Dailydave mailing list archives
Re: The Art of Software Security Assessment
From: Chris Wysopal <weld () vulnwatch org>
Date: Thu, 2 Nov 2006 15:33:18 -0500 (EST)
I am looking forward to reading Mark Dowd et al's book. There is no doubt that these guys are code auditing experts that we can all learn from. There is another soon to be released book from Addison-Wesley Professional that may interest readers here. It is "The Art of Software Security Testing", authored by Lucas Nelson, Dino Dai Zovi, Elfriede Dustin and me. The book was spawned out of our product security testing experience at major software vendors (who don't want to be named). I was frustrated with the fact that many quality assurance teams with expertise in unit testing, test harnesses, and automation tools still were not doing basic security testing like fuzzing. They have so much knowledge and technology at their disposal. By redirecting their tools and techniques towards an attacker's perspective, thinking threats not functionality, and tying it together with threat modeling they have a fighting chance of shipping a secure product. The main audience of the book is software developers and testers, but security consultants, especially those that need to work with software teams, will benefit from it. There are even some techniques vulnerability researchers will appreciate. Some links to the book description: http://www.awprofessional.com/bookstore/product.asp?isbn=0321304861&rl=1 http://www.amazon.com/gp/product/0321304861/ We don't have a sample chapter up at this time but we are hoping to have one up soon. The table of contents is available at the AW site. The book will be available Nov. 27th. Cheers, Chris _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- The Art of Software Security Assessment Mark Dowd (Nov 02)
- Re: The Art of Software Security Assessment Chris Wysopal (Nov 03)