I just finished reading RSnake’s new book Detecting Malice and I can say without a doubt that it is one of the best technical books I have ever read. Furthermore, I can tell you that it is, without a doubt, the best web security book I have ever had the pleasure to read. Imagine a book that is as engaging as RSnake’s or Jeremiah’s blog, but even more so.
This is not a book on how to build secure websites, there are plenty of those already. This is a book for security practitioners who get to deal with the site after it’s been built and deployed. It is full of great advice and information about not just how to detect attacks, but also how to distinguish between human attackers, regular users, bots and spiders.
This book should be on the purchase list of every security geek and if Rob hadn’t graciously given me a copy, I’d have already sent him my $40. Send him your money and make him a rich man.