7 of 8 people found the following review helpful
Unusual security book that appeals to history-minded readers,
This review is from: Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques (Paperback)
Ninja Hacking is not a typical digital security book. When I saw the title I expected the use of "Ninja" to be a reference to a style of digital attack. While this is true to a certain extent, Ninja Hacking is about actual Ninja concepts applied to the digital world. The book is an introduction to Ninja history and techniques, applied to the modern digital security context. That was not at all what I expected, but I found the result intriguing.
Ninja Hacking is well-written and coherent, with real effort made to thoroughly apply Ninja tenets to digital problems. Unusual for a book of this sort, Ninja Hacking is well-sourced (using endnotes) and surprisingly well integrated into other Syngress titles. Rather than rehash or summarize material published elsewhere, the Ninja Hacking authors are comfortable directing readers to previous works for more information on topics like managing a penetration test. This approach kept Ninja Hacking focused and relevant.
My primary critique of the book is that some of the comparison between Ninja and modern digital intruders seems forced. For example, p 20 says "black hats simply do not have the financial backing that white hats have." The authors state this to maintain their perceived similarity between Ninjas and black hats. However, that financial outlook is not true for many black hats. Multiple teams of black hats are exceptionally well-funded compared to the 1-person or no-person security operations at the hundreds of thousands of small-to-medium businesses exploited each year. Some well-resourced black hats work for organized crime groups, while others are state-sponsored. Thankfully, this one aspect of the authors' philosophy doesn't really impact the book's core message.
Overall, I like Ninja Hacking more for the discussions of ancient Japan than for the application to digital security. Still, perhaps others will be inspired to make comparisons between military and quasi-military forces of old and modern digital actors?