Changelog

I want to “release early - release often”. For this reason I will add a changelog to make it simpler for you to find the new sections.

Aug 2025

• RSS feed space started
• AV behaviour based classification extended
• Principles extended
• Anti Virus sharing samples extended
• Google dork extended
• Browser security extended
• Cryptographic algorithms extended
• Passwords extended
• Threat modelling extended
• TLS extended
• Secret scanning extended

April 2023

• ZAP updated
• Passwords updated
• Vulnerabilities updated
• Python updated
• Git hardening updated

December 2022

• Added Secret Scanning
• Improved ZAP
• Improved Git hardening

November 2022

• Updating my Author-page
• Update in Vulnerabilities
• Updated Git hardening chapter
• Adding ZAP

July 2022

• Small extensions to video.txt, testing_compiling.txt, presentations.txt
• Extended external references
• Text cleanup based on vale
• Improved behaviour classification
• Added CAPEv2 chapter

October 2021

• Fixed safari links (now learning.oreilly)
• Cleaned up and extended glossary

June 2021

New:

Big additions:

• Added Nmap chapter

Small additions:

• Extended Glossary
• Behaviour based classification
• Kill chain
• Passwords
• Vulnerabilities

April 2021

• Extended glossary
• Extended “design”
• Extended python %% TODO: Fix the whole book thing

February 2021

• Extended glossary
• Updated python chapter

October 2020

• Extended Behaviour based classification
• Added Antivirus detection chapter
• Extended glossary
• Extended Kill chain
• Extended External References
• Extended SSH

August 2020

• Extended External References

May 2020

• Extended Glossary
• Extending Git hardening (turning it into CI/CD + Security)
• Replacing whitelist/blacklist with approved list and block list

April 2020

• Reworked layout. Removed headers from chapters
• Extended Glossary
• Extended Glossary

March 2020

• Extended passwords
• Extended external references
• Extended fuzzing
• Extended Glossary

February 2020

• Glossary extended

January 2020

• Extended external references
• Extended glossary
• Programming/compiling: visual studio added
• Testing-compiling extended
• Decission: I will remove the target audience from all chapters. Also the author as long as it is just me. 3rd party authors will get the credits.

December 2019

• Thug chapter extended
• TLS chapter extended

November

• Spelling and quality improvements
• fixed ../../images/tls_simple.png
• Adding Recon-NG
• Small fuzzing upgrade
• Upgrade in vulnerabilities
• The part planning got a proper review.

August/September/October 2019

• Improved mitmproxy
• Improved browser
• Added kill chain
• Added the practical parts to thug
• Extended glossary

July 2019

• Extended Glossary
• Updated Thug
• Extended Browser
• Extended security process
• Added mitmproxy
• Extended “Threat modelling” with MITRE attack

June 2019

• Chapter for thug added - a honey client to investigate malicious web pages

May 2019

• Some cleanup
• Extended “security process”
• Added python security

April 2019

• Added “Threat modelling”
• Extended Glossary
• Added “git hardening”
• Added “JavaScript security”

March 2019

• Extending testing compiled binaries
• Most readers read PDF ⇒ Focus on PDF layout now.
• Old PDF setting: A5 (14.8cm x 21.0cm ) to get a book style size
• New PDF setting: A4 (21.0cm x 29.7cm) for more table space and better screen readability
• Tables set from default to wide
• extended content
• extended glossary
• extended browser
• extended security_process
• Full quality check for “background” section
• Added Censorship

February 2019

• Cleaning up the author page. Adding Mastodon and Twitter
• Extended Attacker’s goals
• Extended know your enemies
• Small extensions to principles
• Extending TLS
• Extending browser
• Starting vulnerabilities
• Starting security process

January 2019

• Added Software design checklist (initial version)
• Added Google Dorks
• Added Glossary
• Added part Appendix
• Added basic beef chapter
• Added basic burp suite chapter
• Added IOC sources chapter
• Extended TLS
• Updated content
• Intro for background added
• Intro for planning added
• Intro to programming added
• Intro to testing added
• Updated samples
• Intro for tools
• Reworking first chapters: re-write, remove or move to the end of parts. Reason: I want to get people to encounter the core book faster.
  • Structure: removed unnecessary things
  • The origin (moved to the author)
  • stages of learning moved to part “psychology toolbox” (which is not active yet)
  • random encounter removed
• More glossary entries

December 2018

• Enhanced book list of defensive programming
• SSH chapter added
• Added Code Coverage chapter
• Improved Fuzzing chapter
• Added Vagrant to compiling chapter
• Extended CppCheck
• Small things in:
  • Antivirus sharing samples
  • clang

November 2018

• Enhanced defensive programming
• Added design
• Enhanced “attacker’s goals”
• Enhanced passwords
• Enhanced clang
• Cleaning up the book, adding parts
  • Chapters got moved around
• Enhanced This book
• Enhanced The author
• Enhanced structure
• Clean up crypto algorithm tables
• Enhanced antivirus testing
• Added antivirus testing to the sample
• unhooked external references
• Kehrwoche: Aspell for all text parts in “sample”

October 2018

• Added crypto algorithms
• Re-worked Asserts
  • It got an own chapter
  • Python added
  • JavaScript added
• Extended principles
• Added testing chapter. Especially for unit testing and bug bounties (basics)
• TLS got a diagram and minor improvements
• Clang chapter added
• Added crypto algorithms to Sample

September 2018

• CAN bus hacking
• Bluetooth LE (BLE)
• Added code analysis tools requirements table for an overview
• URLs now in footnotes
• Content chapter added
• Chapter Antivirus Behaviour classification added
• added code analysis tools requirements to Sample

August 2018

This is the holiday release: Focus is on improving text quality of existing chapters.

• Extended “Principles”
• Added new chapter “browser security” (not finished yet)
• Added new chapter “IoT security” (not finished yet)
• Quality improvements in
  • defensive programming
  • know your enemies
  • principles
  • structure
  • this book

July 2018

• Added attacker’s goals
• Added antivirus-tests
• Added antivirus-integration
• Changed PDF to A5 for a typical book-size PDF
• Added basic fuzzing chapter
• Extended “Defensive programming”
• Extended “principles”
• Extended “TLS chapter”
• Extended “External references”
• Added antivirus-sharing-samples
• Added antivirus virustotal
• Added Cppcheck chapter
• Added Testing compiling chapter
• Added kill chain chapter to offense

June 2018

• Added TLS chapter
• Extended principles
• Added passwords
• Added basic compiling
• Improved external references
• Extended update
• Added flawfinder chapter

May 2018, initial release

• Added principles chapter
• Added updates chapter
• Added Know your enemies chapter
• Added UX chapter
• Added structure chapter
• Added external references chapter
• Added “The Author” chapter
• Added “This book” chapter
• Added “Defensive programming chapter” for default defensive programming