Review of "Beautiful Security" Book

By Anton Chuvakin
June 22, 2009

Beautiful Security from O'Reilly, which I just finished reading, is truly an awesome book.

Now, I will probably have a high opinion of my own chapter ("Beautiful Log Handling") since it took some work (eh... and one near-complete rewrite) to create (this why people LOVE O'Reilly books!!) However, I am just about as excited about the rest of the chapters in the book.

Here are my favorite chapters:

Psychological Security Traps by Mudge: awesome chapter with some fun ideas. Must read.

Beautiful Security Metrics by Betsy Nichols: if you are "a metrician", there won't be anything new (apart from here interesting medical research analogy); otherwise, a MUST read!

The Underground Economy of Security Breaches: not a bad, even if a bit dated, review of underground economics.

Beautiful Trade: Rethinking E-Commerce Security by Ed Bellis: this is one of the 2 chapters that I like more than my own; this has lots of visionary ideas on payment security.

Securing Online Advertising: Rustlers and Sheriffs in the New Wild West by Ben Edelman: this one is a fascinating read about attacks by and on online advertizing. Definitely both enjoyable and insightful.

Open Source Honeyclient: Proactive Detection of Client-Side Exploits: a good read for those not familiar with "client honeypots" or "honeyclients"

Tomorrow's Security Cogs and Levers by Mark Curphey: this chapter exudes pure awesomeness and is the best in the book; read it three times already and plan to read a few more. Sorry that it sounds cliché, but this chapter definitely stimulates new, beautiful ways of "thinking security"!!

Security by Design by John McManus: a very good chapter that mixes NASA, security and software design. Read it and learn from it.

Forcing Firms to Focus: Is Secure Software in Your Future? by Jim Routh: great chapter that describes one company's battle for securing software (first, its own and then 3rd party)

Oh No, Here Come the Infosecurity Lawyers: way too much ROI and ROSI to my taste; also has ALE horror. Killed all the fun for me.

Beautiful Log Handling by Anton Chuvakin: eh...make your own opinion here :-)

Incident Detection: Finding the Other 68% by Grant Geyer: good old data correlation of IDS alerts, logs and other information is covered in this well-written chapter.

Overall, this was BY FAR the most insightful and enjoyable security book that I've read in a long time (the previous one was Geekonomics, BTW)


You might also be interested in:

News Topics

Recommended for You

Got a Question?