Programming Books C Java PHP Python Learn more Browse Programming Books
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

How to Break Software Security Paperback – May 19, 2003

ISBN-13: 978-0321194336 ISBN-10: 0321194330

8 New from $92.62 21 Used from $3.01
Amazon Price New from Used from
Paperback
"Please retry"
$92.62 $3.01
Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student


NO_CONTENT_IN_FEATURE

Shop the new tech.book(store)
New! Introducing the tech.book(store), a hub for Software Developers and Architects, Networking Administrators, TPMs, and other technology professionals to find highly-rated and highly-relevant career resources. Shop books on programming and big data, or read this week's blog posts by authors and thought-leaders in the tech industry. > Shop now

Product Details

  • Paperback: 208 pages
  • Publisher: Addison Wesley (May 19, 2003)
  • Language: English
  • ISBN-10: 0321194330
  • ISBN-13: 978-0321194336
  • Product Dimensions: 9.2 x 7.1 x 0.4 inches
  • Shipping Weight: 10.4 ounces
  • Average Customer Review: 4.1 out of 5 stars  See all reviews (8 customer reviews)
  • Amazon Best Sellers Rank: #208,817 in Books (See Top 100 in Books)

More About the Authors

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

4.1 out of 5 stars
Share your thoughts with other customers

Most Helpful Customer Reviews

18 of 19 people found the following review helpful By Darius Wiles on March 6, 2006
Format: Paperback
The book categorizes software testing for security defects into attacks on software dependencies, user interfaces, design and implementation. The book focuses on 19 attacks (one being "overflow input buffers"), which form the core of the book. Parts 2 and 3 of the book explain when and how to apply each attack and what faults they find. Part 4 takes a more hands-on look at how to perform the testing.

In my opinion, the book is too dependent on the Holodeck 1.3 program provided on the CD. Rather than explaining security testing in a tool agnostic way, the book often simply explains how to use Holodeck to perform an attack. I use Linux and Holodeck is Windows only, so it was useless to me. Reviewer Yvonne Eu said the tool did not work in her test environment. Holodeck is currently maintained by Security Innovation who charge $1495 for a single user license, but they also offer a 30 day evaluation license. If the version on the CD does not work for you, these are your two options. The book is a lot less useful if Holodeck does not work for you, so bear this in mind.

The focus on Holodeck also limits the scope of the book. The use of other types of tools such as web proxies, port scanners and tools to exercise user interfaces is not adequately covered.

Finally, I was disappointed by chapter 6, which looks at security testing three applications: Windows Media Player 9.0, Mozilla 1.2.1 (for Windows), and OpenOffice 1.0.2 (for Linux). This is an ideal opportunity to dive down and show how security testing tools should be applied, common pitfalls, and hands-on techniques for finding security issues. Instead, the chapter only explains how attacks should be planned and goes no deeper.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
12 of 13 people found the following review helpful By Yvonne Eu on October 27, 2005
Format: Paperback
The whole book feels like a promotion for Holodeck tool. Some of the chapters are very straightforward: boot your AUT (Application Under Test) from Holodeck and see what happens. However, the version of the tool supplied with the book isn't supported by anybody and, sure enough, it doesn't work with my AUT. The supported one is above $1K for single user licence...

Though as much as I appreciate the general ideas about blackbox security testing Whittaker is voicing in this book, I feel it's just not enough there for its price. :(
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
7 of 9 people found the following review helpful By Ben Rothke on February 3, 2004
Format: Paperback
`How to Break Software Security' is a most unique book.
There are a lot of security books.
There are a growing number of books about writing secure code.
But `How to Break Software Security' is the first on the topic of testing the software after the programmer has supposedly used secure programming techniques.
The problem is that even if a programmer reads all of the required texts on writing secure code, there are still a number of ways that the application can be broken. The book deals with 19 unique attacks that can be mounted against various software applications.
The book describes attacks that can come from all sides. From attacking the software dependencies, implementation, design, to bogus error messages, fake data sources and more.
Anyone involved with software application security testing should definitely read `How to Break Software Security'.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
7 of 9 people found the following review helpful By AdV on May 30, 2004
Format: Paperback
The software community has been awaiting for a book like this. It's a almost perfect intro to software security concepts. Again, Whittaker keeps it low in pages and words. In my opinion, the way books should be written (except ones purely theoretical).
Once again Whittaker approachs is hands-on examples. Even if some examples don't apply to modern software the idea behind you is to get you thinking. I've applied the techniques in this book with extremely great results.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Customer Images


What Other Items Do Customers Buy After Viewing This Item?