Free information security books
After the post about Security Engineering being released as a free download, I thought I’d poke around to see what other free security related books and guides are available:
- The Handbook of Applied Cryptography is freely available as individual PDFs.
- The Open Web Application Security Project has their very comprehensive Guide to building secure web applications and Web Services available for free in PDF, MS Word and other formats.
- David Wheeler’s excellent book Secure Programming for Linux and Unix HOWTO is essential reading for all programmers. In fact, it’s so excellent that it mentions our paper Writing Secure Web Applications in the bibliography
. - Linuxtopia has a great collection of free Linux security books and guides.
- Sean Boran as published his IT Security Cookbook in HTML format
- A huge list of security and other books is maintained at InfoSysSec
- Links to several security books are found at freecomputerbooks.com (find the section "Special Topics" then click "Security")
- Bruce Perens, originator of the term "Open Source" and former lead of Debian Linux, has a series of books from Prentice Hall available as PDFs. Two security-specific books in the series are Open Source Security Tools: A Practical Guide to Security Applications and Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID. The URL on Bruce’s site currently returns an error, but luckily the ever-watchful Wayback Machine has archived the original page.
- O’Reilly provides several of their older and out-of-print books in viewable HTML format on their Open Books page. None are specific to security but there is guidance on linux firewalls in the Linux Adminstrators Guide and Samba-related security in Using Samba. O’Reilly also published selected chapters from many of their current security books as PDFs.
- The National Academies is a U.S. federal organization that publishes hundreds of academic books and papers for purchase, reading free online in HTML format, and some for download as PDFs. Some titles in the collect concern information security. Finding them is a little difficult since there’s only a search engine. To locate infosec titles, try this incredibly long URL.
There are also many sites offering downloads of books without author or publisher permission, but I won’t link to any of those.
That’s all I could find at the moment. If you know of any other sources of legal freely available security books, please leave a comment so readers will know.
Related posts: