The Art of Software Security Assessment (book release)

[mark.dowd at gmail.com (Mark Dowd)]

Hi,

Justin Schuh, John McDonald and I recently finished a book on software
security assessment. The three of us have put quite a bit of time and effort
into this project; essentially, it's a 1200 page book about how to audit
code to find vulnerabilities, based on our own experience. We present
high-level strategies for performing design and implementation reviews, but
the bulk of the content is dedicated to the technical details of
vulnerabilities and how they appear in real-world applications.

We've attempted to structure this book so it will prove useful for a variety
of audiences: developers assessing their own work (or the work of their
peers), consultants performing professional application security reviews, or
researchers looking to find the showstoppers that will appear in next
month's Patch Tuesday.

Here are some links:
http://www.amazon.com/gp/product/0321444426/
http://www.awprofessional.com/bookstore/product.asp?isbn=0321444426&rl=1

There's a sample chapter on the AW site that will give you a feel for what
the rest of the book is like. It's our chapter on C language issues, and it
has lots of examples of integer overflows and type conversion flaws, as well
as some fun C puzzles. The book will be hitting stores within the next few
days. Any thoughts/comments would be appreciated.

Enjoy!

Mark Dowd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://krvw.com/pipermail/sc-l/attachments/20061117/9590bcac/attachment.html