Dailydave mailing list archives
The Art of Software Security Assessment
From: "Mark Dowd" <mark.dowd () gmail com>
Date: Thu, 2 Nov 2006 14:53:14 +1100
Hi, Justin Schuh, John McDonald and I recently finished a book on software security assessment. The three of us have put quite a bit of time and effort into this project; essentially, it's a 1200 page book about how to audit code to find vulnerabilities, based on our own experience. We present high-level strategies for performing design and implementation reviews, but the bulk of the content is dedicated to the technical details of vulnerabilities and how they appear in real-world applications. We've attempted to structure this book so it will prove useful for a variety of audiences: developers assessing their own work (or the work of their peers), consultants performing professional application security reviews, or researchers looking to find the showstoppers that will appear in next month's Patch Tuesday, bringing them one step closer to achieving the coveted ZDI silver status. ;) Here are some links: http://www.amazon.com/gp/product/0321444426/ http://www.awprofessional.com/bookstore/product.asp?isbn=0321444426&rl=1 There's a sample chapter on the AW site that will give you a feel for what the rest of the book is like. It's our chapter on C language issues, and it has lots of examples of integer overflows and type conversion flaws, as well as some fun C puzzles. The book will be hitting stores on November 10th. Any thoughts/comments would be appreciated, unless they're from Anthony Osborne. No one likes a show-off, Anthony. Enjoy! Mark Dowd* *
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- The Art of Software Security Assessment Mark Dowd (Nov 02)
- Re: The Art of Software Security Assessment Chris Wysopal (Nov 03)