or
Sign in to turn on 1-Click ordering.
Express Checkout with PayPhrase
What's this? | Create PayPhrase
More Buying Choices
42 used & new from $3.18
Have one to sell? Sell yours here
How to Break Software Security
 
See larger image 
Share your own customer images
Publisher: learn how customers can search inside this book.
Tell the Publisher!
I’d like to read this book on Kindle

Don’t have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

How to Break Software Security [Paperback]

James A. Whittaker (Author), Herbert H. Thompson (Author)
4.0 out of 5 stars  See all reviews (7 customer reviews)
List Price: $46.40
Price: $36.19 & this item ships for FREE with Super Saver Shipping. Details
You Save: $10.21 (22%)
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
In Stock.
Ships from and sold by Amazon.com. Gift-wrap available.
Want it delivered Monday, September 13? Choose One-Day Shipping at checkout. Details
19 new from $27.95 23 used from $3.18
Textbook StudentJoin Amazon Student and get FREE Two-Day Shipping for one year with Amazon Prime shipping benefits.

Frequently Bought Together

How to Break Software Security + How to Break Software: A Practical Guide to Testing W/CD + How to Break Web Software: Functional and Security Testing of Web Applications and Web Services. Book & CD
Price For All Three: $99.02

Show availability and shipping details

Buy the selected items together

Customers Who Bought This Item Also Bought

How to Break Software: A Practical Guide to Testing W/CD

How to Break Software: A Practical Guide to Testing W/CD

by James A. Whittaker
3.9 out of 5 stars (20)  $27.84
How to Break Web Software: Functional and Security Testing of Web Applications and Web Services. Book & CD

How to Break Web Software: Functional and Security Testing of Web Applications and Web Services. Book & CD

by Mike Andrews
4.4 out of 5 stars (12)  $34.99
Lessons Learned in Software Testing

Lessons Learned in Software Testing

by Cem Kaner
4.5 out of 5 stars (40)  $26.39
Exploratory Software Testing: Tips, Tricks, Tours, and Techniques to Guide Test Design

Exploratory Software Testing: Tips, Tricks, Tours, and Techniques to Guide Test Design

by James A. Whittaker
4.0 out of 5 stars (4)  $31.19
Testing Computer Software, 2nd Edition

Testing Computer Software, 2nd Edition

by Cem Kaner
4.2 out of 5 stars (44)  $61.04
Explore similar items

Editorial Reviews

Product Description

How to Break Software Security describes the general problem of software security in a practical perspective from a software tester's point of view. It defines prescriptive techniques (attacks that testers can use on their own software) that are designed to ferret out security vulnerabilities in software applications. The book's style is easy to read and provides readers with the techniques and advice to hunt down security bugs and see that they're destroyed before the software is released. Accompanying the book is a CD-ROM containing Holodeck, which tests for security vulnerabilities. There are also a number of bug-finding tools, freeware, and an easy-to-use port scanner included on the CD-ROM.

Product Details

  • Paperback: 208 pages
  • Publisher: Addison Wesley (May 19, 2003)
  • Language: English
  • ISBN-10: 0321194330
  • ISBN-13: 978-0321194336
  • Product Dimensions: 9.1 x 6.8 x 0.6 inches
  • Shipping Weight: 12 ounces (View shipping rates and policies)
  • Average Customer Review: 4.0 out of 5 stars  See all reviews (7 customer reviews)
  • Amazon Bestsellers Rank: #319,360 in Books (See Top 100 in Books)
    #84 in  Books > Computers & Internet > Programming > Software Design, Testing & Engineering > Testing

    •  Would you like to update product info or give feedback on images?

More About the Author

James A. Whittaker
Discover books, learn about writers, read author blogs, and more.

Visit Amazon's James A. Whittaker Page

What Do Customers Ultimately Buy After Viewing This Item?

How to Break Software Security
70% buy the item featured on this page:
How to Break Software Security by James A. Whittaker Paperback 4.0 out of 5 stars (7)
$36.19
How to Break Web Software: Functional and Security Testing of Web Applications and Web Services. Book & CD
12% buy
How to Break Web Software: Functional and Security Testing of Web Applications and Web Services. Book & CD by Mike Andrews Paperback 4.4 out of 5 stars (12)
$34.99
How to Break Software: A Practical Guide to Testing W/CD
11% buy
How to Break Software: A Practical Guide to Testing W/CD by James A. Whittaker Paperback 3.9 out of 5 stars (20)
$27.84
The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software
4% buy
The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software by Michael Howard Paperback 4.5 out of 5 stars (4)
$23.09
Explore similar items

Tags Customers Associate with This Product

 (What's this?)
Click on a tag to find related items, discussions, and people.
 
(1)
(1)
(1)
(1)
(1)
Agree with these tags?
See all 6 tags...

Your tags: Add your first tag
 
See most popular tags

Sell a Digital Version of This Book in the Kindle Store

If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store. Learn more
 

Customer Reviews

7 Reviews
5 star:
 (4)
4 star:
 (1)
3 star:    (0)
2 star:
 (2)
1 star:    (0)
 
 
 
 
 
Average Customer Review
4.0 out of 5 stars (7 customer reviews)
 
 
 
 
Share your thoughts with other customers:
Most Helpful Customer Reviews

 
15 of 16 people found the following review helpful:
2.0 out of 5 stars Good ideas, but fails to follow through, March 6, 2006
By Darius Wiles (San Francisco, CA USA) - See all my reviews
(REAL NAME)   
This review is from: How to Break Software Security (Paperback)
The book categorizes software testing for security defects into attacks on software dependencies, user interfaces, design and implementation. The book focuses on 19 attacks (one being "overflow input buffers"), which form the core of the book. Parts 2 and 3 of the book explain when and how to apply each attack and what faults they find. Part 4 takes a more hands-on look at how to perform the testing.

In my opinion, the book is too dependent on the Holodeck 1.3 program provided on the CD. Rather than explaining security testing in a tool agnostic way, the book often simply explains how to use Holodeck to perform an attack. I use Linux and Holodeck is Windows only, so it was useless to me. Reviewer Yvonne Eu said the tool did not work in her test environment. Holodeck is currently maintained by Security Innovation who charge $1495 for a single user license, but they also offer a 30 day evaluation license. If the version on the CD does not work for you, these are your two options. The book is a lot less useful if Holodeck does not work for you, so bear this in mind.

The focus on Holodeck also limits the scope of the book. The use of other types of tools such as web proxies, port scanners and tools to exercise user interfaces is not adequately covered.

Finally, I was disappointed by chapter 6, which looks at security testing three applications: Windows Media Player 9.0, Mozilla 1.2.1 (for Windows), and OpenOffice 1.0.2 (for Linux). This is an ideal opportunity to dive down and show how security testing tools should be applied, common pitfalls, and hands-on techniques for finding security issues. Instead, the chapter only explains how attacks should be planned and goes no deeper.

If you are new to security testing and want an overview of some common types of tests that should be run, this book will be useful. If you are interested in using Holodeck for your testing, this book will also be useful. If you do not fall into these categories, there are other books which are a better fit. If you want more detail, I recommend trying one of the Hacking Exposed series.
Help other customers find the most helpful reviews  
Was this review helpful to you? Yes No


 
13 of 14 people found the following review helpful:
5.0 out of 5 stars Security testing for QA folks, also good for infosec folks, September 22, 2004
By The Grumpy Hacker (Milwaukee - Top 5000 Reviewer!) - See all my reviews
This review is from: How to Break Software Security (Paperback)
I'm the type of person who won't buy a tech book unless it's worth reading and referring to, and it didn't take much skimming to realize this was going to be worth it. My opinion hasn't changed since finishing it. I had a specific need for information on non-web application penetration (security) testing and I was surprised to find exactly what I needed in this book, and in a short, easy-to-read package including a CD with two unique tools to help apply what it teaches.

If you're a software tester or in the software quality assurance field, especially if you're interested in security, you need to read this book as it will likely be an eye-opener. It's not full of shocking anecdotes to scare developers into writing better software, it's a handbook of what to look for when testing software after you think you've done all your testing, and at the same time gives developers and project managers good information on how to design, code, and state requirements better.

If you're a security person, especially the burgeoning field of application security, you might also find this book pretty enlightining. Everyone's heard of penetration testing and vulnerability assessment, but typically only in the context of attacking remotely over a network. This book shows you how to attack the (more traditional?) software on your local machine, but not to the level of detail or geekiness of "shellcoding."

While I feel the cover price is a bit steep for such a thin book, especially given the amount of "filler" like illustrations, blank pages, figures, etc., the content is superb and the writing style makes it easy to read. I also appreciate that the points made and examples used tend to get me thinking and I'm able to apply the concepts right away--maybe it's just my "tinkerer" mindset but this book seems to encourage the reader to think outside the box and experiment, which I like. I don't give many 5-star ratings but I think this book deserves it.
Help other customers find the most helpful reviews  
Was this review helpful to you? Yes No


 
10 of 11 people found the following review helpful:
2.0 out of 5 stars Holodeck rules! - Does it?, October 27, 2005
By Yvonne Eu (Seattle) - See all my reviews
This review is from: How to Break Software Security (Paperback)
The whole book feels like a promotion for Holodeck tool. Some of the chapters are very straightforward: boot your AUT (Application Under Test) from Holodeck and see what happens. However, the version of the tool supplied with the book isn't supported by anybody and, sure enough, it doesn't work with my AUT. The supported one is above $1K for single user licence...
Though as much as I appreciate the general ideas about blackbox security testing Whittaker is voicing in this book, I feel it's just not enough there for its price. :(
Help other customers find the most helpful reviews  
Was this review helpful to you? Yes No

Share your thoughts with other customers: Create your own review
 
 
 
Most Recent Customer Reviews

4.0 out of 5 stars Handy book
How to Break Software Security is a good book. Handy. It is a little more than entry level on the topic and not much more than that, but at the same time if enough developers... Read more
Published 22 months ago by C. Golding

5.0 out of 5 stars Whittaker strikes again!
The software community has been awaiting for a book like this. It's a almost perfect intro to software security concepts. Again, Whittaker keeps it low in pages and words. Read more
Published on May 30, 2004 by AdV

5.0 out of 5 stars Excellent continuation or Whittaker's earlier book
James Whittaker has taken the approach and the tools he introduced in "How to Break Software: A Practical Guide to Testing" (ISBN 0201796198), and has teamed with... Read more
Published on March 7, 2004 by Mike Tarrani

5.0 out of 5 stars Required for those involved w/ software application security
`How to Break Software Security' is a most unique book.

There are a lot of security books.
There are a growing number of books about writing secure code. Read more

Published on February 3, 2004 by Ben Rothke

Only search this product's reviews


Customer Discussions

This product's forum
Discussion Replies Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight
Start a new discussion
Topic:
First post:
Prompts for sign-in
 


Active discussions in related forums
Search Customer Discussions
Search all Amazon discussions
   

So You'd Like to...

Create a guide

Look for Similar Items by Category

Look for Similar Items by Subject

Search Books by subject:






















i.e., each book must be in subject 1 AND subject 2 AND ...
 

Feedback

If you need help or have a question for Customer Service, contact us.
 Would you like to update product info or give feedback on images?
Is there any other feedback you would like to provide?

Your comments can help make our site better for everyone.


Your Recent History

 (What's this?)

After viewing product detail pages or search results, look here to find an easy way to navigate back to pages you are interested in.