Ethical Hacking Books

Ethical Hacking Books

Ethical Hacking

Web Security, Privacy and Commerce by Simson Garfinkel


  • Great book! It provided me with the information that I was looking for and is an easy read. It is definitely a good start.
  • Good read, but primarily as an introductory primer. General info and comprehensive, with good discussion and resources.
  • This book is easy to read and describes basic security principles and technologies in an understandable manner.
  • I highly recommend this book to anyone that wants to develop a detailed understanding of the significant issues that affect doing business on the web.


Hacking: The Art of Exploitation by Jon Erickson


  • Absolutely recommended, although not recommended for someone with very little computer knowledge, or someone that have never written a line of code before, if that is your case this will be very difficult to pick up.
  • This is a great read for people who want to know the nuts and bolts of exploitation.
  • I would recommend it to anyone, who has a reasonable skill in assembler and C and needs to get some awareness of security vulnerabilities.
  • If you have a need to understand how the tools work and how to actually find exploits then i highly recommend it.
  • It is very good and lives up to my expectations.


Gray Hat Hacking, Second Edition: The Ethical Hacker's Handbook by Shon Harris


  • Overall, a fantastic read. Even if you don't plan to enter the field on a business level, if you have interests in computer security it's worth getting.
  • This book is a great reference for penetration testing. I would recommend it to anyone.
  • Good content. May be a bit outdated now. But it's not as thorough as I'd like. More about tools than concepts.
  • This book is written in a straightforward manner, right to the point, hands-on exercises and all
  • This book is very informative and well worth the reading.


Web Security Testing Cookbook. By Paco Hope


  • This book contains some non-Windows stuff
  • The focus is on testing and using tools to find problems.
  • It's good , I learned more about security from this book
  • Very good and impressive.
  • Excellent book!!


The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws by Dafydd Stuttard


  • This book is recommended for web hacking.
  • This is a very good book with lots of examples.
  • It also shows you the tools which will get you started.
  • This is by far the best text I have ever come across on the topic of web application vulnerability exploits.
  • Strengthening your websites would be the most benefit from reading this book most likely.
  • Get the book if you are not keen on vulnerable cookie-cutter code and hacker prone pages.


The Tangled Web by Michal Zalewski


  • A great reference book for all security web engineers.
  • The book provides systematic coverage of browser security.
  • It's an impressive web and browser inside out. This book is for you, if you want to learn the pitfalls.
  • It's certainly a book for application security professionals, not for beginners.


Cryptography Engineering by Niels Ferguson, Bruce Schneier, and Tadayoshi Kohno


  • This is an excellent buy. It's a "middle ground" book and probably the one you should start with if you are interested in practical cryptography.
  • A great book for those wanting to broach into the CYBERSECURITY space...
  • The focus is on the engineering and security aspect, rather than the theoretical or mathematical.
  • I would recommend this book to anyone newish to cryptography that wants recommendations on which crypto algorithms or methods to use.


Exploiting Software: How to Break Code by Greg Hoglund and Gary R. McGraw


  • This book is an in-depth look at black hat techniques for finding and exploiting software vulnerabilities.
  • This is a great reference both for reverse engineering beginners and for coders who have done some reversing.
  • This book is a great review of software security and deserves to be on any security professional's bookshelf.
  • The one major strength of this book, from a computer science viewpoint, is its emphasis on "attack patterns".


A Bug Hunter's Diary by Tobias Klein

  • This book is really good for getting a feel for the mindset and process required for vulnerability hunting.
  • Well it's a good book, not excellent because has not steps to do things or present the same case on different views like "case study".
  • If you're interested in bug hunting, this is the book you want.
  • This is a very good book. But make sure you have great coding skills in order to take advantage of all that the book can offer.
  • It's an excellent book for security professionals/researchers and web application penetration testers.
  • Excellent book, easy to read, interesting content. It is inspiring for writing better and resistant code.


Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Gordon Fyodor Lyon

  • Great book about NMAP. A bit dated but still excellent.
  • Reads well and dives deep on nmap, technical, and operation flow, some funny stories in there to.
  • If you're looking at doing network analysis, this book is a must-read and inexpensive compared to most IT-field references.
  • Too much information, but that's why I bought this book! nmap is crazy powerful and this book tells it all!

SQL Injection Attacks and Defense by Justin Clark-Salt

  • This is definitely a book to get if you want to learn SQL injection from the ground up.
  • This book is awesome! Any security researcher, web developer, pen tester, or student should read this!
  • Anybody interested in databases should read this. It has tons of code examples in it - MySQL, Oracle SQL, SQL Server, PostgreSQL, Java, C#, and PHP.
  • This is a great resource for penetration testers, recreational hackers, and security professionals. I highly recommend it.
  • Great book so far, great explanations and useful stuff

Metasploit Pentesters Guide by David Kennedy

  • Good book. However, it is a bit outdated.
  • Best book I've seen on Metasploit. This book provides excellent coverage of MANY of the features in Metasploit. Highly recommended.
  • This book will not only help you master Metasploit, it will give you different approaches that can be deployed to a variety of pen tests.
  • It's a fantastic introduction to penetration testing. The material is voluminous and will take hands-on use to really understand.
  • Great book for starters to this framework, like myself. Very much enjoy the writing and steps listed in the book.

Web Application Hacker's Handbook Edition 2 by Dafydd Stuttard and Marcus Pinto

  • Great book for intermediate-advanced people with webapp/security experience. I certainly wouldn't recommend it for beginners.
  • This book offers tons of techniques and strategies for attacking and defending web applications.
  • The book is very good with relevant information.
Docker Books (Prev Lesson)
(Next Lesson) Data Science Books