Top critical review
Introductory for the inexperienced, by the inexperienced
August 1, 2007
This is a highly illustrated book on using tools, hacks, and simple techniques to do the most rudimentary of analysis and testing, such as inspecting process listings, netstat output, using sysinternals utilities, and click-and-go fuzzers/testers. This is basically a phonebook of utilities and tools that other people write, and where to find the 'Go' button on each one, complete with full-page screenshots that serve to distract from poor authoring.
The author's commentary of inner-workings of other people's tools or program output lacks any insight. Their analysis of program output either demonstrates the lack of understanding the authors have about the machine level significance of the topic, or the insulting way in which they spare you such (highly critical) details.
This book is for pointy-haired security 'professionals' or project managers who 'Never got around to learning C (in 21 days)'. If you are so much as a novice college comp sci student with at least one language under your belt, this book is most likely below you.
I give it 3 stars, however, because this book does have a large audience, and serves it well. There is a lot of money still yet to be made in the computer security field for selling snake-oil solutions and powerpoint-sprinkled application audits.
There is probably a very difficult route to be introduced into software and systems manipulation and analysis, involving a thorough education on the C language, machine architecture, and program dissasembly. There is also probably a very easy route to achieve the same end-goal of working in the computer security field. This is where this book has its position as an intermediate step of the world of "for dummies" and "21 days" books.
I purchased this book because I was so highly impressed with the quality of AW published books on this field, such as The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. Also, the Amazon ratings up until now are very high. I made a quick buying decision, and my pocket book aches for it. This book should have been published by a second-rate publisher like Syngress, not AW!