Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your email address or mobile phone number.

How to Break Software Security

4.1 out of 5 stars 8 customer reviews
ISBN-13: 978-0321194336
ISBN-10: 0321194330
Why is ISBN important?
ISBN
This bar-code number lets you verify that you're getting exactly the right version or edition of a book. The 13-digit and 10-digit formats both work.
Scan an ISBN with your phone
Use the Amazon App to scan ISBNs and compare prices.
Have one to sell? Sell on Amazon
More Buying Choices
17 New from $29.42 27 Used from $0.49
Free Two-Day Shipping for College Students with Amazon Student Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student


Save Up to 90% on Textbooks Textbooks
NO_CONTENT_IN_FEATURE



Product Details

  • Paperback: 208 pages
  • Publisher: Addison Wesley (May 19, 2003)
  • Language: English
  • ISBN-10: 0321194330
  • ISBN-13: 978-0321194336
  • Product Dimensions: 7 x 0.5 x 9.1 inches
  • Shipping Weight: 10.4 ounces
  • Average Customer Review: 4.1 out of 5 stars  See all reviews (8 customer reviews)
  • Amazon Best Sellers Rank: #765,032 in Books (See Top 100 in Books)

More About the Authors

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Top Customer Reviews

Format: Paperback
The book categorizes software testing for security defects into attacks on software dependencies, user interfaces, design and implementation. The book focuses on 19 attacks (one being "overflow input buffers"), which form the core of the book. Parts 2 and 3 of the book explain when and how to apply each attack and what faults they find. Part 4 takes a more hands-on look at how to perform the testing.

In my opinion, the book is too dependent on the Holodeck 1.3 program provided on the CD. Rather than explaining security testing in a tool agnostic way, the book often simply explains how to use Holodeck to perform an attack. I use Linux and Holodeck is Windows only, so it was useless to me. Reviewer Yvonne Eu said the tool did not work in her test environment. Holodeck is currently maintained by Security Innovation who charge $1495 for a single user license, but they also offer a 30 day evaluation license. If the version on the CD does not work for you, these are your two options. The book is a lot less useful if Holodeck does not work for you, so bear this in mind.

The focus on Holodeck also limits the scope of the book. The use of other types of tools such as web proxies, port scanners and tools to exercise user interfaces is not adequately covered.

Finally, I was disappointed by chapter 6, which looks at security testing three applications: Windows Media Player 9.0, Mozilla 1.2.1 (for Windows), and OpenOffice 1.0.2 (for Linux). This is an ideal opportunity to dive down and show how security testing tools should be applied, common pitfalls, and hands-on techniques for finding security issues. Instead, the chapter only explains how attacks should be planned and goes no deeper.
Read more ›
Comment 19 of 20 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
The whole book feels like a promotion for Holodeck tool. Some of the chapters are very straightforward: boot your AUT (Application Under Test) from Holodeck and see what happens. However, the version of the tool supplied with the book isn't supported by anybody and, sure enough, it doesn't work with my AUT. The supported one is above $1K for single user licence...

Though as much as I appreciate the general ideas about blackbox security testing Whittaker is voicing in this book, I feel it's just not enough there for its price. :(
Comment 12 of 13 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
`How to Break Software Security' is a most unique book.
There are a lot of security books.
There are a growing number of books about writing secure code.
But `How to Break Software Security' is the first on the topic of testing the software after the programmer has supposedly used secure programming techniques.
The problem is that even if a programmer reads all of the required texts on writing secure code, there are still a number of ways that the application can be broken. The book deals with 19 unique attacks that can be mounted against various software applications.
The book describes attacks that can come from all sides. From attacking the software dependencies, implementation, design, to bogus error messages, fake data sources and more.
Anyone involved with software application security testing should definitely read `How to Break Software Security'.
Comment 7 of 9 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
The software community has been awaiting for a book like this. It's a almost perfect intro to software security concepts. Again, Whittaker keeps it low in pages and words. In my opinion, the way books should be written (except ones purely theoretical).
Once again Whittaker approachs is hands-on examples. Even if some examples don't apply to modern software the idea behind you is to get you thinking. I've applied the techniques in this book with extremely great results.
Comment 7 of 9 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse