The Art of Software Security Assessment 1st (first) edition Text Only

by Mark Dowd

The definitive insider's guide to auditing software security is penned by leading security consultants who have personally uncovered vulnerabilities in applications ranging from "sendmail" to Microsoft Exchange, Check Point VPN to Internet Explorer. Drawing on their extraordinary experience, they introduce a start-to-finish methodology for "ripping apart" applications to reveal even the most subtle and well-hidden security flaws.

Genres: Computer Science, Programming, Technology, Technical, Hackers, Nonfiction, Software

Unknown Binding

First published November 30, 2006

Reviews

[Vasil Kolev · Rating 5 out of 5]

It's somewhat like a horror story, except that instead of looking for monsters under the bed, every 20-30 pages you leave the book and go look for something in your code.

The book is a comprehensive reference for most of the issues and techniques needed to do security audits of source code. It's probably the best (and I think only) introductory and complete text you can find, is well written and systematical. The last chapter seems rushed, and I think there's more to be said about some of the web problems (notably it seems to be missing cross-site request forging), but the rest of the book was very good, especially the chapter on C.

[Justy · Rating 5 out of 5]

Great higher-level overview of application security and while it cannot get into all of the nitty-gritty, it gives enough that the reader would be able to identify and know how to seek out more detailed information on specific vulnerabilities.

This book is more focused on application security rather than network. You should definitely have a programming background but it's not a difficult read, moves at a nice pace and ramps well. I read the entire book in a couple of months and while it is 10 years old, it is general enough that I keep it as a reference.

[Freddie Barr-Smith · Rating 5 out of 5]

Recommended by one of my heroes, Natalie Silvanovich - https://googleprojectzero.blogspot.co..., this book is a real goldmine.

[Rob]

Re-reading

[Jason Copenhaver · Rating 4 out of 5]

A comprehensive discussion of Software Security Assessment. While there are new things it doesn't cover the fundamentals are all there. The suggested tracks are a big help as well if you don't want to try and tackle the whole book at once.

[Long Nguyen · Rating 5 out of 5]

there are many different techniques & strategies to write good codes, to test codes, or to review other people code. the book explains concepts & definitions very clear & easy to understand. it's definitely help me a lot.

[Zzzz Zzzz · Rating 4 out of 5]

A must-read for anyone involved in software security.

[Tom · Rating 5 out of 5]

One of the best security books out there.

[Tyler · Rating 5 out of 5]

Seems to be great! Moving over to reference material.

[Jay · Rating 5 out of 5]

This book is amazing. Between the abstract concepts and the comprehensive code examples, whether you're a developer or security professional, you must read this book.

[Nguyên Illuminate]

i think this book is good

[Rex · Rating 5 out of 5]

This is a great book about security assurance and worth reading over and over again.