| Welcome to vBulletin FAQ |
vBulletin FAQ Navigation
Getting Started
Customizing your vBulletin
Search Engines & SEO
Making Money with a Forum
Promoting your Community
|
| Get your own vBulletin Today |
|
| Webmaster Help |
|
|
|
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
vBulletin Book Store > vBulletin books beginning with A
|
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities |
Author: Mark Dowd
Published: 2006-11-30 |
List price: $54.99
Our price: $45.13
|
Usually ships in 24 hours
As of: December 02nd, 2008 04:00:19 AM
|
|
|
Customer comments on this selection.
 Bible? Rather hell without redemption!
This book was like a blow to the head for me. I'm not a security person, I'm not coveting ever more arcane vulnerabilities. Rather, I'm the poor guy at the other end of things: I'm a programmer. It's my job to avoid all the known and imaginable vulnerabilities while at the same time providing some useful functionality to my customers.
br /
br /You bet I wouldn't like some self-styled security "researcher" tear apart my poor little programs and expose all their failings. What's troubling me, after reading this book, is that it looks very much like I hardly stand a chance. Security would be hard with the best of tools, unfortunately, at least when it comes to systems programming, the tools -- C, low-level APIs -- are dubious at best and introduce lots and lots of problems of their own. These tools hail from a happier time long ago when we were still trusting trust. I was overcome by a mixture of horror and chagrin when I saw proof in this book that not even the people writing sensitive security software (such as OpenSSH) wield these tools artfully enough to avoid vulnerabilities.
br /
br /And this is where I come to the only beef I have with an otherwise comprehensive book. It's like a field guide to dangerous beasts that teaches you to recognize sabre-toothed tigers, but doesn't tell you how to get rid of them. Contrary to what the subtitle promises about preventing software vulnerabilities, there is just too little about it. This is a considerable shortcoming, in my view, as a lot of the demonstrated vulnerabilities don't have trivial remedies even after they are exposed.
br /
br /Wrapping up, I feel left alone in the twilight and I think I saw a tiger over there.
 The Best Book on Software Security, Bar None
This book is absolutely amazing. The amount of detail they go into for so many subjects -- it's incredible. I particularly enjoyed the section on network protocols. I recommend this to any software engineer -- not just those in security specific positions.
br /
br /Great job, and I hope to enjoy more material from these wonderful authors!
Great book
A must have. Being a security researcher for almost ten years now, and already a CISSP holder, there are times you believe you have seen most of the things, and you know the best of them. This book opens a new way of thinking, it's detailed and accurate and goes in depth on every subject.
br /
br /A real must have.
br /
br /Nicolas Krassas, CISSP
Good book
This is a very comprehensive, and well-organized security assessment book for Software engineers. Yes, it has everything - all done well. If you are into security assessment and testing and live by it every day, you are still bound to learn a lot, to re-evaluate the things you know, and to genuinely improve your results. If you are a software engineer, it *will* help you build superior applications. If you are just an security enthusiast, you will genuinely enjoy the time spent with this book, and you will find this brick handy more often than previously imagined.
This is the bible
This book is The Bible for anyone in the security vulnerability research or security software engineering field. I haven't bought a book and studied it so much before ever. This is one book that will never be off my desk.
|
|
Our vBulletin book picks:
|
|
Find more vBulletin related products of interest.
|
