Art of Software Security Assessment, The: Identifying and Preventing Software Vulnerabilities
$9.99
Price: $9.99
(as of Oct 22, 2024 06:30:04 UTC – Details)
The Definitive Insider’s Guide to Auditing Software Security
This is one of the most detailed, sophisticated, and useful guides to software security auditing ever written. The authors are leading security consultants and researchers who have personally uncovered vulnerabilities in applications ranging from sendmail to Microsoft Exchange, Check Point VPN to Internet Explorer. Drawing on their extraordinary experience, they introduce a start-to-finish methodology for “ripping apart” applications to reveal even the most subtle and well-hidden security flaws.
The Art of Software Security Assessment covers the full spectrum of software vulnerabilities in both UNIX/Linux and Windows environments. It demonstrates how to audit security in applications of all sizes and functions, including network and Web software. Moreover, it teaches using extensive examples of real code drawn from past flaws in many of the industry’s highest-profile applications.
Coverage includes
• Code auditing: theory, practice, proven methodologies, and secrets of the trade
• Bridging the gap between secure software design and post-implementation review
• Performing architectural assessment: design review, threat modeling, and operational review
• Identifying vulnerabilities related to memory management, data types, and malformed data
• UNIX/Linux assessment: privileges, files, and processes
• Windows-specific issues, including objects and the filesystem
• Auditing interprocess communication, synchronization, and state
• Evaluating network software: IP stacks, firewalls, and common application protocols
• Auditing Web applications and technologies
ASIN : B004XVIWU2
Publisher : Addison-Wesley Professional; 1st edition (November 20, 2006)
Publication date : November 20, 2006
Language : English
File size : 11743 KB
Simultaneous device usage : Up to 5 simultaneous devices, per publisher limits
Text-to-Speech : Enabled
Screen Reader : Supported
Enhanced typesetting : Enabled
X-Ray : Not Enabled
Word Wise : Not Enabled
Print length : 1824 pages
13 reviews for Art of Software Security Assessment, The: Identifying and Preventing Software Vulnerabilities
Add a review
You must be logged in to post a review.
$9.99
Amazon Customer –
Excellent, the perfect Soft Sec Assessment’s beginner book.
This book is by far the most detailed and example heavy book on the topic I’ve read. The main book is about 1123 pages, but once go get into the meat of the book, there’s examples and diagrams on almost every other page, sometimes even every page. The great thing about this is if you’re impatient, you could skip examples. However, I wouldn’t recommend this because every example goes into some new level of depth, and they often come from real software. The only thing you need to be aware of is you should have moderate understanding of C programming, and basic knowledge of ASM. If you don’t, they do a good job to explain it, but it might be difficult to follow.
John P –
Great book for the right audience
Very interesting text that works through the steps in software vulnerability analysis. Not good for a beginner as it assumes proficiency with programming, but that’s to be expected for the subject matter. Having developed code for in-house use, I haven’t been too concerned with secure coding in the past. This was very interesting reading, IMO. By the way, I ordered it from Amazon directly first. The recent version is broken up into two volumes of about 600 pages each. I received only volume 2 first round and was told my best option was to return it and buy from another seller as they couldn’t ship me just the first volume. Good luck.
Gaggleframpf –
Great book. Bad binding
The book is without a doubt crucial for anyone doing software security audits. The binding was horrible and started falling apart on the bottom 2 inches of both books. I used glue to fix it. But seriously fix your binding. There’s no good reason for bad binding like this coming from a major publisher like AW.
X. Liu –
Great book, but make sure you receive the complete book all 1200 pages. Received only volume 1 of 2.
The book itself is great. However, when I ordered this book on amazon, I only received 1 of 2 volumes. In addition, the cover suggested it was the first volume but the book was actually volume 2. Appears that the publisher messed up when they printed the book leading to overall chaos and confusion.
Zach R –
Buy the paper version
I bought the Kindle version of this so that I could read on-the-go, and I have to say that in some places the formatting makes it hard to follow in the examples. The hard copy is much better, although significantly less portable. I’d recommend the hard copy, given the choice between the two.
Odysseus Simpson –
Incomplete order – only 1 of 2 volumes received
I also only received the 1st volume. I am super disappointed because the book is great but it seems the publisher really messed up on a recent publication.
Carlos Santiviago –
Still one of the best books on the subject
This book is still one of the best books on the subject, and you won’t regret buying it if you work with information security or cares about secure development.
Leo Kool –
seems to be complete
The book this big and the texts are clear. There are good reviews about this book and was recommended in the Blackhat course.
Rick T –
Great
Jack OATMON –
Je ne vais pas commenter le contenu du livre qui est au demeurant une référence dans le contenu pour le public cible, mais cette édition. Le livre a été découpé en 2 volumes par Addison-Wesley, mais il semblerait que certains livres estampillés “Volume 1 of 2” soit en fait… complet.Pour preuve, j’en ai fait la commande, j’ai reçu le “Volume 2 of 2” qui commence à la page 559 (chapitre 10), puis après un retour et une nouvelle commande, j’ai cette fois reçu le “Volume 1 of 2”, qui commence bien par le début et qui contient l’intégralité du contenu (donc environ 1200 pages). Les 2 volumes ont le même ISBN.Le problème a bien été remonté à Amazon. Donc attention !
Sachin –
Great content consolidated together in two volumes.Examples are based on conventional technologies which are easy to relate with. I liked the Threat Modelling section particularly.
Felipe M. Lalli –
Not so objective, too open, wide, slow, big, confuse, repetitive etc, do you know what am I saying? Oh Yes?
Russell Willis –
As I work in the software security industry I took it upon myself to get this book and go through it thoroughly, what an experience. This book will both scare you and reassure you. Scare you with just how insecure software can be and the ramifications of such software. Reassure you that it is indeed possible to build robust and secure software, or more secure software :)If you are in any way linked to the software security industry, i.e. work in it or just have an interest, then I can’t recommend this book highly enough, I could go into details of each chapter, but you’re better getting it and reading it for yourself. Be warned though, it is a mighty tome and requires time and effort, but you will be richly rewarded and much better off for the experience.