Customer Reviews

The Software Vulnerability Guide (Programming Series) (Charles River Media Programming)

5 star:		(6)
4 star:		(0)
3 star:		(0)
2 star:		(0)
1 star:		(0)

 

 

I've maybe read three or four books on the subject of software security and this is the best so far. Very concise and well organized and covers just about every facet of software vulnerabilities that I've ever heard of. Very helpful too because at the end of each chapter it gives detailed advice on how to avoid the vulnerability that they discussed. Also, the CD comes with some nice tools and source code. I definitely learned a lot from this book and highly recommend it to both web application and desktop application developers.

If you consider yourself a solid developer but know you probably don't give the security of your software/databases as much attention as you should, then you need to get your hands on The Software Vulnerability Guide.

Unlike a lot of other security books, this one isn't full of a bunch of vagure generalities. It gives you solid details on some of the most common (and perhaps some less common) holes that exist in the software you just released. The information contained in each useful chapter is easily digestable by beginners.

Buy the book and spare yourself the embarrassment from some twenty something who stole some script off the web and deleted all the data in your intranet application.
[...]

Unsecure software is always poorly written/low quality software. This book will help you identify problems and provide the insight necessary to write higher quality code.

Every month, hundreds of security vulnerabilities and warnings are announced. Although they cover a wide set of products and programs, the underlying reason for them is generally the same: insecurely written software. When software is written in insecure code (which includes most software programs written today), serious security flaws are inevitable.

The Software Vulnerability Guide was written to help software developers acquire the methods necessary to write secure code and find existing problems in current software. After making a persuasive case for secure code in part one, the book progresses into the areas that are crucial to writing secure software.

Part two of the book covers system-level attacks and details important topics such as passwords, scripts and macros, and dynamic linking and loading (DLL). Part three plunges into attacks on the software, exploring heady concepts such as buffer overflows, format-string vulnerabilities, and integer overflow vulnerabilities. Most of these attacks have been known for decades but are only receiving wide-scale attention now.

Further chapters delve into securing data and Web servers. For each of the vulnerabilities mentioned, the authors describe how they occur and how to prevent them.

An enclosed CD-ROM contains software examples described in the text, plus various open-source security software testing tools, including Ethereal, Nessus, and Nmap. Any business serious about writing secure software should ensure that all of its code writers receive a copy of this book

Herbert H. Thompson and Scott G. Chase's Software Vulnerability Guide comes from a security director and a security architect, drawing upon their combined expertise to consider techniques developers need to use to produce secure code in modern software. Developers and testers receive both tools and assessments of tools designed to help recognize and prevent common vulnerabilties in source code. Commentary and code examples pack a guide which includes a CD-ROM with source code and many tools described within.

This book has quite good coverage of topics and simple to follow.
References and follow-up/conclusion were useful.