Enough about software security already!

["Gary McGraw" <gem () cigital com>]

How about breaking software?  Greg Hoglund and I recently released
"Exploiting Software: How to Break Code" (Addison-Wesley 2004).  In it,
you will find examples of real attacks, attack patterns, and hard core
techniques.  Chapters are included on rootkits, disassembly, and
advanced buffer overflows (I know, I know, sorry about that last piece).

Every software security person MUST know how real attacks work. Find
out.

First review:
http://www.ieee-security.org/Cipher/BookReviews/2004/Hoglund_by_bruen.html

Amazon has it.

gem

p.s. now where did I put that asbestos suit?

Gary McGraw, Ph.D.
CTO, Cigital
http://www.cigital.com

----------------------------------------------------------------------------
This electronic message transmission contains information that may be
confidential or privileged.  The information contained herein is intended
solely for the recipient and use by any other party is not authorized.  If
you are not the intended recipient (or otherwise authorized to receive this
message by the intended recipient), any disclosure, copying, distribution or
use of the contents of the information is prohibited.  If you have received
this electronic message transmission in error, please contact the sender by
reply email and delete all copies of this message.  Cigital, Inc. accepts no
responsibility for any loss or damage resulting directly or indirectly from
the use of this email or its contents.
Thank You.
----------------------------------------------------------------------------