The Cybersecurity Canon: Hacking Exposed Series

We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite. 

The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!

Book Review by Canon Committee Member, Steve Winterfeld: Hacking Exposed Series (1999) by McGraw-Hill Education

Executive Summary

There are not a lot of technical books that meet the definition of “timeless, genuinely represents an aspect of the community that is true and precise, reflects the highest quality and, if not read, will leave a hole in the cybersecurity professional’s education that will make the practitioner incomplete,” but the Hacking Exposed series does. It started in 1999, has sold almost 1 million copies, and has been translated into almost 30 languages.

The Hacking Exposed series belongs in the Cybersecurity Canon under the technical category as well as history. It is hard to protect your network without understanding the tools and methodologies the hackers, cyber criminals and advanced persistent threats use. This series allows security professionals to quickly educate themselves or look up answers to questions about incidents.

Review

It had to have been a dark and stormy night when Stuart McClure sat down to write Hacking Exposed. The book is designed to give the novice practitioner the framework to build the basic skills needed to become a cybersecurity professional as well as provide reference on specific techniques for the experienced professional.  The basic book is broken into four parts – 1) Casing the establishment, 2) Endpoint and server hacking, 3) Infrastructure hacking, and 4) Application and data hacking.

There are several books in the series (most having updated versions) to meet just about every functional or infrastructure need:

1. Hacking Exposed 7: Network Security Secrets & Solutions by Stuart McClure
2. Hacking Exposed Wireless, Third Edition: Wireless Security Secrets & Solutions by Joshua Wright and Johnny Cache
3. Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions by Clint Bodungen and Bryan Singer
4. Hacking Exposed Mobile: Security Secrets & Solutions by Neil Bergman and Mike Stanfield
5. Hacking Exposed Web Applications by Joel Scambray and Vincent Liu
6. Hacking Exposed Unified Communications & VoIP Security Secrets & Solutions by Mark Collier and David Endler
7. Hacking Exposed Computer Forensics, Second Edition: Computer Forensics Secrets & Solutions by Chris Davis and Aaron Philipp
8. Hacking Exposed: Malware & Rootkits Secrets & Solutions by Michael A. Davis and Sean M. Bodmer
9. Hacking Exposed Windows: Microsoft Windows Security Secrets & Solutions by Joel Scambray
10. Hacking Exposed Linux: Linux Security Secrets and Solutions by ISECOM
11. Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions by Dwivedi, Himanshu; Lackey, Zane; Cannings, Rich

It is vital for cybersecurity professionals to understand how the threat works and what tools and techniques they use. These books are very hands on with sample code, visuals depicting how to use tools, plus features like threat vector maps and a countermeasures cookbook. They are designed to provide practical how-to advice on what to do. They show how to use many of the same tools the threat uses to protect your systems.

Bottom line: This series is mandatory reading if you want to understand what is happening at a technical level.