Hacking APIs as part of our security testing is one thing. Understanding how and why our opponents might do this is an entirely different beast.
A while ago when I wrote about 5 Books Every API Hacker Should Read I’ve had several requests for other books to recommend. I have so many books I’ve read over the years, it’s hard to pick just a few. But when I think about the threat actors we’re trying to defeat with our API security testing, some unorthodox books surrounding the history and future of cyberwarfare come to mind.
And the They are great reads To take it with you on your travels and enjoy your upcoming holidays.
Even better, I bought a few more copies of my favorite books, and are going to give them to one of my readers. Find out how you can get in at the end of this article.
How does electronic warfare relate to API security testing?
So before I go through my list of book recommendations, I want to start with that if you’re a builder or hacker who wants to do API security testing, the reality is to understand the tactics and motivations of how your opponents engage with and take advantage of these systems. .
You may notice that I recommend a few books that focus on the dark history of electronic munitions, how they are used by government agencies, and how politics and the military complex shape how things are today.
This is without accident.
These books will open your eyes to the true potential of what happens when your adversaries can exploit the applications and infrastructure you are responsible for testing. They may excite or intimidate you when you realize the impact of your work.
Book #1: So They Tell Me the World Ends: The Cyber Arms Race
author: Nicole Pearlroth
Customer evaluation: (4.6)
Publisher: Bloomsbury Publishing. First edition (February 9, 2021)
Hardcover: 528 pages
ISBN 10: 1635576059
ISBN 13: 978-1635576054
The US government has long been the dominant controller in the world for zero days, paying top dollars to hackers willing and able to sell their exploit code behind walls of secret ratings and non-disclosure agreements. At first, exploit developers were making thousands; It grew into millions.
Then they lost control of his stock and the market. And the world turned.
Now those zero days are in the hands of bad guys and bad guys all over the world who could care less if you lose your votes, lose your power, or share your secrets.
Nicole Perlroth book.This is how they tell me the world ends: the cyber arms raceAn in-depth look at the history and current state of cyberwarfare. Perlroth, cybersecurity correspondent for The New York Times, provides an insightful perspective on the ever-evolving world of black and gray markets in the zero-days, the cyberattacks that cause them, and the actors that perpetrate them.
One of the strengths of this book is that Perlroth provides detailed information about highly publicized events, such as the Russian hacking during the 2016 elections, as well as events that received less attention, such as a cyberattack on a small Lithuanian bank in 2015. This allows readers to Gain a more comprehensive understanding of electronic warfare around the world.
In general, I foundThis is how they tell me the world ends: the cyber arms raceTo be an informative and engaging read. It provides valuable perspective on one of the most complex and rapidly evolving areas of our world.
Book #2: The Dark Zone: The Secret History of Cyberwarfare
author: Fred Kaplan
Customer evaluation: (4.5)
Publisher: Simon & Schuster; Reprinted edition (March 28, 2017)
Paperback: 352 pages
ISBN 10: 1476763267
ISBN 13: 978-1476763262
It’s hard to believe, but in 1983 the movie came out War games He played a critical role in launching the first presidential directive on computer security. After watching the movie, Ronald Reagan asked his top generals if it was reasonable for a child to hack into the Pentagon in this way. After discovering this, it changed the way the government thought about computers, software, and security.
in The Dark Zone: The Secret History of Electronic Warfare. Fred Kaplan provides a detailed history of electronic warfare. Kaplan, national security correspondent for The Washington Post, draws on his years of experience writing on this topic to provide readers with an in-depth understanding of the origins and evolution of cyberwarfare.
Kaplan covers important stories that highlight some of the largest government computer hacks, including Solar Sunrise, Moonlight Maze, and Operation Buckshot Yankee. Its stories explore players and their characters and provide an entertaining glimpse into how information warfare teams attack and defend systems around the world.
One of the strengths of this book is that Kaplan provides detailed information about the critical events that shaped the cyberwar landscape… including 9/11, the Sony Pictures hack, and even lesser-known incidents like the cyberattack on a vital Saudi petrochemical plant. You could tell he probed the inner corridors of the National Security Agency and the top-secret cyber units inside the Pentagon to uncover some of the details and secret history of the men and machines behind the hack.
have found The Dark Zone: The Secret History of Cyberwarfare Be entertaining and easy to read. If you’ve ever wondered how the United States’ national cyber policy has been formulated over the years, some of the interesting background in this book sheds light on the process. It reveals the fact that for decades, offensive security has been more important than defense in the corridors of the agencies that drive critical decisions.
Book Three: The Sandworm: A New Era of Electronic Warfare and the Search for the Most Dangerous Kremlin Hacker
author: Andy Greenberg
Customer evaluation: (4.7)
Publisher: Anchor (20 October 2020)
Paperback: 368 pages
ISBN 10: 0525564632
ISBN 13: 978-0525564638
When thinking globally about offensive security, electronic warfare, and the resulting electronic munitions, we cannot exclude Russia. Sandworm, a unit within Russia’s Military Intelligence Group (GRU), has been attributed to many of the most impactful cyberattacks from around the world.
in “Sandworm: A new era of cyberwarfare and the search for the most dangerous Kremlin hackerAndy Greenberg tells the story of the rise of cyberwarfare and the hackers responsible for it. Greenberg, a reporter for Wired magazine, draws on his years of experience writing on this topic to provide readers with an in-depth understanding of the origins and evolution of electronic warfare.
In the book, Greenberg covers the sheer cruelty with which Sandworm attacked Ukraine. They have targeted every aspect of Ukrainian society… from government servers to entire media organizations and even transmission hubs. The ATM went dark. The trains didn’t run. Hundreds of thousands of innocent Ukrainians fell into darkness after Russia removed the power grids.
It was a prelude…a practice for more nefarious activities to come.
And Greenberg shows that Sandworm’s activities are not limited to Ukraine.
“On the web, we’re all Ukraine,” Greenberg wrote. “We all live on the front line.”
The book explores some of the most notorious cyberattacks, such as BlackEnergy, Bad Rabbit, and NotPetya, and how Russia weaponized Internet traffic and malware to get backdoors on victims’ computers around the world.
In general, I foundSandworm: A new era of cyberwarfare and the search for the most dangerous Kremlin hackerTo be an informative and engaging read. You can learn a lot about the minds of Russian hackers and how patient they are in finding vulnerabilities and exploiting them in the most interesting places. You know… the software you might well be responsible for testing API security.
As you can see from these book recommendations, the history and future of cyber warfare is due to the resilience of the applications and infrastructure that we are responsible for testing.
Enemies weaponize vulnerabilities in the software and services that run everything from critical infrastructure to coffee dispensers. Heck, earlier this year we saw hacking group Anonymous, with help from Ukraine’s IT Army, inflict physical denial of service in the heart of Moscow by Attacking taxi company APIs.
These three books are easy to read on holidays. It may very well open your eyes to why it is important to think more offensively when hacking an API. Entertaining and educational, you have to read these books!
Want your own copies of my favorite books?
I purchased an additional copy of each of these books. I will be giving it to one of my readers on November 21st. head over https://danaepp.com/giveaway And enter for your chance to add these great resources to your hacking library. I will even pay to have books shipped anywhere in the world.
Good luck and God bless you!
*** This is a security blog shared by the Bloggers Network from Dana Ebb’s blog composing Dana Ep. Read the original post at: https://danaepp.com/3-cyber-warfare-books-every-api-hacker-should-read-over-the-holidays