Today, our team made a trip to Softpro Books in their new location in Waltham, MA as we haven't been for awhile. If you are in the area, definitely stop by as the new shop is still a developer's paradise!
I picked up a newly published book on security: Security Warrior by Dr. Cyrus Peikari and Anton Chuvakin. Dr. Peikari was also co-author on another book I have read and enjoyed: Windows .Net Server Security Handbook (published right before Windows .Net Server was finally renamed to Windows Server 2003).
Here is a short description of what Security Warrior is all about:
What's the worst an attacker can do to you? You'd better find out, right? That's what Security Warrior teaches you. Based on the principle that the only way to defend yourself is to understand your attacker in depth, Security Warrior reveals how your systems can be attacked. Covering everything from reverse engineering to SQL attacks, and including topics like social engineering, antiforensics, and common attacks against UNIX and Windows systems, this book teaches you to know your enemy and how to be prepared to do battle.
Security Warrior places particular emphasis on reverse engineering. RE is a fundamental skill for the administrator, who must be aware of all kinds of malware that can be installed on his machines -- trojaned binaries, "spyware" that looks innocuous but that sends private data back to its creator, and more. This is the only book to discuss reverse engineering for Linux or Windows CE. It's also the only book that shows you how SQL injection works, enabling you to inspect your database and web applications for vulnerability.
The book is published by O'Reilly. They have made a sample chapter available as well: Chapter 2: Windows Reverse Engineering. I will post comments and/or review after I have read the book, but so far, this looks great!