Most of the books listed are available in paper and electronic forms.<\/p>Tweet<\/a><\/blockquote>\n If you think, after reading the first chapter, that the presentation is somewhat inane you are wrong. Reading this book, I was at first just happy with its easy language, comprehensible even for a non-specialist, but then I had to pay the price. Just after the introduction there goes an avalanche of extremely detailed information about reverse engineering, Windows kernel specifics and processor architectures, without much regard for your qualification level. It\u2019s more a textbook than a reference for an experienced specialist. Security researchers\u2019 work usually starts with malware code analysis, and this book is just fine to get yourself familiarized with this task.<\/p>\n This book offers a quality review of the tools for monitoring network security. What is specifically important, the description of tools is supplemented with practical examples of using them. It\u2019s unclear, however, why there are so many memory dumps showcased \u2013 this is especially eye-catching in a paper variant. But, according to our experts, if you are just getting acquainted with network security, this is one of the best textbooks around.<\/p>\n Although each of us models the threats intuitively, few do it on the expert level. Adam Shostack is one of such rare professional. At Microsoft he\u2019s working on Security Development Lifecycle Threat Modeling, whatever that means, and the experience he had accumulated, is recounted in a 600-page thick book, suitable for both the beginners and the experienced specialists.<\/p>\n Starting from the basic things such as four-way combination \u2013 \u201cWhat do we build\u201d, \u201cWhat may go wrong with the built thing\u201d, \u201cWhat can we do with something that has gone wrong\u201d and \u201cHow good is our analysis\u201d, Shostack goes in-depth with every aspect of threat modelling, offering techniques, software tools and petty tricks he has developed and refined over the course of his own work, those help building an efficient threat model for anything. By the way, the author emphasize the aspects more suitable for the applications developers, IT systems architects and security experts, which is useful too.<\/p>\n The book is greatly prettified by a gentle trolling that the author uses regularly \u2013 as he describes a typical clich\u00e9 surfacing during the threats modeling process or during the meetings with the project participants (for instance, such absolutely \u201chumane\u201d, non-computer problem as \u201cwho is responsible for checking this SQL request?\u201d).<\/p>\n You can follow our security experts from the GReaT team in Twitter. The easiest way to do this is to subscribe to this list:<\/p>\n Tweets from https:\/\/twitter.com\/KasperskyLabB2B\/lists\/great<\/a>
\n![\"1\"](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2014\/08\/06020104\/1-1.jpg\")
Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation<\/strong>
\nBruce Dang; 2014
\nLink<\/a><\/p>\n
\n![\"2\"](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2014\/08\/06020104\/2-1.jpg\")
The Practice of Network Security Monitoring: Understanding Incident Detection and Response<\/strong>
\nRichard Bejtlich; 2013
\nLink<\/a><\/p>\n
\n![\"3\"](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2014\/01\/06044811\/3.jpeg\")
Threat Modeling: Designing for Security<\/strong>
\nAdam Shostack; 2014
\nLink<\/a><\/p>\n![\"wide\"](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2014\/08\/06020105\/wide-1.jpg\")
<\/a><\/p>\n
\n