Computing Internet Books

Half the book is about internet.
I was disapointed by the absence of math things. 1 or 2 pages could have given an overview of the main math functions. Also no string-numeric conversion functions such as str(), float()... are given. This book is definitely not for scientists or science engineers/technicians.
Things presented are detailed, but they are quite limited.
A fully operational code example often meaningless follows every function introduced. It would be better to my opinion to introduce the functions individualy and then show an example showing several functions in action in a script that means something.

A book like this is only useful as a reference manual into API areas your unfamiliar with. Unfortunately, after randomly using this book as a reference a few times I reverted to google.

Code examples are not complete, explanations are lacking, and overall I found little value reading sections of this book independently.

The authors should revise the book so each section stands on it's own without any information from other sections (sections will probably have to become slightly longer to do this / merging similar sections). The authors should provide a minimal *complete* script in each section that demonstrates the topic at hand and nothing else.

In it's current form, I do not think this book is worth the purchase price.

it is a good book for python beginner. in order to take step to next level, more python books need read.

I've been learning Python through the documentation and tutorials that I've found online, including "Dive Into Python", which is a great introduction to Python available as a free PDF. I am writing code in Python and I have not been satisfied with the Python books I've seen and I want to take my code further. I want to write code like a Python programmer would. I need to be reminded of syntax at times, such as splitting strings, but I don't want to go back to the beginner book. I need to learn new ways and new things I can do with Python.

This well written, simple little book fills that niche. You can put it in your pocket and read it on the train. It's well written and succinct. It's not for learning Python for the first time, you need more explanation and examples when you are learning new concepts. This book is a good reminder of things you already learned but has not completely stuck yet.

Examples I have already used are the string manipulation sections, threads and socket programming. I will probably use the HTML parsing examples next. In his examples Dayley does offer explanation. For example, he describes the elements of the try statement, including the finally, the else and the except parts. However this is done in only two paragraphs. It's a good memory jogger and reference if you already know the syntax.

In the string manipulation section, searching strings, comparing strings, splitting and joining, replacing, trimming and formatting are all covered. In addition, there is a little gem about executing strings as Python code. All the examples are useful and can be included immediately in your code!

I think I'll go through this guide pretty quickly, since it's small, but it's valuable and it's worth having. Let me repeat, this book is for a beginning Python programmer who is learning the basics with some other material, or has already learned the basics.

You can always find example code online, in various blogs, articles and tutorials, however it's easier to have one book by a single author that's well written and has a consistent voice. I highly recommend this book, and I wish the publisher would put out more small books like this. They are so easy to carry and have around.

Has great little snippets of code. is very clear in what is says and how to achieve your goals. While it seems to be intended at people with prior Python experience. I had previously only done python debugging. and that combined with perl, bash and C experience i was able to pick up the concepts and get functional quickly (I got done what i wanted to quickly). It is a handy little guide that I am sure I will use regularly.

Almost everything I wanted to accomplish I got done just by using this book.

two weak points.
1) could have covered number formatting in output
2) dealing with dates is not really covered

Darryl Gove does an excellent job of covering approaches
to performance analysis and improvement. In addition,
he does an excellent job of presenting and explaining
all of the tools available on Solaris. I found myself
not only with a better idea of what is available on
Solaris, but with a better idea of what to look for on
the other platforms.

The clarity with which the entire book is written
and the level of detail it goes into is just perfect.

Highly recommended!

I have been a follower of Darryl's blog and i think this book sort of summarises the latest technologies available on the Sun platform and how to use them. Love this book and i consider it the latest reference guide on Solaris. Definitely a must have for performance buffs!

I thought this was a wonderful book about blogging. It is not a thin and light book. But, instead, is packed with lots of information and well worth its cover price. It is well written and well organized. And to see specifically what is covered I recommend you examine the Search Inside material provided by Amazon for this book. There you can find a basic Table of Contents and a very detailed one, too.

There were four topics I especially liked the coverage of in this book: (1) blogging tools, (2) blog styles, (3) blog theory, & (4) how to start a blog.

The blogging tools covered were Blogger, Wordpress, Typepad, and Expression Engine. I have created blogs at both Blogger and Wordpress. And I think the discussion of both in this book was very fair and representative. I have heard Typepad is a really great service, and it is very reasonably priced. But I have opted to do my blogging on the freebie side so far. I have no experience with Expression Engine. But this book has me thinking of doing some investigation into that service.

The blogging styles mentioned were:
>> Personal diary
>> Views & reviews
>> From the desk of...
>> Organizational outreach
>> Internal organizational
>> Community

I was surprised the style I use for my current blogs was not mentioned: Question & answer. But there really are an unlimited number of blogging styles. That's the beauty of blogs - you can make them what you want them to be and to do.

Throughout the book the author covers blog theory. And he gives us his take on how to actually start a blog. He includes notes, tips and sidebars to help the reader better grasp the material in the book. If you follow the pointers in this book you will probably create a real winner of a blog. You might even include images, video, audio, forums, tags, wikis, and some moneymaking features. But you don't have to. Hopefully you'll get more hits, more fans, more friends, and even more customers. 5 stars!

Do yourself a favor: don't judge this book by its (awful) cover. I've had this book by my side every step of the way while setting up my very first blog, and I have to say it has been a huge help. Stauffer's style is direct and engaging, not cutesy. He tells you what you need to know to get started, without a lot of fluff.

I wanted to write a review here because I think this books deserves a big audience, and because the Amazon listing tells you little about what's covered. So here's what's inside:

"Web 2.0 Blog" covers four different blogging platforms: Blogger, TypePad, WordPress, and Expression Engine. So if you're interested in one of these four, you'll find the book very helpful. If you are trying to decide which of the four to go with, the book is even more helpful, as you can compare them feature by feature. For instance, you'll see that while Expression Engine seems quite powerful and flexible, it's obviously more complicated than the other three. Stauffer does a good job of helping you weigh the pros and cons of each.

The book covers quite a lot in a 450 pages, and it does it very well. There's even a basic introduction to XHTML and CSS, giving you a peak at how each blogging platform works under the hood. Other topics covered in depth are:
- RSS feeds
- Photoblogs, podcasting, audioblogging, and adding video
- Working with social bookmarking sites such as Digg and Technorati
- using wikis to collaborate with readers
- adding a forum to open the discussion beyond comments
- community and group blogs
- sending e-newsletters to your subscribers
- getting traffic and monetizing your blog

Highly recommended.

This book is different that a lot of the other eBay stuff available. It's more like a value guide. There's a lot of insight into finding cheap prices and bidding to keep prices low in here. I especially like the insight on finding travel bargains and cheap business wear, two of my favorite things to buy on eBay.

This book gave me tons of new ideas about how to shop on ebay. I didn't know that I could buy such interesting items - Pizza? It's written in an easy to read style, and I actually laughed out loud while I was reading it. Some of the stuff I knew, but I really learned a lot about the different areas of ebay that I hadn't visited before. I also found some new ideas on how to get deals. It's a fun book at a great price, I'm giving it as a holiday gift to all my friends who are always asking me about ebay.

I've been shopping on eBay (as well as Amazon :-) for years. But my mother and mother-in-law are both novices. They're always bugging me with, "What's this eBay thing? What can I get on there? My friend completed her discontinued china set on eBay.." All with the gist of "How can I do this too." As soon as I saw this book was coming out, I picked up two copies of it (mother in laws are rarely great sharers) and gave it to them. Finally! They get what eBay is all about. They know how to set up their user accounts, how the "store" is laid out, how to uncover the best deals and, most importantly for them, how to stay safe when buying on eBay. Now, they're ready to get off and running. In fact, they picked up so much great information, they even taught me a few things (no more staying up late waiting for an auction to end in order to swoop in with the best bid!) This book is great! It's an easy read, and you can jump around to find the points that are most relevant to you. I highly recommend this book to anyone who wants to become an eBay power shopper.

I give this book 5 stars for the methodology (GUIDS) used alone. I think I can use that in my work. The chapter on interface layer is also good, but might confuse a beginner vb.net programmer. Overall the book is great, however, the chapter on business layer is not what i have expected. It delved on interfaces and state management of object for most of the chapter, but seems to be getting nowhere with the sample. I will have to read the chapter again to understand it fully, as I got lost in the process. I was actually expecting object collaboration on this chapter, but that was left out, so what's really the purpose of business layer chapter then? I will not recommend this book to novice programmers. For a much better discussion on object-oriented approach with clear explanation on 3-tier from the ground up, I highly recommend Dan Clark's Beginning Object-Oriented Programming using VB2005 book.

I have been using Ms. Kurata's book at work in making the transition from VB 6.0 to Visual Basic 2005. I find her explanations easy to understand and her examples immediately relevant to the work I am doing. I have a library of reference books on the subject, but lately I have found myself regularly referring to this book to quickly jog my memory on topics such as creating property statements and custom event handlers. This book packs a lot of knowledge into a well-written concise package.

Ms. Kurata's book is similar to Tim Patrick's book, which is another of my recent favorites that I also recommend.
Start-to-Finish Visual Basic 2005: Learn Visual Basic 2005 as You Design and Develop a Complete Application (The Addison-Wesley Microsoft Technology Series)

After searching long and hard for a book about business objects and databinding, I stumbled across this one. It gives you a good starting point and makes you think in a Object Orientated way. Lots of reuseable code and the presentation was good. I like a book that you can read and do a project at the same time.

However, I thought the book ended abruptly and left things a little undone. Furthermore, I would of liked it to go into more detail on sorting and filter business objects since this is a major issue.

In all, this was a great buy and I'll be referencing it for a while.

**** 4 Stars for Deborah Kurata ****

This book accomplishes a few useful things:

First of all, this book teaches you Object-Oriented development concepts, such as what Object-Oriented programming is, the basic elements of Object-Oriented architecture, and the benefits of using an Object-Oriented approach.

It also teaches you how to design software using the GUIDS Methodology: Goal-centered design (includes use cases, scenarios, business object identification, and domain model), User Interface design, Implementation-Centered design, Data design, and Strategies for construction.

Additionally, this book teaches you how to implement N-Tier architecture in an application, and explains its benefits. The N-Tier approach in this book is comprised of a Presentation Layer, Business Layer and a Data Access Layer.

A downside to this book is that it leaves you short of having a fully functional application, supporting record sorting and filtering, which, in my opinion, is a fundamental element of data presentation.


Additional Comments:

Being an ADO.NET proponent, and competent in extending ADO.NET, I found the OOP approach demonstrated in this book to be (frankly) a lot of work. A lot of the code that goes into this approach can be significantly reduced using ADO.NET. Furthermore, ADO.NET requires much less time to become proficient in, and faster to develop.

Here's a simple example that creates a Customer Class:

Public Class Customer


Public Sub New(ByVal customerName As String)

Me.Name = customerName

End Sub


Private m_Name As String
Public Property Name() As String

Get

Return m_Name

End Get

Set(ByVal value As String)

m_Name = value

End Set

End Property


End Class


A customer can be created like this:

Dim c As New Customer("Chili's Grill & Bar")


Now, how do you get a list of Customers? You have to use List(Of Type):

'Create a list
Dim customerList As New List(Of Customer)

'Add Customers
customerList.Add(New Customer("Chili's Grill & Bar"))
customerList.Add(New Customer("Dickey's BBQ Pit"))
customerList.Add(New Customer("La Hacienda Ranch"))


My Next question is, How do you handle sorting in a List(Of Type)? You may be tempted to, Well, Sort() of course!

customerList.Sort()

However, if you did not implement the IComparable interface in the Customer class, then you cannot use the Sort method... Any other ideas?


Now, what about filtering? How do you filter a List(Of Type)?

...


Put it this way, if you want to be able to bind the list to a control, like a DataGridView, and then have the list sorted when a DataGridViewColumn header is clicked, then you need to do some programming to implement the IBindingList interface. And then what if you want to do advanced sorting and filtering? You need to implement the IBindingListView... That's quite a bit of programming!


But life is MUCH easier with ADO.NET!

'ADO.NET (Create a Customer table and add a Name column)
Dim table As New DataTable("Customer")
table.Columns.Add("Name")

'Add 3 customers to the table
table.Rows.Add("La Hacienda Ranch")
table.Rows.Add("Chili's Grill & Bar")
table.Rows.Add("Dickey's BBQ Pit")

'What about Sorting?
Dim view As DataView = table.DefaultView
view.Sort = "Name ASC"

'What about filtering?
view.RowFilter = "Name='La Hacienda Ranch'"


Another example is, How do you handle the IDataErrorInfo interface? You have to do a bit of work with OOP, but with ADO.NET... You don't have to do anything, because it's already implemented in a DataTable... Sweet!

What about all of the other concerns about data validation? Create a Strongly-Typed DataSet, add a Customers DataTable to it, Double-Click on it to create the ColumnChanging event, and then validate away!


Overall, it's a pretty good book. And it's definitely worth reading, even if you don't end up using the OOP concepts presented, because there are quite a few things you can learn that will help you as a developer.

In the end, the path to OOP architechture or ADO.NET architecture is up to, but hopefully I've provided you with a few helpful thoughts.


Gary Lima
aka VBRocks
2008 Microsoft Visual Basic MVP
VisualBasicRocks.com

I have totally enjoyed this book. So much so that in my leisure I have opted to work through it a second time. Being a .Net programmer and just beginning to leverage the power object programming: I found the book exhilrating.
I never knew how she was going to pull together: like replacing hard-coded item for database tables.
My only disappointment was that the book ended a little too soon. I would have like to have to have seen somewhat more of a data-entry application.

Stephan Onisick; VB/SQL Consultant

This book provides a good introduction to the overall architecture of WPF. However, it lacks the depth necessary to feel comfortable performing the more advanced programming activities that you will be tasked with on a real WPF project. This is really a beginners book which does not even advance to the intermediate level. The Programming WPF book by Chris Sells provides more in depth coverage of WPF and is therefore a better buy. Therefore, read this book just to get started but expect to read another to really make some headway into understanding WPF.

This book is all about the philosophy behind the WPF design and architecture. It delivers a simple but comprehensive understanding about WPF features - given this simple "big picture" it will be easier to learn the details - they will just fit in nicely and effortlessly. The book is an essense of everything that you should know to become a professional WPF developer - everything else is in IntelliSense/online help. Given this knowledge, you'll easily learn how to use any WPF topic.

Essential WPF by Chris Anderson is intuitive and inspiring. The author explains WPF in a baby-step-forward approach with mostly success. Nearly every facet of discussion comes with a clear example. For a 450+ page book, much of WFP is explained in a fashiion that intermediate developers (designers?) can comprehend.

But this does not mean the book provides buy-in for developers to use WFP instantly. For example, every time I attempted to "get my hands dirty", not long was I easily discouraged. I figured that I just needed to keep reading the book before trying again .. and again .. and again .. until I was out of book. From making a Windows application, to ASP.Net, to Silverlight using VS2008 and Expression Blend, nothing was easy enough to finish a small project much less an enterprise application. And then I would have to explain to my colleagues how it works.

In summary, Chris did an impecable job explaining the complexities and modeling of WFP. This book is an acceptable starting point. But do not expect to jump right into WFP during or even after reading this entire book. Rather take note that you *understand* WFP, and then move to the next reference of choice.

Chris has always impressed me with his talent to explain even the hardest bits of WPF in an approachable fashion - I guess many Channel 9 and other dev-related sites visitors would agree with me. Therefore, I started reading Essential WPF with high expectations...

There is nothing wrong with the book itself, but the marketing is completely and utterly false. Chris himself emphasizes that he would like to talk about the "why-s" of the platform and this is the very reason why I bought his book - only to find out that nothing like that happens. Quite honestly, any technical author could write this book after reading Windows 3.0 SDK documentation thoroughly - there is very little added value or insight. There are moments when Chris writes "this may be confusing..." and in this very moment, you would expect "... but it was necessary because of this and that" but that almost never happens. You are left with doubts about the quality of WPF which is probably the worst thing an author can do.

Don't be confused as I was: this book is not about "why-s", it is not about reasoning, it is not about in-depth discussion of some decisions made. It is an extensive walkthrough through the WPF features, it is a description of the framework but nothing more. Of course you will find some insights in this book but they are definitely not in proportion to Chris's role in the WPF team and his otherwise great skills.

I, personally, started reading this book as a big fan of WPF and was left with doubts if all the complexity is really necessary (and some things are pretty complex compared to Flex which is my current development environment). Actually, I think that I enjoyed reading the WPF introductory articles in the Windows SDK 3.0 documentation more and honestly, I thought that this could never happen when comparing docs and a book.

Anyway, if you really need great WPF book, don't waste money on this one - go buy Adam Nathan's WPF Unleashed. I'm on page 130 now and my enthusiasm for WPF is back. That book provides exactly what I wanted - deep discussion, great insight, practical tips, well thought-out structure and trust that the sub-optimal things in the current version are known issues likely to be fixed in WPF vNext.

If you're an experienced programmer and looking for a primer on WPF, Anderson has written a succinct overview that will definitely get you going in the right direction without wasting your time. It will give you not only the basics but provide an insight into what is going on and how you can go further in exploring WPF. Although it lacks in-depth examples (and source code) this book provides a readable reference covering all aspects of WPF- what it is, what it can do, and what makes WPF different.

there's a lot of mistakes in the book, if you already know a little bit of programming you can probably see the errors but for people who does not know anything it will be very difficult to understand cuz it won't work with so many mistakes, I think the author need to check the book again and correct them.

This book is awesome! I already knew some Java, but it really taught me how to make GUIS and games. A must have book!

This book does two things -- it teaches/reinforces programming skills and it presents doable, challenging games. It succeeds wildly on both counts.

I blew away my friend with a mod of one of the games, Space Destroyers. (He borrowed my copy of the book and won't give it back -- and that's the best recommendation I can give!)

What I really like about Programming Video Games for the Evil Genius is that it taught me Java by building video games. I really liked doing the projects from scratch and can't believe I made these games work! Very cool.

The book goes one line of code at a time with illustrations. It starts simple and gets more intense. But as long as you take your time it works perfectly. Every time I thought there was a mistake in the book I went over it again I figured out it was mine!

I've been programming for over a year and I haven't found a better book to learn Java from.

Awesome and outstanding! I hope there's a volume 2.

What this book is and isn't is a very simple story. This book is a basic introduction to programming video games in Java. This book is not a book that is going to teach you everything about Java. Despite the fact that the cover says it has 53 gaming projects, you will actually be making 12 different games through the course of the book. The book gives you all of the code and brief information on what you are doing, and it is great because you can start making games with little frustration.

How to use this book: If you already know some Java, but you want to get into game programming, you can just pick up the book as a standalone tool. The descriptions are simple enough that you can figure out what you are actually doing. If you want to learn Java and Java game programming, do not ONLY use this book. However, I wanted to learn both, so I picked up this book along with a "learn Java" book, which is a deadly combo! This book has been great for helping me visualize how the code can look for a game, see the relevance to what I was learning in my "learn Java" book, and have a little fun with programming. I switch back and forth because my "learn Java" book explains in detail what the heck I'm doing, while Game Programming for the Evil Genius keeps me interested in learning Java. Also, if you want to create games yourself, but couldn't give a hoot about learning the code behind the game, this book may be for you (though I don't quite understand you!). With this book and limited Java knowledge, you can create these games, monkey with them a little bit, and pretend like you've accomplished something!

Side comments: Not all of the code in the book is completely accurate (as is always the case with programming books). However, if you can't figure out what is wrong with your program, you can always download a working program from the book's website and compare the code. Also, I can't stand NetBeans. The book suggests you use NetBeans (which some people really like), but I used Eclipse SDK, which is also free (www.eclipse.com). Use whatever makes sense for you.

Closing remarks: This is a great book to have some fun with Java programming. You are NOT going to create the next Halo or some complicated game, but you will learn some Java game programming essentials. If you use this book in the right way (detailed above), you won't regret your decision. Also, this book is for anyone interested in learning Java game programing, no matter your age group. It would be great for teens, and anyone older (I'm in my mid twenties). Sound like a salespitch? Maybe. But I'm glad I stumbled across this book and the good reviews I found!

This book provides step-by-step procedures needed to effectively manage and conduct a pentest. Consultants, security team managers/members, IT managers/personnel and business program and service managers/personnel should read this book before planning a pentest on IT systems within their environments.

This book is easy to reference and provides fresh insight to pentesting at the user, host, network, system and application layer. It demistifies the what, why and how of pentesting in a clear, concise and repeatable manner.

Get your laptop out, have your case of Jolt ready and put on your tin foil hat, you are in for one heck of a read. A must have. When done, keep on shelf within arm's reach.

[...]

Penetration Testing and Network Defense (Cisco Press Networking Technology) (Paperback)
ISBN: 1587052083, Paperback: 624 pages, Publisher: Cisco Press (October 31, 2005)
Cisco is the leading of networking technology of the 20 and 21 century, and understand that security is no one time mission but require network design, testing etc. to build a secure environment. As part of Cisco Press release on security topics, I found a nice book:
Penetration Testing and Network Defense (Cisco Press Networking Technology) (Paperback)
That's introduce an interesting method to guide how to build a secure environment and protect
Networks by using Cisco and third party tools (Most of them from the open source filed).
Authors background:
Andrew Whitaker, CCSP(tm), is the Director of Enterprise InfoSec and Networking for TechTrain, where he performs penetration tests and teaches ethical hacking and Cisco® courses. He has been working in the IT industry for more than ten years, specializing in Cisco and security technologies, and has performed penetration tests for numerous financial institutions and Fortune 500 companies.
Daniel P. Newman, CISSP, CCSP, has been in the computer industry for over 12 years specializing in application programming, database design and network security for projects all over the world. He is the managing director and chief security officer for Tribal Knowledge Security and specializes in penetration testing and advanced technical training in Cisco, Microsoft, and Ethical Hacking topics.
Readers Pre-Requirements:
Although I couldn't found pre-requirements for the book readers, I can recommended using this book to readers that answer to the following pre-requirements:
1. Have basic knowledgebase in Linux/Unix administrations.
2. Have good knowledgebase in TCP/IP Networking design and implementations
(Recommended to have at least CCNA and CCDA Certifications)
3. Have at least two years of experience in SMB-Enterprise infrastructure administrations.
Book Structure:
The book build as 16 self study chapters that's cover most of the information that's ethical hacker (or beginner penetration tester) needs.
The book begin with a nice introduction on the reasons that companies should use penetration testing and divided this reasons to major stages that's parallel to known security models (Like: C.I.A. :Confidentiality, Integrity, Availability).
The next chapters review the requirements to penetration testing and legal issues with penetration testing.
Chapter 2 - Legal and Ethics Considerations - Should cover more information from my point of view and add a warning message to people that work as penetration testers that need legal support from the law team from the test company and the target test company should be used.
Most of the companies and the management (Usually in states outside the United States) don't understand the consequence of this tests and don't know what to do with the test results.
Also, due the privacy invasion and the current laws against privacy invasion - this topic is very important to understand and to know how to handle.
Add this information to this book can help to complete the missing information in Chapter 2.
The next chapters cover most of the public known attack technique and give a real life scansions and solutions for attacks.
My conclusion is: The book is recommended to each IT staff and beginner penetration tester.

Best Regards,

Yuval Sinay

This is my first ethical hacker book, it is very exciting!!. Covers almost every aspect of penetration testing in good length. Explains many types of scans a penetration tester can and can't perform, gives specific reason why you should choose to perform those different types of scan, which ones you should use to keep from being detected.
It gives an easy to understand explanation of types of attacks, how to performed, tools needed, and how to protect/detect from such attacks. It also discusses the difficulty of detecting certain of attacks.
It also has an entire chapter regarding the legal considerations and implication of penetration testing. And the great thing about this book is that even though it is cisco book, it covers many divices and operatings system.

This book is an excellent resource for anyone considering investing in an ethical hack or penetration test. It would also be a good read for anyone on a security team in an organization that is getting ready to undergo penetration testing. It is clearly laid out and well edited.

I don't believe that you can learn to become a penetration tester from the book, most of the tools are a bit older, I think the technical development must end in 2004 and the authors skip some steps from time to time especially in the NOTE sections.

My least favorite chapter was 2, Legal and Ethical Considerations, in my view, one to three pages per regulation is not just superficial, but potentially dangerous. The social engineering chapter is better than most similar attempts. I enjoyed Chapter 7, Web Server Attacks and intend to read that one again. I was really enjoying Chapter 11 Wireless, until I hit page 361, this is an example of what I mean by skipping a step or two! It is all do this, do that, with nary a clue on how. One of the ultimate tests for a security book is how well the book can explain buffer overflows. Many times, it is fairly clear the authors themselves don't know what a buffer overflow is and they mumble something about Smashing the Stack and I close the book on the spot. I have little doubt that Whitaker and Newman know what a buffer overflow is, but I doubt any reader of the book will learn it from the book. Please do not get me wrong, this is a good book, a very good book, but that is a hard concept to really teach. I am sure this will go to second edition and I hope that can be an area of focus.

I like the list of tools in the back of the book. In my view the section on choosing a penetration testing vendor is worth the price of the book. I really wish I had read something like that years ago, I could have saved money and heartache.

Penetration testing is becoming a hot topic again, but the available books on the subject continue to underwhelm. Penetration Testing and Network Defense (PTAND), published in the fall of 2005, would be a four star book if it had been published two years earlier. Stephen Northcutt, unlike all other reviewers, noticed this fact as well. When you combine this problem with PTAND with several other deficiencies, the result is a book you can unfortunately skip.

I usually try to avoid reading and reviewing books that I expect not to like. However, PTAND looked promising. I have several excellent Cisco Press books, like Cisco Router Firewall Security. A major problem with PTAND is that it is largely out of date. For example, Ch 12 discusses malware, but uses B02K, SubSeven, the Melissa virus, and Brown Orifice as examples. In Ch 6, session hijacking is done with Hunt and Juggernaut, but ignores Ettercap, Cain and Abel, and Yersinia. (I found it funny that p 131 of this Cisco Press book describes Juggernaut's author as "someone with the handle of 'route'", but doesn't say that 'route' is Mike Schiffman, Cisco employee since April 2003.)

In addition to outdated or missing tools (THC's Amap and Hydra are also neglected), PTAND fails to mention problems with many of its techniques. In Ch 5, the authors never hint that servers susceptible to DNS zone transfers are not as plentiful as they were in 1998. A discussion of Visual Route doesn't explain that information reported by the tool may have nothing to do with the physical location of a system. Ch 10's description of ACK tunnels ignores that stateful firewalls have been denying such covert channels for years.

PTAND also misses some technical and conceptual details. The definitions of "threat" in Ch 1 are really describing attacks or risks. On p 98, the authors should say that closed ports reply with RST ACK, not just RST. I don't think the authors understand idle scanning (pp 102-3), and their examples of fingerprinting on p 106 are taken directly from Fyodor's 1998 paper (without credit)! On p 351 PTAND propagates the myth that SSIDs "are like shared passwords," and poorly claims that broadcasting SSIDs is a "mistake".

I liked many of the case studies in this book, but several had problems. In Ch 14, the authors should have just used Metasploit instead of using shell code from Metasploit to perpetrate their case study. Their case study in Ch 10 uses Macof to overflow a switch CAM table (pp 343-4), but on p 129 the authors previously stated they found such techniques unreliable. Ch 10 fails to mention that CDP is not a routable protocol, so it cannot be used remotely. Ch 10 also calls IDS' "intruder detection systems".

On the typo side, replace 1996 on p 25 with 1986, and remember that FTP data does not use port 21 TCP. With active FTP, source port 20 is used. With passive FTP, nothing can be said a priori about the ports that might be used.

If you are an absolute pen testing beginner, you may find this book valuable. I don't see any advantage to reading this book when texts like Hacking Exposed are available. (If you think my Foundstone history makes me biased about the HE books, check out my earlier reviews of that series.) I did like the use of case studies in each chapter, and the explanations of how to mostly use Cisco IDS to detect certain classes of attack. The defensive recommendations were also decent.

Those looking for solid pen testing recommendations might find Pete Herzog's free Open Source Security Testing Methodology Manual to be valuable.

It's a must for anyone who needs to have a deep and clear understanding of the world of the authentication.

I'm a research assistant, having finished my Master of Sciences in Electronic Commerce (2003) in the Department of Computer Science and Operations Research at Université de Montréal (Montreal (QC) Canada) and who has written a master's thesis called "ASEMC-Authentication for a SEcure M-Commerce". The book has brought me great contributions in a very clear language even if it is a technical matter. It makes extensive use of pictures, schemas, and graphs that allow us easily understand the authentication methods. Actually, it makes use of the visual intelligence of each one of us!

Smith does a great job of writing about authentication while being vendor agnostic.

The book provides everything you need to know about PKI and other crucial security topics.

An exciting book on authentication, of all things? Is such a thing even possible? Yes, Richard E. Smith proves it by publishing Authentication - a comprehensive guide to all things that authenticate or are authenticated. The book will educate you on more aspects of authentication than you ever wanted to know, but most likely you will enjoy it. As a security professional, I found the author's writing style to be excellent and even entertaining, a clear sign of writing by a true expert on the subject.

Every obscure form of authentication protocol (have you heard of X9.17 lately?) finds its place in a book. Passwords, tokens, biometrics, various authentication protocols are all described and analyzed in great detail, in plain English and with multiple diagrams. Another valuable feature is that for every authentication protocol, the relevant attacks and defenses are outlined in every chapter summary. The attacks which are not covered by existing defenses ("residual attacks") are emphasized at the end as something to watch for. For example, a 'trojan horse' attack to steal authentication credentials is one of them - apparently there is no 100 percent reliable way to stop it.

A chapter on passwords contains several creative ideas to make this ubiquitous form of authentication more effective, simultaneously more secure and more usable. It also answers some interesting password questions. When does it make no sense to enforce a complex non-dictionary password? How random is a random password from a dictionary? Why is a bank PIN of four digits secure enough for the job? When it is better to write a password down? Read the book and you will discover the answers! The book also explains public key crypto systems and their use for authentication (such as PKI).

People issues of security also receive well-deserved coverage in a separate chapter. Various kinds of secrets used for people as passwords are outlined. An interesting discussion on choosing an initial password when providing system access reveals important aspects of this process that few people think about.

For more technically inclined readers, straightforward analysis of complexities of Windows authentication (LANMAN, NTLM, Kerberos) and attacks against it is provided in a "Challenge Response Passwords" chapter. Computer scientists will find some insights on authentication algorithm design patterns. For less technical readers, understanding authentication based on Ali Baba and a cave of treasures will help to sort through the authentication system requirements and peculiarities. Overall, the book (while being targeted at security professionals) contains something for almost everyone interested in how computers tell that whoever is sitting at the console is who she says she is.

Anton Chuvakin, Ph.D. is a senior security analyst with a major security company.

Authentication is one of the 4 pillars of information security(authorization, confidentiality and integrity being the other three); but very little has directly been written directly on the topic outside of the academic community; until this book.

Authentication: From Passwords to Public Keys is an excellent work that covers all of the direct areas of authentication. Authentication is a huge challenge in that most users would prefer to have their passwords short and easy to remember, which is exactly what a password should not be.

Even if there were a lot of other books available on the subject, Authentication: From Passwords to Public Keys still would be required reading.

I'm in complete agreement with the previous reviewers that this book is easy to read and that it clearly explains complex material.

What I like is the way the author integrates theory, application and the human side of authentication. For example, he makes excellent use of tables to distill and display information, such as summary tables for attacks and defenses that are cross-referenced to each other. This is particularly useful to anyone who is developing security profiles, and the thorough and meticulous way that the author summarizes the information reduces the attack-defense pairings to the essentials.

His clear explanations of authentication methods and their underlying technologies, as well as how they evolved, are among the clearest in print. More importantly, he goes beyond explaining the mathematics behind the protocols by also showing how assumptions can lead to exposures. An example is the 4-digit lock, which has 10,000 possible combinations. At first glance it would seem that you have a 1-in-10000 chance of guessing the combination. However, he goes on to explain that a study showed 50% of people chose a calendar date for the combination, then leads you through the math of showing why you have approximately 1-in-512 chance of breaking the combination on the first try. He uses similar techniques throughout the book, which makes you think in real-world terms. It's his treatment of the people side of the authentication techniques that add to the real-world approach.

I also thought that the chapter on picking PINs and passwords was exceptional. I've written password management policies and procedures for a number of clients in recent years and thought I was an expert. After reading this 37-page chapter I discovered what I didn't know - and it was a lot!

Each chapter is filled with facts that you may have or have not considered, and each is filled with common sense, backed up with the math or technical underpinnings. Moreover, the book complete covers authentication and will get anyone quickly up-to-speed on the basics and many of the finer points. This book is especially important as a resource to anyone who is involved in health care because the material is directly applicable to requirements set forth in HIPAA. It is also essential reading for anyone who develops or manages security in a web- or e-commerce environment because of the dependencies upon the technologies and methods that are discussed in this book. IT security specialists will also find this book to be an invaluable resource, especially the parts that cover password management, social engineering and practical applications of authentication.