I was trying to find reviews of a couple of technical security books this weekend and found I had the option of reading fairly short reviews on Amazon, or finding disparate reviews on the web. Given that there wasn't a dedicated review site I thought I'd put this up.

Does anyone on HN have any requests for reviews or suggestions for the site?

I have one,try adding an index or table of contents with all the books you review, also the "upcoming" ones.

It will became handy in the future.

Regards.

That sounds like a great idea thanks, I think I'll steal it if that's ok with you!

Be my guest.

Thanks for putting this together, I definitely enjoyed reading it.

I'd be curious to hear your take on "Hacking : The Art of Exploitation". It seems a bit dated at this point (there's a section on buffer overflows, for instance), but it clearly delves into some relatively non-shallow waters.

If that's Jon Erickson's book, it's on my list to do so hopefully it'll be later this week. At the moment most of the reviews I'm writing from memory with the book in hand flicking back through, but I've had a couple of people offer to send me more books to go through.

Thanks for reading it though!

Yup, that's the one. Looking forward to it!

The idea seems great, but in first review I've read randomly I've found something that makes me wonder how valid are they - it's mentioning that Backtrack 5 R3 is now heavily out of date in the "Violent Python" review, while, according to Backtrack's website, its the latest version available.

Backtrack is about a year old which is a long time in security tool terms and people are being pushed towards Kali Linux[1], by the same authors. This isn't a pop at the author of violent python and it's a problem that affects anyone choosing a particular distro version. I should also add that to be fair, it's hard to write something like violent python in an agnostic way.

[1] - http://www.kali.org/

__EDIT__: Perhaps I should've made this clear though, thanks for that. I'll update the review accordingly.

slight tangent : as a developer with little background in security, can someone help me understand the role of security specific distros in real world pen testing?

In other words, what are some specific draws to using pre-rolled distros like Backtrack or Kali instead of configuring a standard Linux distro with the necessary tools? I would be much more inclined to tweak my Arch (or whatever) image rather than futz around inside a new environment.

Laziness / efficiency.

Some of the tools require specific kernel configurations/etc. to work properly (like wifi or bluetooth sniffers/fuzzers). These can sometimes be either a) tricky to install, b)hard to get to cooperate, or c) mutually exclusive.

Backtrack et. al. save the security practitioner a bunch of time getting a ton of tools in place all at once that are (mostly) pre-vetted to not do anything stupid, and to work together.

Beyond that, if you're doing it professionally, most folks I know use something like Backtrack to get a new device setup, and then heavily customize/modify it from there.

If you're doing it...for fun, a bootable CD leaves no logs and can be used on any computer on any network without having to pre-install stuff.

(http://www.kali.org/news/kali-linux-whats-new/)

Thanks for this. I manage security consultants and constantly have questions from people who want to get into the field. I'm going to just send them to your site and call it a reading list.

Oh wow, thanks! I'm putting tagging together at the moment and hope to have ratings and top books by tag. Is there anything else you think I should put in to help people starting out?

Tagging or a mention about beginner, intermediate or other skill level might be good. It's great as it is though, there aren't a lot of good resources like this that round up books in this niche. Maybe do a top 10 list for beginners and link to each review?