This book, written by Gildas Avoine, Pascal Junod and Philippe Oeschlin, is a collection of eight chapters and 106 solved exercises. Each chapter proposes an introduction to a generic problem encountered in computer security systems. After the introduction, the authors propose a set of exercises. Of course, the authors also reveal the succinct corresponding solutions. In a simplified summary, each chapter proposes a lesson, the examination and the corrected results.
The “lessons” are very basic. I would even state too basic. If you are already knowledgeable about the topic, then you will probably learn nothing. If you are not knowledgeable, then you will just get a glimpse of the main issues. Fortunately, the bibliographic references often allow exploring more in details the topic.
The book, initially written in 2005, neglects (or does not give enough emphasis to) the newest threats such as web services exploits. For instance, there is no emphasis on XSS or Cross Site Reference Forgeries (XSRF). It does not present the latest “hot” trends such as the use of cloud for anti viruses or intrusion detection. A revised version should add several new chapters taking into account the Web 2.0 environment, more detailed application vulnerabilities…
Should you read this book? If you are a student in security computer science, then this book is for you. It is a kind of book of past exams. Would you succeed to solve all the exercises, then you are pretty ready to get graduated. If you are not a student, you may read it for fun or to refresh aging knowledge. If you are looking for an introduction to computer system security, try another book or even better several dedicated books.
Sadly, readers who do not understand French will lose the touches of humor of the names used in the exercises. Thus, readers may encounter Salem Enthal, Mehdi Khamenteux, Sosie Sonsek… :Happy:
A more detailled review is available at IACR book review.