Top products from r/netsec
We found 82 product mentions on r/netsec. We ranked the 195 resulting products by number of redditors who mentioned them. Here are the top 20.
1. Hacking: The Art of Exploitation, 2nd Edition
Sentiment score: 3
Number of reviews: 8
No Starch Press
2. The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities (Volume 1 of 2)
Sentiment score: 8
Number of reviews: 6
3. Gray Hat Hacking the Ethical Hackers Handbook
Sentiment score: 6
Number of reviews: 6
4. The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
Sentiment score: 7
Number of reviews: 6
Wiley Publishing
5. A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security
Sentiment score: 4
Number of reviews: 5
Used Book in Good Condition
6. TCP/IP Illustrated, Vol. 1: The Protocols (Addison-Wesley Professional Computing Series)
Sentiment score: 2
Number of reviews: 5
7. Security Engineering: A Guide to Building Dependable Distributed Systems
Sentiment score: 3
Number of reviews: 4
John Wiley Sons
8. Reversing: Secrets of Reverse Engineering
Sentiment score: 2
Number of reviews: 3
Wiley
9. The Rootkit Arsenal: Escape and Evasion: Escape and Evasion in the Dark Corners of the System
Sentiment score: 2
Number of reviews: 3
10. The Shellcoder's Handbook: Discovering and Exploiting Security Holes, 2nd Edition
Sentiment score: 1
Number of reviews: 3
John Wiley Sons
11. The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws
Sentiment score: 1
Number of reviews: 3
13. Cryptography Engineering: Design Principles and Practical Applications
Sentiment score: 1
Number of reviews: 3
Wiley Publishing
14. The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy (Syngress Basics Series)
Sentiment score: 2
Number of reviews: 3
Used Book in Good Condition
15. Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Sentiment score: 2
Number of reviews: 3
Wiley Publishing
16. Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
Sentiment score: 1
Number of reviews: 2
ISBN13: 9780979958717Condition: NewNotes: BRAND NEW FROM PUBLISHER! 100% Satisfaction Guarantee. Tracking provided on most orders. Buy with Confidence! Millions of books sold!
Hey /u/Xerack! I'm the original author of the post linked here.
Appreciate the feedback! If you think I could clarify anything better, please let me know.
As far as resources for Reverse Engineering, I can provide you with a baseline that I would recommend starting with.
x86 Assembly:
If you don't know assembly language at all, this list of videos was where I picked up a decent amount of x86 assembly language.
A few good books would be:
Hands On:
Courses:
Tons of courses on youtube. I learn well from visual, so I recommend these youtube videos:
Beyond that, Google will always be your friend, and /r/reverseengineering. I also have a bunch of material for Malware RE, but that's a bit different than Software RE, though it is relatable.
The tangled web is great. I haven't finished it yet but what I've read so far is pretty insightful stuff. Security Engineering: http://www.amazon.com/Security-Engineering-Building-Dependable-Distributed/dp/0470068523/ref=dp_ob_title_bk : probably one of the better titles for security as a whole. I like to think phrack might also be a great resource but it's pretty dated material. Really you'll be learning so much just picking apart existing shit, crashing stuff, making love to your debugger, and just enjoying the shit out of yourself.. books will come secondary but they're still important. :-) Goodluck have fun!
I am currently a penetration tester with a small Healthcare penetration company. We perform black box security tests for Hospitals and Health Care organizations.
If you are looking for actual schooling then I suggest looking for a university with a Network Security/Information Assurance Degree. There are not too many with dedicated degrees, but it is becoming a much more popular field.
Most importantly go get some literature on the subject. Although reading can not take the place of actual experience, most books these days are designed to go along side of hands on experience or provide information if you wish to "further refine your skills".
If you are new to security I would suggest "The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy" By Patrick Engebretson. It is a great entry level book designed to introduce you to the concepts of penetration testing.
If you want to get down and dirty quickly "
Metasploit: The Penetration Tester's Guide" By David Kennedy is another great book though a bit more technical then the last.
These are only a few of many great books. If you want to become a good penetration tester, taste the fundamentals and then pick a focus to get good at. There are few jacks of all trades in Penetration testing.
Ok - Here's a list of books I've read in the last few years
As you can tell, I'm big on the technical books, and even exam prep books. This is just a selection, but I think it's a good starter pack to some different fields.
Senior Security Engineer
Hi, I'm Kevin Hock and I work on the DataDog security team.
We are looking for some talented security engineers to join our security team here in NYC.
How Do I Apply
Send me an email with your resume and GitHub at [email protected]
What you will do
Who you should be
Bonus points
Sample interview questions
Hat tip to Levi at SquareSpace, also on this thread, he is an awesome person to work with. David Wong, a crypto king of NCC, on this very Q4 thread, is also a great person to work with in Chicago.
If you're looking to break stuff more than build stuff hat tip to Chris Rohlf's Yahoo! team.Random other places you can apply in nyc: MongoDB, Jane Street, 2 sigma, greenhouse.
I personally applied because I love Python but I like the company a lot so far.
I've read a lot of these but I'm glad to see not all of them :) Adding to my reading list for sure.
Thanks!
EDIT: forgive me if these are already listed but just in case...
Bug Hunter's Diary - http://www.amazon.com/Bug-Hunters-Diary-Software-Security/dp/1593273851
Gives real hands on real-life experience in a "diary" format and covers some great bugs
Gray Hat Hacking - http://www.amazon.com/Hacking-Ethical-Hackers-Handbook-Edition/dp/0071742557
Despite a bad generic "ethical" title this book goes really in-depth on a lot of subjects (almost to the point of rambling actually) including fuzzing, client-side exploits (mostly browser-based), and much more.
Hacking Windows Exposed - http://www.amazon.com/Hacking-Exposed-Windows-Microsoft-Solutions/dp/007149426X
Another generic title but this book has small good parts scattered throughout, really written more for pentesters it has some very common red team methods but also has a few hidden gems hidden within the various subjects it tries to cover.
Also for anyone looking to get TAOSSA (The Art of Software Security Assessment) it's absolutely huge and WILL split down the middle while reading...it's sitting on my bookshelf right now in its ripped state but I've read it 4 times and still don't feel like all the material has sunken in, if you're going to buy any book at all it should be that one as it will provide countless hours/days/weeks/months of reading.
Hi Pandas_sniff! (love the name) I’m a firm advocate of the Web Application Hacker’s Handbook. I think if you look at the reviews for version 2 i’m probably one of the featured ones. It really is all encompassing for most of what application security testing should start out as. It does suffer from being a textual reference though (a snapshot in time), so I also commonly recommend learning from the OWASP Testing Guide v4 as it has frequent wiki-like updates. I could spend all day talking about resources for learners! There are some excellent (free) videos by Jeremy Druin on using Burp Suite and application testing, I absolutely love Pentesterlab.com and all of their exercises, and Sam has written a very good guide on getting started in bounty work
As for how effective these resources are “out of the gate” i think they are tremendously helpful. For example, using the above resources i’m sure any apt student of them could identify IDOR’s or basic injections. Over time these skills become second nature and free up the tester to focus on newer, cutting-edge hacks/technology. Hope that answers the question =)
If you're a novice, as most people start out as, then I would recommend the following:
The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy
Hacking For Dummies
Grey Hat Hacking
Hacking Exposed - 5th Edition - May be outdated
Network Security Bible
So now people here may disagree on the books I've suggested, and that's fine, but it definitely depends on what you're trying to learn and/or accomplish. Google is a great place to start as well without spending a fortune on books.
Some great websites:
SANS
Dark Reading
I'm sure you can find plenty more.
And always ask questions, even if you think its a stupid question. Being on Reddit and having the luxury of anonymity, you can ask away without worrying about getting personally ridiculed.
As far as hackerspaces and defcon, they were just a suggestion. If you ever are able to get to a hackerspace though, I highly recommend it.
best advice i can give is to start reading anything and everything you can get your hands on related to programming, operating systems, networking, security, etc......
a few books i'm reading/have read/on my list to read and all are excellent starting points:
BackTrack 4: Assuring Security by Penetration Testing (this book was just released and still relevant when using BackTrack5)
Metasploit: The Penetration Tester's Guide
Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition
plenty of links to keep you busy for awhile:
Open Penetration Testing Bookmarks Collection
If you're talking about memory corruption, you're looking for Smashing The Stack in 2010. However, most experts in application security and modern exploitation techniques recommend a more practical research-driven approach to learning about memory corruption mitigation techniques, so keep that in mind while reading this paper. As always, The Bible is relevant.
If you're talking about embedded device reverse engineering, you'll probably get the best answer from the /r/ReverseEngineering subreddit.
If you're talking about kernel bugs and kernel module bugs, I wish you luck. Bugs and vulnerabilities in these types of systems, usually require very obscure knowledge in very specific systems. Not for beginners or the faint of heart.
If you're talking about web bugs, you're looking for the OWASP Top 10. The web is mostly a giant joke, and widely uninteresting (this is an unpopular opinion on this subreddit).
Since searching wikipedia turned up the Timeline of Non-Sexual Social Nudity(TIL) I'm just going to guess you're you're looking for a more techie true to life rendition of the hacker archetype based on the amazon synopsis.
Based on that I'd recommend:
Cryptonomicon
just.go.read.it.right.now.
It may take a little effort to get into, damn thing is a tomb, but give it a chance. You will not be disappoint.
--------------
Stealing the Network Series
How to Own a Box
How to Own a Continent
How to Own an Identity
How to Own a Shadow
comments
These are told in a chapter/viewpoint style, each chapter is usually written by a different knowledgeable, and sometimes security famous, security dude. Out of those I've only read How to Own an Identity so far, but it was pretty good and and my guess is that the rest hold up to that standard, so dive in. They are a series from what I understand so reading them in order is probably a good idea, but not completely necessary.
_____
And then for flair (these are more scifi/cyberpunk-ish; so if that's not your thing avoid):
Snowcrash
comments
The main character's name is Hiro Protagonist. No seriously. He's a ninja, he's a hacker, he lives in a U-Store-it container, and he delivers pizza for the Mob in a post-collapse USA, can you really not read this book now?
--------------
The Diamond Age
comments
All about the practical social implications of nanotechnolgy told through the eyes of a young girl, her father, and an assortment of disposable associates.
--------------
The Sprawl Trilogy
Neuromancer
Count Zero
Mona Lisa Overdrive
comments
I've only read Neuromancer and Mona Lisa Overdrive, which were both great, so I'm guessing Count Zero is probably good too.
Similar to Snowcrash in the lone gun hacker sense, except with more drugs a little bit more of a scattered tone.
And if all else fails there's always the DEF CON reading list.
ninja edits because I suck at markdown
I'm just a netsec tourist, but I've found that SANS is a good resource. You can watch trending issues with good analysis at isc.sans.edu
I would also recommend The Cuckoo's Egg It's not very relevant technically to what you will be doing, but it's worth the read because it is a fascinating story, and you might garner some hints in terms of methodology.
Not very specific to those technologies but:
>Web Application Hackers Handbook (2nd edition: http://www.amazon.com/The-Web-Application-Hackers-Handbook/dp/1118026470) is pretty thorough with the vectors of attack, examples, and includes a methodology for pentesters.
>The Tangled Web - a "light" but delightful read from Zalewski on the history and modern security of web apps. He also wrote the http://code.google.com/p/browsersec/
Both are pretty recent and cover some good ground.
So Tangled Web is a good book but it's not about exploitation in the sense it seems you're meaning. The Kernel Exploitation book is good but daunting if you don't have any exploit development experience. You may also consider A Bug Hunter's Diary by Tobias Klein
Grab a copy of the Intel IA-32 Assembly Reference http://www.intel.com/content/www/us/en/processors/architectures-software-developer-manuals.html. I wouldn't recommend reading through this as a how-to but having a local copy to reference various unfamiliar instructions would be helpful.
Phrack articles are pretty useful too. Exploit-DB and packetstorm will be useful for finding working exploits for legacy bugs you may be practicing on.
Whatever language you're writing your exploits in (Perl/Python/Ruby) you'll probably want a reference for that.
If we are going to talk about a good new netsec book, I recommend everyone check out "Tobias Klein's" - A Bug Hunter's Diary. You can get it at nostarch.com but I recommend saving the cash and getting it from amazon.com. I got my copy on Monday and its been a pretty good read so far.
It's not really NetSec related per se but Daemon is pretty exciting even if it is a bit far fetched. The author used to be a security consultant so at least it won't insult you with too many inaccuracies.
Network security books are almost all scams that monetize the escapist fantasies of the fan base. Security is mostly assumption management. Don't assume a third party rehash is going to make you understand the underlying code any better.
That said, The Art of Software Security Assessment is pretty good. It's one of the books openbsd recommends for developers. It's quite healthy to know how anything talked about in the past 15 or so articles of phrack works, too.
Don't read anything that makes you think there is less for you to know after reading it. It's poison. And until you put the concepts into action, you don't know shit.
A little prophecy here - neither WebInspect nor Fortify will actually solve any of your problems, they'll just point you at them. Having bug reports doesn't mean the issues get solved (correctly), and to get the ones which actually matter you'll have to wade through lots of false positives, even with the better tools.
In order to determine what counts and what doesn't and how you fix it if it does, you actually need security competence. Which is something the developers who are often facing hundreds or thousands of bug reports from these tools often do not have, since they were never trained and/or had no time to further look into.
When it comes to pen testing and app sec assessments, it really depends on what you're looking at. If it's web apps mostly, well, I am sure you already know OWASP. I kinda liked the Web Application Hacker's Handbook.
When it comes to other stuff, this is a great book http://www.amazon.com/The-Software-Security-Assessment-Vulnerabilities/dp/0321444426
I am, btw, a CSSLP, and I think the cert is kinda fluffy.
It really depends on what niche you're looking on covering. It's difficult, I feel, to brush up on "infosec" to any level of practical proficiency without focusing on a few subsets. Based on your interests, I would recommend the following books.
General Hacking:
Hacking Exposed
The Art of Exploitation
The Art of Deception
Intrusion Detection / Incident Response:
Network Flow Analysis
The Tao of Network Security Monitoring
Practical Intrusion Analysis
Real Digital Forensics
Reverse Engineering:
Reversing: Secrets of Reverse Engineering
The Ida Pro Book
Malware Analyst Cookbook
Malware Forensics
Digital Forensics:
File System Forensic Analysis
Windows Forensic Analysis
Real Digital Forensics
The Rootkit Arsenal
Hope this helps. If you're a University student, you might have access to Safari Books Online, which has access to almost all of these books, and more. You can also purchase a personal subscription for like $23 a month. It's a bit pricey, but they have an awesome library of technical books.
Well TCP/IP is an entire protocol suite. In addition to IP, TCP, and UDP, it includes higher level protocols like HTTP (uses TCP), DNS (UDP more commonly than TCP), and ICMP (uses IP, not TCP or UDP).
My understanding is that it's called TCP/IP because those were the first protocols and everything else coalesced around/on top of them. Microsoft offers a pretty decent chart showing examples of the layering/encapsulation of the protocols in the suite here.
If you want to dive deeper, Steven's three-volume TCP/IP Illustrated is the de facto reference manual for the Internet -- though dated, it's still very useful and available for cheap used. Alternatively, No Starch came out with a tome of their own called TCP/IP Guide which I've heard a couple colleagues recommend.
Netsec is a pretty wide topic, which makes your question somewhat hard to answer. In all honesty, I think the best place to start right now for a high-level introduction to networking is this Wikipedia article. There are, of course, many books you can read for a deeper understanding; as well as the RFCs for a definitive explanation of every Internet standard.
Another recommendation would be to install Linux (try Ubuntu or Fedora), and just run it. Add users and groups, configure SSH and Apache, etc. Linux will come with several different programming languages (Perl, Python, bash), and you'll be able to install many more with very little effort.
Don't worry about having a formal background in computers, because that's not very important. Besides, no one can teach you the curiosity you'll need to get really deep into this stuff. Just expect to spend countless hours in front of a computer, and expect to never stop reading and learning.
I'd suggest "The Mobile Application Hacker's Handbook" (http://www.amazon.com/The-Mobile-Application-Hackers-Handbook/dp/1118958500).
Combine it with "The Web Application Hacker's Handbook" (http://www.amazon.com/gp/product/1118026470/) and you should have a pretty good handle on testing mobile security, including the backend stuff.
These are both from a "breakers" point of view, but they go into how to secure/prevent the various attacks they teach, so are a very good source for developers.
As some general tips and what to look for, especially concerning secure communications, look into certificate pinning, message signing, and don't store anything sensitive on the device without encryption (or on the server).
Source: I break mobile apps and websites for a living
For people who want to get into network security and have have a moderately good grasp on programming, I nominate Gray Hat Hacking . Each chapter in the book is basically devoted to a certain aspect of hacking (windows exploits, xss attacks, metasploit, etc). It's a good all around introduction to pretty much all the important aspects you need to know.
next, I recommend getting familiar with metasploit as it can save you a lot of time with a lot of different types of attacks. The guys from offensive security have a website , but there is also an ebook available if you want it.
It's important to understand security from both an offensive and defensive side of things.
Security Engineering by Ross J. Anderson. It is very useful and gives you a 360-degree view from different industries from a security standpoint, this approach encourages you to think out of the box since some ideas from other industries can be useful in another.
Two good books I'd recommend for getting started in exploitation:
Both are good resources to start with. Other than that, learn vdb/windbg/ollydbg/your debugger of choice, use it, and start making binaries do your whim. I started by debugging notepad back in the day.
The first rule of "learning the basics of hacking" is that you don't ask or talk about "learning the basics of hacking". I learned this the hard way when I was about 12 years old on irc.
And there is really only one shade of hacking, and that is 'gray'. You may become a white hat, or a black hat depending on your motivation. But I personally do not look at anything in absolute contrast. The world is gray, hacking is gray, your mother is gray.
Speaking of 'gray', if I were you I would check out this book
I have not read it myself, only skimmed through it over coffee at barnes&noble. Looks like it covers a very broad spectrum of hacking and seems 'user friendly' enough. Also start reading 2600, and check out securitytube.net
I haven't done this myself yet but I'm pretty sure this is where something like Ida Pro comes in where you disassemble the program so it is now in assembly language. Then you can use your assembly language skills to step through some of the code. Like you may see variables stored in a weird ways or memory handled in a bad way.
A book that may get you started is: The Bug Hunters Diary
This is why I recommend all my pen testing peers read a book on cryptography, to better understand how things like this can break in very not obvious ways.
http://www.amazon.com/Cryptography-Engineering-Principles-Practical-Applications/dp/0470474246
The mother of all auditing books, better than Jon Erickson's jack of all trades - master of none approach imo.
The shellcoders handbook makes for an excellent accompaniment, too.
I'm in the same boat as you. I'm currently trying to lay the foundation for an InfoSec career and I've been bookmarking some of the helpful posts I find. Here's what I have so far:
http://www.reddit.com/r/netsec/comments/dpsfp/can_netsec_help_me_to_get_started_into_the/
http://www.reddit.com/r/netsec/comments/edv2u/good_places_to_start_a_career_in_netsec/
http://www.reddit.com/r/netsec/comments/d3hua/how_to_get_started_in_netsec/
http://www.chakraborty.ch/organization/getting-started-in-security/
I just bought this book, I've seen it recommended several times as a great place to start learning TCP/IP.
Consider getting, or at least studying up on, the A+, Net+, Linux+, and Security+ CompTIA certs. They may help you get entry-level jobs and are a good way to learn the basics, but don't count on them to get you serious employment.
http://www.amazon.co.uk/exec/obidos/ASIN/0470068523
Awesome Book.
Read Hacking: The Art of Exploitation
Honestly I could recommend this book for the programming section alone.
You can practice on open source projects. This is another book I liked:
http://www.amazon.com/Bug-Hunters-Diary-Software-Security/dp/1593273851/
A mix of black box testing, knowing what vulnerable code looks like and reverse engineering.
For fiction, you MUST read Daemon and Freedom(TM)
I also enjoyed Snowcrash and Cryptonomicon, though in my opinion the latter was a little bit of a difficult read. Worth it though.
The cryptonomicon was good
http://www.amazon.com/Cryptonomicon-Neal-Stephenson/dp/0060512806/ref=sr_1_1?ie=UTF8&qid=1290365107&sr=8-1
The Web Application Hacker's Handbook is a pretty good read. I didn't read the 3rd edition of Hacking Exposed but the second one was only mediocre.
Sanitize all the inputs! I wasn't a coder so I had no idea how sanitation works, or whether all XSS can be stopped.
I once did a xss exercise on an app where I just went through the XSS Cheat Sheet
At first I did regular javascript. It was fixed. Then I did some Hex Encoded javascript. Then finally... to prove a point I did some Unicode javascript. Simply sanitizing for each type of XSS encoding trick isn't enough.
\u003CXSS\u00A0STYLE\u003Dalert\u0028\u0022XSS\u0022\u0029\u003E
The above line gets decoded as this:
<XSS STYLE=alert("XSS")>
Nice unicode conversation app.
http://rishida.net/tools/conversion/
---------------------------------------------
http://coding.smashingmagazine.com/2011/01/11/keeping-web-users-safe-by-sanitizing-input-data/
Prepared Statements:
http://stackoverflow.com/questions/687787/how-should-i-sanitize-database-input-in-java
Check out Grey Hat Hacker, the bit about client side browser stuff is cool.
Also: http://seclists.org/
Then there's always this: http://docs.oracle.com/javaee/5/tutorial/doc/bnbyk.html
Edit: formatting and stuff.
Yes, here's the book (https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470). The key with web application security, the one main rule is, never trust anything the user sends you. That means, you can do a lot (almost everything) just manipulating HTTP requests, which usually requires only minimal HTML/CSS knowledge.
Without understanding some HTML/CSS/JS, you may have a hard time with getting XSS to pop, without knowing some XML, you might have trouble understanding things like XXE, and without understand SQL, you might have issues with SQLi. BUT, there are a lot of things you can start doing without that.
In general though, you can do a lot by just learning how to proxy requests with Burp and setting up a vulnerable web app. If you're trying to learn and gain fluency in HTML/CSS, you're going to be doing a lot of unnecessary work. It's good to understand how these work, but you'll pick up most of what you need as you research and learn about specific vulnerabilities.
Add a Malware Analysis section to books and punch in Malware Analyst's Cookbook. ;)
http://www.amazon.com/Malware-Analysts-Cookbook-DVD-Techniques/dp/0470613033
I would also add in OS hardening some where and link to NSA's guides:
http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/operating_systems.shtml
You should just order this book imho.
http://www.amazon.com/Rootkit-Arsenal-Escape-Evasion-Corners/dp/1598220616/ref=sr_1_2?ie=UTF8&amp;qid=1303542136&amp;sr=8-2
Its more recent, covers more techniques and is extremely in depth and it has all the sourcecode in the back of the book.
start here, continue here, report back in two months.
The Basics of Hacking and Penetration Testing
http://www.amazon.com/The-Basics-Hacking-Penetration-Testing/dp/1597496553
TCP/IP Illustrated by Stevens, a must read!
http://www.amazon.com/TCP-Illustrated-Vol-Addison-Wesley-Professional/dp/0201633469
http://www.amazon.com/The-Software-Security-Assessment-Vulnerabilities/dp/0321444426
Done and Done.
Along that same vein is Web App hackers' handbook
Someone already mentioned OWASP, so i'll second that one.
wartex8 mentioned it, but I can't speak about Hacking: The Art of Exploitation highly enough...
Go read the book
http://www.amazon.com/Cuckoos-Egg-Tracking-Computer-Espionage/dp/0743411463
http://www.lulu.com/product/ebook/owasp-testing-guide/17463506?productTrackingContext=author_spotlight_1412179_
http://nostarch.com/tangledweb.htm
http://www.syngress.com/hacking-and-penetration-testing/Web-Application-Obfuscation/
http://www.syngress.com/hacking-and-penetration-testing/Seven-Deadliest-Web-Application-Attacks/
http://www.syngress.com/hacking-and-penetration-testing/SQL-Injection-Attacks-and-Defense/
http://www.webhackingexposed.com/
http://www.amazon.com/Web-Application-Hackers-Handbook-Discovering/dp/1118026470/ref=dp_ob_title_bk
If you want to understand how everything works under the hood:
http://www.amazon.com/TCP-Illustrated-Vol-Addison-Wesley-Professional/dp/0201633469
Not the most thrilling read but you'll come out of it with a deep understanding of how TCP/IP works.
Umm... not sure if this is sarcasm, or if you don't belong in this sub.
In case it's the latter:
+1 for Gray Hat Hacking, the new edition just came out and I haven't had a chance to pick it up yet. Gray Hat Hacking will teach you the fundamentals of writing exploits from scratch.
The sequel to Gray Hat Hacking would have to be Hacking: The Art of Exploitation
I tried starting at H:AOE and it was just too difficult. Picked up Gray Hat and everything made sense!
> but getting it on to the specific machine would be difficult.
Not really. StuxNet showed us all that releasing a rather mundane piece of malware full of NOOPs is rather easy and rather simple to avoid detection for quite a while. That is, it's only full of NOOPs until it hits the one or two computers it was designed to hit.
Think of actual viruses. There are a ton of viruses and bacteria in the wild that are transmitted through hosts, but have no ill effect on those hosts. Humans have thousands of strains of bacteria living inside them that are actually beneficial, but if injected in other mammals many cause great harm to that host. Even AIDS, being such a destructive virus to humans, does absolutely nothing in the apes it previously was hosted in (as far as research tell us it was)
One of the biggest annoyances with traditional malware, like most of the fake AV shit floating around, is that they are fucking annoying and push popups and warnings and all sorts of shit onto the infected user's machine. The best malware in my opinion is completely daemonized, designed to not alert the user that it even exists, quietly destroying something in the background until its job is complete and then cleaning itself up and moving along. Though, I might have enjoyed Daemon and Neuromancer just a little too much.
Edit: I agree with most of the answers in this thread though. A malware along these lines would serve no purpose other than vigilante destruction. Unless it could somehow legally get people in trouble (planting child porn or something), I don't see how this would work to be beneficial long term to the creator, as a widespread infection in a single organization would most easily be flagged suspicious by a reasonably smart investigator or systems admin.