
Free Must-Have “Security Engineering” Book - grecs
https://www.novainfosec.com/2013/04/03/free-must-have-security-engineering-book/
======
lawnchair_larry
Non-blogspam version: <http://www.cl.cam.ac.uk/~rja14/book.html>

Also, I really don't understand why this book gets so many recommendations. I
can't figure out who the target audience is or how it adds value to the field.
I think all that I can tell is that the target audience is not me.

To be honest, it feels like some of the Schneier books that give you a lot of
those "Aha!" moments, but don't actually have a lot of information. Maybe I'm
missing something.

Edit: Damn, this guy has been blogspamming HN twice a day for like a year. 5
submissions to his blog in the last 2 days.

~~~
justincormack
I recommend it as a starting point for people who don't know what security is
about. It is also good for people who think security is about cryptography.
Its about thought process more than information.

Ages since I read it though.

~~~
lawnchair_larry
That makes sense.

------
gyepi
Free is fine, but this book is worth acquiring in paper.

I have both editions and cannot recommend it enough. If you are responsible
for the security of any kind of system and have not read this book you may
want to fix that asap.

~~~
tptacek
I have seen this book recommended 1000 times but never did more than skim it.
Help me out: what do you like about it?

~~~
Jabbles
I would recommend this for "non-security" software engineers. i.e. those that
don't specifically work in your field, but who must (I'm sure you'll agree)
have a basic overview of what comprises a secure system, and a flavour of the
kind of problems security engineers face.

That's it though. It covers the essentials. It will not teach you
cryptanalysis. But it may inspire a student to choose a career in security, as
it is well-written and has interesting stories from history.

I particularly recommend Chapter 13: Nuclear Command and Control - it's not at
all relevant to what my job is (I'm sure you couldn't say), but I found the
problem of balancing "absolutely must not go off by accident" and "absolutely
must go off if the president says so" quite fascinating.

So I can't recommend it to you, as you're not its target audience. But I
recommend it to every other software engineer - the chapters are quite self-
contained so you can easily spread the reading out over several months (as I
did).

------
ggamecrazy
I use it for class, I bought the book before searching if it was free :/. You
can use it to kill someone -> <http://i.imgur.com/ytr9PZa.jpg>

------
joshrotenberg
* ... essential reference for any seasoned or up in coming security pro.*

Up 'and' coming.

(Friendly edit)

------
WhoIsSatoshi
it's unfortunately per chapter... rather cumbersome :(

~~~
SkyMarshal
wget -rA "SEv2*.pdf" --no-parent --level=0
<http://www.cl.cam.ac.uk/~rja14/book.html>

~~~
dmiladinov
Stitch those PDFs together while you grab coffee! Run this in the directory
where you just wgot the pdfs:

    
    
        files=`ls | grep toc && ls | grep pref && ls | grep ack && ls | grep c && ls | grep bib && echo ls | grep index`; gs -dBATCH -dNOPAUSE -q -sDEVICE=pdfwrite -sOutputFile=SecurityEngineering2ndEd.pdf $files
    

When you get back, you should have a single file, SecurityEngineering2ndEd.pdf
(edit the command to name yours whatever you like)

Edit: This assumes you're running a unix variant and have ghostscript (gs)
installed

Edit: Use this instead in case toomuchtodo's dropbox link doesn't work for you
(like what happened for me: _"This account's public links are generating too
much traffic and have been temporarily disabled!"_ )

~~~
keenerd
GS is really slow at this. Pdfunite from Poppler is faster.

    
    
        wget http://www.cl.cam.ac.uk/~rja14/Papers/book2coverlarge.jpg
        convert book2coverlarge.jpg cover.pdf
        pdfunite cover.pdf *toc.pdf *pref.pdf *acks.pdf SEv2-c*.pdf *biblio.pdf *index.pdf SEv2.pdf

~~~
ableal
Debian/Ubuntu repositories have pdftk, which has been good enough for all my
PDF merge/split/etc needs.

E.g. 'pdftk *.pdf cat output combined.pdf'; 'pdftk -h' has more examples

