Internet Cross Logo
Internet Cross your one stop web tutorial website
Your Ad Here
Search Internet Cross Shop:

The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

List Price: $54.99
Our Price: $36.56
Your Save:$ 18.43 ( 34% )
Availability: Usually ships in 24 hours
Manufacturer: Addison-Wesley Professional Average Customer Rating: Average rating of 5.0/5Average rating of 5.0/5Average rating of 5.0/5Average rating of 5.0/5Average rating of 5.0/5

Buy it now at Amazon.com!

Back to previous page




The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

Binding: Paperback
Dewey Decimal Number: 005.8
EAN: 9780321444424
ISBN: 0321444426
Label: Addison-Wesley Professional
Manufacturer: Addison-Wesley Professional
Number Of Items: 1
Number Of Pages: 1200
Publication Date: 2006-11-30
Publisher: Addison-Wesley Professional
Studio: Addison-Wesley Professional
Related Items
Spotlight customer reviews:
Customer Rating: Average rating of 5/5Average rating of 5/5Average rating of 5/5Average rating of 5/5Average rating of 5/5
Summary: The Best Book on Software Security, Bar None
Comment: This book is absolutely amazing. The amount of detail they go into for so many subjects -- it's incredible. I particularly enjoyed the section on network protocols. I recommend this to any software engineer -- not just those in security specific positions.

Great job, and I hope to enjoy more material from these wonderful authors!
Customer Rating: Average rating of 5/5Average rating of 5/5Average rating of 5/5Average rating of 5/5Average rating of 5/5
Summary: Great book
Comment: A must have. Being a security researcher for almost ten years now, and already a CISSP holder, there are times you believe you have seen most of the things, and you know the best of them. This book opens a new way of thinking, it's detailed and accurate and goes in depth on every subject.

A real must have.

Nicolas Krassas, CISSP
Customer Rating: Average rating of 5/5Average rating of 5/5Average rating of 5/5Average rating of 5/5Average rating of 5/5
Summary: Good book
Comment: This is a very comprehensive, and well-organized security assessment book for Software engineers. Yes, it has everything - all done well. If you are into security assessment and testing and live by it every day, you are still bound to learn a lot, to re-evaluate the things you know, and to genuinely improve your results. If you are a software engineer, it *will* help you build superior applications. If you are just an security enthusiast, you will genuinely enjoy the time spent with this book, and you will find this brick handy more often than previously imagined.
Customer Rating: Average rating of 5/5Average rating of 5/5Average rating of 5/5Average rating of 5/5Average rating of 5/5
Summary: This is the bible
Comment: This book is The Bible for anyone in the security vulnerability research or security software engineering field. I haven't bought a book and studied it so much before ever. This is one book that will never be off my desk.
Customer Rating: Average rating of 5/5Average rating of 5/5Average rating of 5/5Average rating of 5/5Average rating of 5/5
Summary: Excellent, as expected.
Comment: The authors of this book are some of the most respected in vulnerability research and theory, and have found many bugs that were years ahead of their time. As expected, they deliver on their prior reputation in this great and incredibly expansive book of knowledge and insight.

If you're tired of reading high-level theoretical books about "building security in" written by people who have no clue what a bug is or how to prevent them, this book is the ideal alternative.

For a hobbyist, it will guide you through practical methodologies about how bug hunting is done and teach you to think like a great vulnerability researcher.

For a developer, it will open your eyes to security oversights in most of the pieces of code you have ever written. Read hard, these bug classes affect the products you are shipping today.

For the security professional, this likely goes not only broader but deeper on lots of issues than you have ever looked, and far beyond any book I've seen. It can be used as page to page read, or a great reference. I personally use it all the time, and have definitely learnt from it. Great job guys!

P.S. Try and spot the 0day.
  
Editorial Reviews:

“There are a number of secure programming books on the market, but none that go as deep as this one. The depth and detail exceeds all books that I know about by an order of magnitude.”

Halvar Flake, CEO and head of research, SABRE Security GmbH

 

The Definitive Insider’s Guide to Auditing Software Security

 

This is one of the most detailed, sophisticated, and useful guides to software security auditing ever written. The authors are leading security consultants and researchers who have personally uncovered vulnerabilities in applications ranging from sendmail to Microsoft Exchange, Check Point VPN to Internet Explorer. Drawing on their extraordinary experience, they introduce a start-to-finish methodology for “ripping apart” applications to reveal even the most subtle and well-hidden security flaws.

 

The Art of Software Security Assessment covers the full spectrum of software vulnerabilities in both UNIX/Linux and Windows environments. It demonstrates how to audit security in applications of all sizes and functions, including network and Web software. Moreover, it teaches using extensive examples of real code drawn from past flaws in many of the industry's highest-profile applications.

 

Coverage includes

 

• Code auditing: theory, practice, proven methodologies, and secrets of the trade

• Bridging the gap between secure software design and post-implementation review

• Performing architectural assessment: design review, threat modeling, and operational review

• Identifying vulnerabilities related to memory management, data types, and malformed data

• UNIX/Linux assessment: privileges, files, and processes

• Windows-specific issues, including objects and the filesystem

• Auditing interprocess communication, synchronization, and state

• Evaluating network software: IP stacks, firewalls, and common application protocols

• Auditing Web applications and technologies

 

This book is an unprecedented resource for everyone who must deliver secure software or assure the safety of existing software: consultants, security specialists, developers, QA staff, testers, and administrators alike.

 

Contents

ABOUT THE AUTHORS     xv

PREFACE     xvii

ACKNOWLEDGMENTS    xxi

I Introduction to Software Security Assessment

1 SOFTWARE VULNERABILITY FUNDAMENTALS    3

2 DESIGN REVIEW     25

3 OPERATIONAL REVIEW    67

4 APPLICATION REVIEW PROCESS    91

II Software Vulnerabilities

5 MEMORY CORRUPTION    167

6 C LANGUAGE ISSUES     203

7 PROGRAM BUILDING BLOCKS     297

8 STRINGS ANDMETACHARACTERS    387

9 UNIX I: PRIVILEGES AND FILES     459

10 UNIX II: PROCESSES     559

11 WINDOWS I: OBJECTS AND THE FILE SYSTEM     625

12 WINDOWS II: INTERPROCESS COMMUNICATION     685

13 SYNCHRONIZATION AND STATE    755

III Software Vulnerabilities in Practice

14 NETWORK PROTOCOLS    829

15 FIREWALLS    891

16 NETWORK APPLICATION PROTOCOLS    921

17 WEB APPLICATIONS    1007

18 WEB TECHNOLOGIES     1083

BIBLIOGRAPHY     1125

INDEX     1129
Buy it now at Amazon.com!