Book Review - Security Warrior

Networking/Security Forums -> News // Columns // Articles

Author: alt.don PostPosted: Wed Mar 10, 2004 3:31 pm    Post subject: Book Review - Security Warrior
Security Warrior

Author(s): Cyrus Peikari & Anton Chuvakin
Publisher: O’Reilly
Book Specifications: Soft-Cover, 531 pages
Category: Computer Security
User Level: Intermediate
Suggested Publisher Price: $44.95 USA/ $65.95 CAN/ 29.77 Net UK (inc of VAT)
ISBN: 0-596-00545-8 Security Warrior Security Warrior

Info from Back: "It’s easy to find books on computer security. Many users and administrators are becoming overwhelmed , and justifiably so. The sophistication of attacks against computer systems increases with each exploit in the wild. What’s the worst an attacker can do to you? That’s what Security Warrior teaches you. Based on the principle that the only way to defend yourself is to understand you attacker in depth, Security Warrior reveals how your systems can be threatened. Covering everything from reverse engineering to SQL attacks, and including topics like social engineering, antiforensics, and advanced attacks against Unix and Windows systems, this book leaves you knowing your enemy and prepared to do battle.”


Each and every computer network out there today is running services of one kind or another. Whether that be the company web server, for it’s web presence, to it’s dns server for the mapping services it provides. With all these services listening for inbound connections, this is very much like a honey pot for a bear, invariably these services will be probed; and enumerated by people with less then honorable intentions. Unless your IT staff is paying close attention to maintaining these services you will be compromised sooner or later.

This books intent is to show you how the person who wants to gain entry into your network will go about doing it. Stated by the authors is that to know how to secure your network you will need to know how to break into it. To use my favorite phrase “to defend you must learn how to attack”. With that in mind this book is an excellent resource for those who are in charge of securing network services for their company, and or home network for that matter.

Content & Overview

Covered in the first part of the book is the world of reverse engineering. This is as it should be for all exploits of consequence are as a result of code which has been successfully reverse engineered. It is from this tactic that talented exploit developers create the buffer overflows that cause vendors to issue fixes, and patches for their software. The most popular operating systems are looked at such as Windows, and Linux plus Windows CE in terms of reverse engineering.

Second part of the book deals with TCP/IP itself. A very brief look at some of the protocols that make up TCP/IP are shown. Shown briefly as well is IPV6, ethereal, packet analysis, and packet fragmentation. Social engineering, and online reconnaissance are also covered here. Operating system identification aka o/s fingerprinting is given a good treatment. Specific tools are shown which are used to identify various stacks, and also what metrics are used to measure them. Rounding out this part of the book is coverage of how one hides their tracks on a system, and maintain access on a computer as well as several other related topics.

Next part in the book deals with specific platform attacks. Unix attacks and defenses are shown with a good level of detail. Following this are Windows client and server attacks covering things such as DoS attacks to PKI hacking. SOAP XML, SQL injection, and wireless security also receive attention in this portion. Of special interest to the normal home user may be the wireless security portion, which of course deals with how your home wireless access may be in peril.

Finishing off the book is advanced defense, which encompasses several key areas. Topics like audit trail analysis, intrusion detection systems, honeypots, incident response, and forensics/anti-forensics flesh out the remainder of book. The incident response section I found to be of particular interest and well written. For a detailed listing of the books contents click here.

Style and Detail

For a book based on hacking in its various forms it was able to achieve a nice balance between the written word, the use of screenshots, code snippets, and theoretical explanations. None of the topics covered here go in great detail really, but the authors supply enough information upon which you can further your studies of a specific area of interest to you. My only quibble really is the quality of the screenshots used in the book. They are grainy, and difficult to focus on. Should a second edition of this book be printed then better quality screenshots are a must. Other then that this is a typical O’Reilly book with an excellently detailed chapter breakdown and introductory pages. The books feel and quality are of excellent quality as well.


As an overall introduction to the world of hacking in its various guises this book is quite good. The coverage given to reverse engineering code was excellent as well. Detailed, yet not overly so; and covers more then just win32. I would recommend this book to any system administrator, and home network user who is not up to speed on the various threats facing networked computers today.

This book gets an SFDC 8/10 from me

Keywords for this post: Security Warrior

This review is copyright 2004 by the author and Security-Forums Dot Com, and may not be reproduced in any form in any media without the express permission of the author, or Security-Forums Dot Com.

Author: badfingerLocation: Augsburg, Germany PostPosted: Tue Nov 02, 2004 4:23 pm    Post subject:
Great, I'm very much interested in this book. I'm still new to security and wanna get the hand of it. YOur review confirmed my decisssion to get my hands on this book Wink Thank you for this great review.

An idea to expand this review, would be recommandations for further reading, or books you loved, covering this topic. Anyway, I just can say, your reviews are very well done and will be considered for my next book buys.


Author: alt.don PostPosted: Tue Nov 02, 2004 4:42 pm    Post subject:
Thanks for the compliment. I would base your recommended reading on whatever specific area of interest that you have. We have reviewed a good deal of books on the site.


Author: CassLocation: Scotland PostPosted: Tue Nov 02, 2004 4:44 pm    Post subject:
This book is hard going imho, i would consider myself fairly techinal on matters such as this but the section on reverse engineering as informative as it is made my head spin, i find the assemby and debugger stuff to be a black art that i have not yet mastered, the rest of the book for me though is a good read .....

Author: Tom BairLocation: Portland, Oregon USA PostPosted: Tue Nov 02, 2004 4:48 pm    Post subject:
badfinger wrote:
An idea to expand this review, would be recommandations for further reading, or books you loved, covering this topic.

In a way, our Reviewers already have done this.

Just click on the Amazon link to be taken to the book's page. On it you will find "Customers who bought this book also bought:" section, which is just what you wanted Smile


Author: bawiggaLocation: Fort Worth, Tx - USA PostPosted: Tue Jul 05, 2005 4:18 pm    Post subject:
This book is terrific! The main thing that caught my attention was the Table of Contents. This book covers so many topics! There are 5 parts that make up Security Warrior.

[Grabbed from]

Part 1 - Software Cracking - Assembly Language; Windows Reverse Engineering; Linux Reverse Engineering; Windows CE Reverse Engineering; Overflow Attacks

Part 2 - Network Stalking - TCP/IP Analysis; Social Engineering; Reconnaissance; OS Fingerprinting; Hiding The Tracks

Part 3 - Platform Attacks - Unix Defense; Unix Attacks; Windows Client Attacks; Windows Server Attacks; SOAP XML Web Services Security; SQL Injection; Wireless Security

Part 4 - Advanced Defenses - Audit Trail Analysis; Intrusion Detection Systems; Honeypots; Incident Response; Forensics and Antiforensics

Part 5 - Appendix

I highly recommend this book to anyone interested in Computer Security.

Author: AdamVLocation: Leeds, UK PostPosted: Tue Jul 05, 2005 6:22 pm    Post subject:
I'm really glad this got bumped by the last post - I must have slept the week Don posted this originally (I hadn't joined very long beforehand). Looks like a really good read, just the sort of thing I am now getting my head round. Off to the bookshop I go....

Author: DCLXVI PostPosted: Tue Jul 05, 2005 8:35 pm    Post subject:
I just this book in the mail along with seven others, is an addiction.

It seems promising from the little I've seen by flipping through it and most reviewers seem to agree on it's excellence. I'll be sure to add my comments on it when I finally find the time to actually read it.

Author: neobloodline PostPosted: Sat Jul 09, 2005 7:18 am    Post subject:
Thanks for the review alt.don ..lets see my budget now..

Networking/Security Forums -> News // Columns // Articles

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group