Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your mobile phone number.

How to Break Software Security

4.1 out of 5 stars 8 customer reviews
ISBN-13: 978-0321194336
ISBN-10: 0321194330
Why is ISBN important?
ISBN
This bar-code number lets you verify that you're getting exactly the right version or edition of a book. The 13-digit and 10-digit formats both work.
Scan an ISBN with your phone
Use the Amazon App to scan ISBNs and compare prices.
Have one to sell? Sell on Amazon
Buy used
$18.07
Condition: Used: Very Good
Comment: Pages and book binding are in great condition. Cover shows some slight shelf wear. Missing CD. Shipped directly from Amazon warehouses for super fast delivery.
Access codes and supplements are not guaranteed with used items.
31 Used from $0.91
FREE Shipping on orders over $25.
More Buying Choices
13 New from $30.49 31 Used from $0.91
Free Two-Day Shipping for College Students with Prime Student Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student


Security
ITPro.TV Video Training
Take advantage of IT courses online anywhere, anytime with ITPro.TV. Learn more.
click to open popover
NO_CONTENT_IN_FEATURE

The latest book club pick from Oprah
"The Underground Railroad" by Colson Whitehead is a magnificent novel chronicling a young slave's adventures as she makes a desperate bid for freedom in the antebellum South. See more

Product Details

  • Paperback: 208 pages
  • Publisher: Addison Wesley (May 19, 2003)
  • Language: English
  • ISBN-10: 0321194330
  • ISBN-13: 978-0321194336
  • Product Dimensions: 7 x 0.5 x 9.1 inches
  • Shipping Weight: 10.4 ounces
  • Average Customer Review: 4.1 out of 5 stars  See all reviews (8 customer reviews)
  • Amazon Best Sellers Rank: #1,147,539 in Books (See Top 100 in Books)

Customer Reviews

Top Customer Reviews

By Darius Wiles on March 6, 2006
Format: Paperback
The book categorizes software testing for security defects into attacks on software dependencies, user interfaces, design and implementation. The book focuses on 19 attacks (one being "overflow input buffers"), which form the core of the book. Parts 2 and 3 of the book explain when and how to apply each attack and what faults they find. Part 4 takes a more hands-on look at how to perform the testing.

In my opinion, the book is too dependent on the Holodeck 1.3 program provided on the CD. Rather than explaining security testing in a tool agnostic way, the book often simply explains how to use Holodeck to perform an attack. I use Linux and Holodeck is Windows only, so it was useless to me. Reviewer Yvonne Eu said the tool did not work in her test environment. Holodeck is currently maintained by Security Innovation who charge $1495 for a single user license, but they also offer a 30 day evaluation license. If the version on the CD does not work for you, these are your two options. The book is a lot less useful if Holodeck does not work for you, so bear this in mind.

The focus on Holodeck also limits the scope of the book. The use of other types of tools such as web proxies, port scanners and tools to exercise user interfaces is not adequately covered.

Finally, I was disappointed by chapter 6, which looks at security testing three applications: Windows Media Player 9.0, Mozilla 1.2.1 (for Windows), and OpenOffice 1.0.2 (for Linux). This is an ideal opportunity to dive down and show how security testing tools should be applied, common pitfalls, and hands-on techniques for finding security issues. Instead, the chapter only explains how attacks should be planned and goes no deeper.
Read more ›
Comment 19 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
The whole book feels like a promotion for Holodeck tool. Some of the chapters are very straightforward: boot your AUT (Application Under Test) from Holodeck and see what happens. However, the version of the tool supplied with the book isn't supported by anybody and, sure enough, it doesn't work with my AUT. The supported one is above $1K for single user licence...

Though as much as I appreciate the general ideas about blackbox security testing Whittaker is voicing in this book, I feel it's just not enough there for its price. :(
Comment 12 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
`How to Break Software Security' is a most unique book.
There are a lot of security books.
There are a growing number of books about writing secure code.
But `How to Break Software Security' is the first on the topic of testing the software after the programmer has supposedly used secure programming techniques.
The problem is that even if a programmer reads all of the required texts on writing secure code, there are still a number of ways that the application can be broken. The book deals with 19 unique attacks that can be mounted against various software applications.
The book describes attacks that can come from all sides. From attacking the software dependencies, implementation, design, to bogus error messages, fake data sources and more.
Anyone involved with software application security testing should definitely read `How to Break Software Security'.
Comment 7 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
The software community has been awaiting for a book like this. It's a almost perfect intro to software security concepts. Again, Whittaker keeps it low in pages and words. In my opinion, the way books should be written (except ones purely theoretical).
Once again Whittaker approachs is hands-on examples. Even if some examples don't apply to modern software the idea behind you is to get you thinking. I've applied the techniques in this book with extremely great results.
Comment 7 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse