- Paperback: 208 pages
- Publisher: Addison Wesley (May 19, 2003)
- Language: English
- ISBN-10: 0321194330
- ISBN-13: 978-0321194336
- Product Dimensions: 7 x 0.5 x 9.1 inches
- Shipping Weight: 10.4 ounces
- Average Customer Review: 4.1 out of 5 stars See all reviews (8 customer reviews)
- Amazon Best Sellers Rank: #765,032 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your email address or mobile phone number.
How to Break Software Security
Use the Amazon App to scan ISBNs and compare prices.
Customers Who Bought This Item Also Bought
More About the AuthorsDiscover books, learn about writers, read author blogs, and more.
Top Customer Reviews
In my opinion, the book is too dependent on the Holodeck 1.3 program provided on the CD. Rather than explaining security testing in a tool agnostic way, the book often simply explains how to use Holodeck to perform an attack. I use Linux and Holodeck is Windows only, so it was useless to me. Reviewer Yvonne Eu said the tool did not work in her test environment. Holodeck is currently maintained by Security Innovation who charge $1495 for a single user license, but they also offer a 30 day evaluation license. If the version on the CD does not work for you, these are your two options. The book is a lot less useful if Holodeck does not work for you, so bear this in mind.
The focus on Holodeck also limits the scope of the book. The use of other types of tools such as web proxies, port scanners and tools to exercise user interfaces is not adequately covered.
Finally, I was disappointed by chapter 6, which looks at security testing three applications: Windows Media Player 9.0, Mozilla 1.2.1 (for Windows), and OpenOffice 1.0.2 (for Linux). This is an ideal opportunity to dive down and show how security testing tools should be applied, common pitfalls, and hands-on techniques for finding security issues. Instead, the chapter only explains how attacks should be planned and goes no deeper.Read more ›
Though as much as I appreciate the general ideas about blackbox security testing Whittaker is voicing in this book, I feel it's just not enough there for its price. :(
There are a lot of security books.
There are a growing number of books about writing secure code.
But `How to Break Software Security' is the first on the topic of testing the software after the programmer has supposedly used secure programming techniques.
The problem is that even if a programmer reads all of the required texts on writing secure code, there are still a number of ways that the application can be broken. The book deals with 19 unique attacks that can be mounted against various software applications.
The book describes attacks that can come from all sides. From attacking the software dependencies, implementation, design, to bogus error messages, fake data sources and more.
Anyone involved with software application security testing should definitely read `How to Break Software Security'.
Once again Whittaker approachs is hands-on examples. Even if some examples don't apply to modern software the idea behind you is to get you thinking. I've applied the techniques in this book with extremely great results.
Most Recent Customer Reviews
this review process is far to cumbersum for me to care about making a good review so i hope the stars do it for you.Published on January 9, 2013 by Chris Blockston
This book is geared toward testers and how to properly test your software, but it should be required reading for software developers as they are usually the worst testers out... Read morePublished on July 3, 2012 by mschu
How to Break Software Security is a good book. Handy. It is a little more than entry level on the topic and not much more than that, but at the same time if enough developers... Read morePublished on October 24, 2008 by Amazon Customer