Paid Advertising
web application security lab

Detecting Malice eBook

Just about every conference I speak at someone comes up to me and says, “I’ve been reading your stuff for years, but you don’t write anywhere near as much as you used to - what happened?” Alas, I actually have been writing more now than I ever have before. Just not on this blog. My latest endeavor has actually been the most ambitious writing experiment I have ever undertaken. I decided to write a new book from scratch with no outside additional authors. For those of you who’ve done it or tried it, you know what I’m talking about. I shopped the book around to a number of publishers, but in the end, I decided to pull the publishing rights back from O’Reilly (yes, it was going to be an O’Reilly book for a while) and after working with a few other potential publishers I eventually decided to simply drop the price and make it an eBook.

When I originally started writing the book it’s working title was “The First 100 Packets” because it was going to be all about what you could detect about user intentions within the first 100 packets - makes sense, right? Well, as I wrote it I started thinking that was a worse and worse title because, of course, long term user disposition is a really important and related topic (and just as interesting to me as well). So I up-ended the book and re-wrote a big chunk of it and the title became "Detecting Malice". You can check out the website for a table of contents. Now, why should you buy this book?

What if you could get the equivalent of 500 hours of my brain shoved into one big 300+ PDF book for only $39.95? What if it was written very similar to this blog, in bite sized chunks and from my own voice, so it wasn’t stuffy and boring like a lot of technical books tend to be? I’m honestly very proud of this book and I think it’ll have a lot of value for anyone who is tasked with the horrible job of trying to secure a website, as opposed to breaking into it. As such it’s also not for everyone as it was not written with offense in mind at all. This is not a book to learn how to be a better penetration tester! This is a book for people who want to know how to detect malicious users, and understand user intent through data analysis.

Anti-fraud and fraud loss prevention is an important area of security that I don’t talk about all that much on the site, mostly because security is less sexy than hacking - let’s be honest. I’ve received a lot of flak over the years for not talking about security enough from those who are on the defense side. People have told me that I focus way too much on the hacking side of things and don’t help the good guys out enough. Well, consider this my big contribution to the area of anti-fraud research! Like I said, I’m actually very proud of this book for its technical merits but feedback is always welcome as I revise it and make it better in future revisions.

49 Responses to “Detecting Malice eBook”

  1. Sébastien Duquette Says:

    I’d like to know more about this book but the link you give is currently 403 Forbidden. Don’t be such a teaser ;-)

  2. RSnake Says:

    Sorry, my bad - Just updated the link.

  3. Meh Says:

    That site looks… weird.
    Like those sites selling that “Omg make 999999 dollars a day!!1″ kit things.

    On the other hand, its made by RSnake, so it has to be good. Right?

  4. Sébastien Duquette Says:

    Am I crazy or the book website looks just like those become-rich-in-2-weeks-ebook scams websites ?

  5. RSnake Says:

    @Meh and Sébastien - that’s because you CAN make millions of dollars per day doing nothing!!!

  6. Meh Says:

    @RSnake - Oh yeah? Tell me one of those sites that aint a scam. (Not counting yours)

  7. RSnake Says:

    The bank robbery one. ;)

  8. RSnake Says:

    Or, like Madoff - ponzi schemes!

  9. Meh Says:

    Dumb questions:
    1.What is the update thing?
    2.Do you send the entire book every update?
    3.Do I have to pay before I can input my email there (and actually get emails)?

    If the answer to 2 is yes and the one to 3 is no, wouldn´t that be a way to get the book for free?

  10. RSnake Says:

    @meh - dumb answers:

    1) It’s so you can recieve notifications about new versions and so I can email you and let you know something about X chapter has changed in the world. Like the fact that X hacker group has built Y exploit that works against Z analytics.
    2) No
    3) No - I’ll give anyone updates that wants them. Those are free.

  11. rvdh Says:

    Is this some new MLM scheme? If yes, count me in. ;)

  12. rvdh Says:

    Why don’t you publish it at then you control the price too, they have hardcover as well as e-downloads, without setup fees.

  13. RSnake Says:

    @rvdh - because I’m new to this whole eBook thing, frankly. I just wanted to get it out there. I was kinda tired of having it just hanging around on my computer doing nothing.

  14. bitmonger Says:

    FYI, I’ll likely buy it, but I’d never have bought it if I found that site first.

    I imagine its a complex call, but I wouldn’t have recognized your name either… I’d have recognized rsnake of course.

    The page sets off so many red flags its not even funny…
    I don’t think you have your target audience right either… Based on the table of contents, I expect it to be a good book, but the scare marketing really hurts its credibility.

    Here are the red flags that I see…

    * “WE GUARANTEE YOUR CONFIDENTIALITY.” — with what exactly? A Guarantee implies I get something. A promise is just a promise. This isn’t even that since there is no specificity. I don’t know what the guarantee is offering … an apology maybe? ;) … Do I get my purchase back? a $100? what? Do I find out if your database is stolen?

    * You mention you briefed many organizations. You don’t say anything about your role in elevating XSS or CSRF visibility or any other vulnerability. It looks like a get rich scheme because there is ’secret knowledge in the book that will make me awesome!’ Thats a terriable hook in my opinions. I’d only buy the book b/c I know you and because I know something about many of the subjects in the book and I gather despite the website’s appearance it will not be bullshit.

    * FREE! (This is the era of the internet everything is free just about.) My time is not. Free is not a very good hook and its a red flag and makes me not want to give out my email.

    * The site has too much text is jarring fonts. It is screaming at me. I only
    read it because I followed the link from here.

    * I have no site I am personally vested in defending. I will likely buy the book. I think I am like many of people interested in the book. I might write patches to apache modules or work on libraries used by web developers, but my point is the same. I think you got your audience wrong.

    Writing this page imagining it will not be read by security people is a mistake, IMO.

    I love your blog and I will likely buy this.
    I hope this is helpful feedback.

    Best of luck!

  15. MikeA Says:

    Congrats - about time this came out ;)

    Are you not doing a “dead tree” version? As much as I like the idea of PDF books, I hate reading large quantaties of text on a screen. I’m only going to print this out, and usually when one does that it doesnt look nearly as good as professional printing (especially doesnt look as good on my shelf next to all the other dead trees).

  16. RSnake Says:

    @MikeA - I toyed with the idea of a dead tree version and I still might at some point, but I wanted to get it out quickly, so I opted for the self publishing route. But come on - you’ve got a laptop and you travel enough. I know you. You’ve got nothing better to do on that 4 hour flight from CA to NY. ;)

  17. Meh Says:

    I like how it says something like “Oh my god BUY THIS BOOK BEFORE YOUR WEBSITE GETS HACKED INTO THE GROUND, your dogs gets MURDERED, your wife RAPED and your kids… uhm, RAPED TOO”

    I know that the book is awesome, but this way of, uhm, “marketing” is just, you know, stupid.

  18. RSnake Says:

    @Meh - agreed… the marketing isn’t for you. The book is. ;) The SEO guys I know convinced me that if I want to appeal to the wider webmaster market I had to dumb it down a tad. Consider your intelligence being insulted for the good of all humanity. ;)

  19. RSnake Says:

    @bitmonger - it’s a hard call. I actually totally agree with you and I had no intention of even making a paid version of the book in the first place. So that site came to be within the last two weeks. It’s also meant to be read by everyone and not just security people, so that’s why the text sucks. The book sucks significantly less than the website, IMHO.

  20. dale Says:

    Judging by the TOC your book looks like it should be great. But the web page really puts me off.

    If you actually read the whole page it makes sense, but the very top part of the page (above the fold) really does not look professional. Like other people have mentioned in the above comments it looks like one of those scam sites.

    This is great…

    “Could Your Business Survive A Hacker? Detecting Malice Is Filled With 300+ Pages of Must-Have Technical Insights From One of the Foremost Minds in Web Application Security!”

    …but its the way the page looks that’s the problem. The book looks good, you are obviously an expert, but your page really doesn’t sell it to me.

    Sorry to be so negative, you have obviously spent a lot of time on this and are right to be proud. I wish I had so much expertise in a subject I could write a book like this.

  21. Nilesh Says:

    Hi Rsnake,

    Is this book available in India at INR (Indian Currency) price?
    Is there any Indian edition available?
    I would love to buy this book.


  22. Lisa Says:

    The web page for the book really is awful. It doesn’t have to be so cheesy and tacky in order to be “dumbed down”.

    It wouldn’t take that long to clean it up.

  23. Hannibal Says:

    Rsnake. Come on man. You are my hero. You are the one that defies everything. Don’t sell yourself to the Marketing people :( Fuck em :( I know you could do a better sailes webpage then any of those fucking marketing assholes. COME ON! Step up! Sell your book as you dreamed it would be advetised and sold. Be a Man damn it :) Be the man i learned to love to read.. Please?

  24. RSnake Says:

    @All - okay okay, point taken - I’ll look at revising it this weekend when I have a little time. Fear not!

    @Nilesh - PayPal may take Indian currency, but I can’t say for sure. Did you try to go through the shopping cart to see?

  25. gr00ve Says:

    is the downloadable pdf drm free?

  26. Robert Says:

    I would love love love a hard-copy of this. Sure, eBooks are more convenient, but reading books on a computer just doesn’t feel right.

  27. RSnake Says:

    @gr00ve it is DRM free, although it comes with a copyright not to transmit. So… pretty much what you’d expect from any eBook. But I have psychic powers that tell me people will transmit anyway. Bastards - all of them.

    @Robert - you could always print it if you want. This is my commitment to the save a tree program. ;)

  28. Steven Says:

    Could you please post the md5/sha1 hashes of the ebook?

  29. Steven Says:

    One of the beauties of the internet is that domain names are not case *in*sensitive. I think you want to remove the ‘in’. :)

    Also could you please post the md5 and sha1 hashes of the book.

  30. Nilesh Says:

    @Nilesh - PayPal may take Indian currency, but I can’t say for sure. Did you try to go through the shopping cart to see?

    I checked but I am not sure whether Paypal will make it in Indian Currency.
    Anyways, I will wait for Indian Edition if launched,that will be economical one for me.


  31. Hannibal Says:

    Yaaaaaaaaay!! :) Thanks man i knew that you are my hero for a reasone. :)

  32. Picci Says:

    I guess it’s gonna be on p2p networks in no time…
    Hence most ppl will read it off “secondary sources”
    I haven’t bought it yet so i can’t tell if you’ve already done this, but I encourage you to stick an “if you like it consider paying for it” sign on some random page ;)

  33. RSnake Says:

    @Steven - the version you have is already out of date thanks to your own errata (thank you for that, btw). So sha1/md5 wouldn’t match.

    @Picci - Yeah, I do hope people buy it if they like it, but I also hope for world peace, and a private jet, and a mansion and…

  34. Steven Says:

    How do I get the up-to-date version?

  35. RSnake Says:

    @Steven - I’ll be sending out email updates to anyone who signs up to the email newsletter on the website. It’ll probably be a few weeks before the changes settle down where it’s worth sending out a new update to everyone.

  36. yaya Says:

    Well I must say that you should fire your SEO people and copywriters. Long copy generally works on people that are not focused and what a quick fix “they get bored and want to jump to the buy it now button”. From what I see with the table of contents your target market is going to be people from a technical background. This target market will by nature attempt to read all the copy and will not like the message and the delivery. For example today I have had to spend over two hours of my time talking to vendors trying to sell me crap, when I seen this site I thought “great more crap”. That being said I have read some of your other work and respect the quality of it. I will be buying this book but I recommend reviewing work of people like clayton makepeace for ideas on how to breakdown your target audience and deliver what they want and how they want it.

  37. RSnake Says:

    @yaya - like everything that’s free, I got what I paid for. It wasn’t paid advice. It was simply bad free advice.

  38. sirdarckcat Says:

    The ToC looks very cool actually.. I agree with rvdh, you should send it to

    Oh, and change the design, I recommend you google sites ;) 100% safe hehe.

    Greetz! and congrats for the book :)

  39. RSnake Says:

    @All - for everyone who hated the look and feel of the website, if you hadn’t noticed, I revamped it just for you guys. Hope it’s a little less caustic.

  40. Ben Says:

    Site looks much better now.

    “When you purchase the link below, you will be taken to your download immediately.”

    When I purchase the link?

  41. BigWorrrrrrrmmm Says:

    That E-book site needs to have this posted at the top:

    “Matthew Lesko presents…”

    But, I was more shocked to find the PDF actually contained malicious javascript embedded in it.
    Now I am stuck with AntiVirus-Pro 2010.

    You sneaky guy you !

    (ok, ok.. just kidding)

  42. RSnake Says:

    @Ben - Yes, damnit, purchase my link! Okay, fine, fixed. ;)

    @BigWorrrrrrrmmm - How else am I going to make millions of dollars a day doing nothing than infecting my eBook? Silly haX0r.

  43. Khan Says:

    What scares to me is that the purchase site is something called “clickbank”:

    But when I go to either

    I get nothing (yep, 404, etc).

    Would someone in its sanity trust in such a site? And give it credit card details?

    Not me, certainly.

    Sorry “Mr RSnake”, but I think that for some reasons “real” publishers are in the market.

    Sorry for this,


  44. RSnake Says:

    @Khan You’re linking to the wrong site, which is why you don’t see anything. is their main site. But if the way their site is constructed worries you this much, don’t buy it, or use a pre-paid credit card. Simple solutions to simple problems, my friend.

  45. Nicob Says:

    It would be really great if we could buy your book on Lulu, like the OWASP’s ones.

    Please please create an account on Lulu and let us buy a printed “Detecting Malice” !!!

  46. Johannes Says:

    Great RSnake

    I’ll be reading it during the Christmas holiday!

  47. MustLive Says:

    RSnake, good luck for your eBook. And I wish that all your books (existent and new, paper and ebook) are selling well ;-).

  48. Steven Says:

    How do you give out updates? I signed up for the list, but never got any emails.

  49. albino Says:

    Consider me on the list of people who’d buy it in hard copy.