Friday, November 30, 2012

"Violent Python" Review

The amount of effort that goes into writing any book is substantial, but the amount of effort that goes into a great book is mind-boggling. "Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers, and Security Engineers" by TJ O'Connor is a great book.  Despite the "cookbook" title, this book is well-organized and can be read cover-to-cover. If you are a security professional, you have already or will use the methods mentioned in the book.

The first chapter dives right into the basics of scripting and the Python scripting language which is probably the slowest part of the entire book. I imagine that the majority of readers will be comfortable with skipping the whole first chapter - but don't. The magic of the book is in how TJ preps most of the scripts and functions with a story which adds context to the effort of writing the script. I don't think I have ever seen that before and it's awesome. It almost prevents you from treating the book as a "cookbook" and only looking for "recipes" that are relevant to you.  Instead, you have a scenario where that method or function was important.  The reader is never left wondering "who would ever use that?"  I hope more authors follow the model created by this book. 

I don't have any major complaints about the content of the book, but there should probably be more discussion about the short-comings of relying on external libraries.  Modules and libraries make Python fast, flexible and powerful for most security professionals. However, penetration testers may find themselves on a remote box with Python already installed.  In that common scenario, its important to be able to accomplish similar tasks without having to download any external code.

There are two things that I hope the author and publisher do to further improve the book (and any other future books).  First, I would love to this book implement syntax highlighting.  I know color print would be more expensive, so maybe release a special edition. I would gladly pay more money to see code in color! The second thing I am anxious for is the ebook release. It's a new book, so I am sure it won't be long - but color should be an easy edition to kindle edition and I will always have access to the book that way.

Overall, it's my favorite book of the year and I will certainly be referencing it in the future.  It will be added to the recommended books page shortly and I really hope you pick up a copy and see how Python can make your life easier.