Found in 3 comments on Hacker News
dmix · 2018-03-21 · Original thread
If you don't know who this is, he wrote one of my favourite books on web (browser) security: "The Tangled Web" [1].

Another lesser known book by him is also worth a read: "Silence on the Wire" that takes a look at the full information security stack from the keyboard you type on, to the wires the data transits, to the internet protocols, etc [2] and looking at how each stage exposes/protects data.

And has quite an interesting history in infosec beyond that [3].

[1] https://www.amazon.com/Tangled-Web-Securing-Modern-Applicati...

[2] https://www.amazon.com/Silence-Wire-Passive-Reconnaissance-I...

[3] https://en.wikipedia.org/wiki/Micha%C5%82_Zalewski

127001brewer · 2015-01-14 · Original thread
This is also talked about in the book, "Silence on the Wire".

http://www.amazon.com/Silence-Wire-Passive-Reconnaissance-In...

yan · 2014-10-23 · Original thread
Zalewski was the reason I felt unaccomplished in 2005, when I read his "Silence on the wire" and noted he wasn't much older than I am.

His separate guide on CNC is great[1]. He also has a great intro to electronics[2]. His first book is an amazing survey of totally passive attacks[3]. His second book is a comprehensive survey of web application osecurity[4].

[1] http://lcamtuf.coredump.cx/gcnc/

[2] http://lcamtuf.coredump.cx/electronics/

[3] http://www.amazon.com/dp/1593270461

[4] http://www.amazon.com/dp/1593273886/

Fresh book recommendations delivered straight to your inbox every Thursday.