper than already published explanations of those same tools. I found the technical material to be accurate albeit somewhat disorganized and in some cases far too shallow. For example, the authors provide 6 pages on Python (ch 6), 6 pages on C (ch 7), and a single 21 page chapter (ch 10) mentioning system calls, socket programming, and assembly language. On p 279 and several other places the authors admit their topic 'deserves a chapter to itself, if not an entire book!' They should have trusted their instincts and required readers to have prior knowledge of programming in low- and high-level languages prior to reading GHH. Instead, short sections that are too basic for the pros but too rushed for beginners detract from the book's focus. The five authors clearly know their subjects, but they should have coordinated their chapters better. For example, ch 7 introduces using debuggers without even a description of their purpose. Six chapters later (in ch 13), we read a description of debugging only to be followed again by another discussion of debugging in ch 14. All of this should have been consolidated and rationalized. I think McGraw-Hill/Osborne's second edition of GHH should seek to differentiate itself from more focused books like 'The Shellcoder's Handbook' (by Wiley) and 'Exploiting Software' (by Addison-Wesley). There is a market for high-end security books without sparse introductory material included for the benefit of beginners. Authors should either commit to the beginners and give enough information to enlighten them, or tell them to read foundational references first and concentrate on the more experienced audience. Authors like Allen Harper and Chris Eagle, winners of last year's 'Capture the Flag' contest at Def Con, can deliver the goods if not constrained by a publisher's desire to address as broad an audience as possible. I would not be surprised to see this book greatly expanded in a second edition, which I look forward to reading.
Comment | Permalink |
(Report this)
|
Gray Hat Hacking : The Ethical Hacker's Handbook
List Price: $49.99
Discount: 34 %
Available from Amazon
Price: $31.49
| |
|
|
|
|
