Just about every conference I speak at someone comes up to me and says, “I’ve been reading your stuff for years, but you don’t write anywhere near as much as you used to - what happened?” Alas, I actually have been writing more now than I ever have before. Just not on this blog. My latest endeavor has actually been the most ambitious writing experiment I have ever undertaken. I decided to write a new book from scratch with no outside additional authors. For those of you who’ve done it or tried it, you know what I’m talking about. I shopped the book around to a number of publishers, but in the end, I decided to pull the publishing rights back from O’Reilly (yes, it was going to be an O’Reilly book for a while) and after working with a few other potential publishers I eventually decided to simply drop the price and make it an eBook.
When I originally started writing the book it’s working title was “The First 100 Packets” because it was going to be all about what you could detect about user intentions within the first 100 packets - makes sense, right? Well, as I wrote it I started thinking that was a worse and worse title because, of course, long term user disposition is a really important and related topic (and just as interesting to me as well). So I up-ended the book and re-wrote a big chunk of it and the title became "Detecting Malice". You can check out the website for a table of contents. Now, why should you buy this book?
What if you could get the equivalent of 500 hours of my brain shoved into one big 300+ PDF book for only $39.95? What if it was written very similar to this blog, in bite sized chunks and from my own voice, so it wasn’t stuffy and boring like a lot of technical books tend to be? I’m honestly very proud of this book and I think it’ll have a lot of value for anyone who is tasked with the horrible job of trying to secure a website, as opposed to breaking into it. As such it’s also not for everyone as it was not written with offense in mind at all. This is not a book to learn how to be a better penetration tester! This is a book for people who want to know how to detect malicious users, and understand user intent through data analysis.
Anti-fraud and fraud loss prevention is an important area of security that I don’t talk about all that much on the site, mostly because security is less sexy than hacking - let’s be honest. I’ve received a lot of flak over the years for not talking about security enough from those who are on the defense side. People have told me that I focus way too much on the hacking side of things and don’t help the good guys out enough. Well, consider this my big contribution to the area of anti-fraud research! Like I said, I’m actually very proud of this book for its technical merits but feedback is always welcome as I revise it and make it better in future revisions.