Related Documents
I Create Vitality The Art Of Living In High Joy Vibrations
Master Cleanse for All The Art of Detox
Busker World The Art of Successful Busking for Fun as well as Profit.pdf
Busker World The Art of Successful Busking for Fun as well as Profit.pdf
THE ART OF RECORDING AND THE AESTHETICS OF PERFECTION
The Asian Martial Arts and the Art of War
The Art of Persuasion:21 Powerful Ways To Persuade People.
The art of start
The Art of Innovation (by Guy Kawasaki)
The Art of Public Speaking, 10th Edition, Lucas, ISBN 0073385158, Mcgraw-hill, TB
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
“There are a number of secure programming books on the market, but none that go as deep as this one. The depth and detail exceeds all books that I know about by an order of magnitude.”
—Halvar Flake, CEO and head of research, SABRE Security GmbH
The Definitive Insider’s Guide to Auditing Software Security
This is one of the most detailed, sophisticated, and useful guides to software security auditing ever written. The authors are leading security consultants and researchers who have personally uncovered vulnerabilities in applications ranging from sendmail to Microsoft Exchange, Check Point VPN to Internet Explorer. Drawing on their extraordinary experience, they introduce a start-to-finish methodology for “ripping apart” applications to reveal even the most subtle and well-hidden security flaws.
The Art of Software Security Assessment covers the full spectrum of software vulnerabilities in both UNIX/Linux and Windows environments. It demonstrates how to audit security in applications of all sizes and functions, including network and Web software. Moreover, it teaches using extensive examples of real code drawn from past flaws in many of the industry's highest-profile applications.
Coverage includes
• Code auditing: theory, practice, proven methodologies, and secrets of the trade
• Bridging the gap between secure software design and post-implementation review
• Performing architectural assessment: design review, threat modeling, and operational review
• Identifying vulnerabilities related to memory management, data types, and malformed data
• UNIX/Linux assessment: privileges, files, and processes
• Windows-specific issues, including objects and the filesystem
• Auditing interprocess communication, synchronization, and state
• Evaluating network software: IP stacks, firewalls, and common application protocols
• Auditing Web applications and technologies
This book is an unprecedented resource for everyone who must deliver secure software or assure the safety of existing software: consultants, security specialists, developers, QA staff, testers, and administrators alike.
Contents
ABOUT THE AUTHORS xv
PREFACE xvii
ACKNOWLEDGMENTS xxi
I Introduction to Software Security Assessment
1 SOFTWARE VULNERABILITY FUNDAMENTALS 3
2 DESIGN REVIEW 25
3 OPERATIONAL REVIEW 67
4 APPLICATION REVIEW PROCESS 91
II Software Vulnerabilities
5 MEMORY CORRUPTION 167
6 C LANGUAGE ISSUES 203
7 PROGRAM BUILDING BLOCKS 297
8 STRINGS ANDMETACHARACTERS 387
9 UNIX I: PRIVILEGES AND FILES 459
10 UNIX II: PROCESSES 559
11 WINDOWS I: OBJECTS AND THE FILE SYSTEM 625
12 WINDOWS II: INTERPROCESS COMMUNICATION 685
13 SYNCHRONIZATION AND STATE 755
III Software Vulnerabilities in Practice
14 NETWORK PROTOCOLS 829
15 FIREWALLS 891
16 NETWORK APPLICATION PROTOCOLS 921
17 WEB APPLICATIONS 1007
18 WEB TECHNOLOGIES 1083
BIBLIOGRAPHY 1125
INDEX 1129
Customer Reviews:
Excellent
By David Aitel - December 1, 2006The temptation with a massive book, such as this one, is to use it as a reference. While no doubt valuable as a quick reference for people looking to know the exact problems with any given C API ("snprintf does what differently on Windows and Unix?"), this book is best read page by page. There are surprises sprinkled throughout. Vulnerable example code is taken from real software applications, such as OpenBSD 3.6, Netscape, and OpenSSH. Of course, more than just a collection of code with mistakes highlighted, this book has a powerful methodology, complete with "Desk-checking", "Scorecards" and other useful tricks.
This book is not about binary analysis; assembly language is used only to demonstrate tricky C code.
Unlike many books with multiple authors, this is an extremely well put together book that flows naturally from chapter to chapter. The chapters on C auditing are amazing. The chapters on web assessment, while not the most in-depth chapters in the book,... read more
Bible? Rather hell without redemption!
By Michael Schuerig - November 29, 2008This book was like a blow to the head for me. I'm not a security person, I'm not coveting ever more arcane vulnerabilities. Rather, I'm the poor guy at the other end of things: I'm a programmer. It's my job to avoid all the known and imaginable vulnerabilities while at the same time providing some useful functionality to my customers.
You bet I wouldn't like some self-styled security "researcher" tear apart my poor little programs and expose all their failings. What's troubling me, after reading this book, is that it looks very much like I hardly stand a chance. Security would be hard with the best of tools, unfortunately, at least when it comes to systems programming, the tools -- C, low-level APIs -- are dubious at best and introduce lots and lots of problems of their own. These tools hail from a happier time long ago when we were still trusting trust. I was overcome by a mixture of horror and chagrin when I saw proof in this book that not even the people writing... read more
A must have
By David Maynor - December 6, 2006As a security researcher it is often hard to recommend books to people. A lot of the things you know come from actually doing it and I find it hard to explain to people the how and the why of what I do. That problem is now solved with the publication of the Art of Software Security Assessment. The book was written by 3 people very familiar with the problems of software security and even more so 3 people who actually know what they are talking about when it comes to what a bug hunter looks for in bad code. Out of all the chapters I have read I have to be honest and say the chapter on Windows IPC (Chapter 12) is worth the price of admission alone. It describes Windows messaging and mailslots to a degree I have never seen publicly explained before but the crown jewel is the in-depth and concise explanation of the Windows implementation of RPC. A lot of the major worms you have heard of, like Blaster and Zotob are based on RPC exploits. One of the challenges for developers and security... read more
Use coupon below to get discount at eCampus.com!
SHADES
$3 off textbook orders over $75
SUNBLOCK
$4 off textbook orders over $90
SUNSHINE
$5 off textbook orders over $100
Copy the coupon code before clicking the button!
| AVAILABILITY | |||
| Merchant | Format | Price | |
| Amazon US | Paperback | $36.94 - $69.99 | |
| BookByte | Paperback | $52.24 | |
| eCampus | Paperback | ||
The Art of Debugging with GDB, DDD, and Eclipse
$20.49 - $39.95Debugging is crucial to successful software development, but even many experienced programmers find it challenging. Sophisticated debugging tools are available, yet it may be difficult to ...
The Art of M&A: Postmerger Integration and Divestitures
$9.95This chapter is from The Art of M&A , Fourth Edition, which, since its original publication, has been the definitive source of information for authoritative guidance on all aspects of mergers and ...
The Art of M&A: Workouts, Bankruptcies, and Liquidations
$9.95This chapter is from The Art of M&A , Fourth Edition, which, since its original publication, has been the definitive source of information for authoritative guidance on all aspects of mergers and ...
Mastering the Art of Asset Allocation: Recognizing Cyclical and Secular Turning Points
$6.95The following chapter comes from Mastering the Art of Asset Allocation , which focuses on the knowledge and nuances that will help you achieve asset allocation success. Asset allocation authority ...
Mastering the Art of Asset Allocation: Asset Allocation and Investment Lessons from University Endowments…
$6.95The following chapter comes from Mastering the Art of Asset Allocation , which focuses on the knowledge and nuances that will help you achieve asset allocation success. Asset allocation authority ...
The Art of Planned Giving: Understanding Donors and the Culture of Giving (Wiley Nonprofit Law, Finance…
$5.03 - $42.50"A unique book with a unique approach, this is destined to become a classic." --Charitable Gift Planning NewsIn this deeply humane and informative book, Douglas White deftly weaves ...
The Art of Asset Allocation: Principles and Investment Strategies for Any Market, Second Edition
$1.49 - $39.95The fully revised classic on employing asset allocation techniques to grow real wealthA global leader and preeminent expert in asset allocation, David Darst delivers his masterwork ...
The Art of Engagement: Bridging the Gap Between People and Possibilities
$3.03 - $27.95"Haudan's approach helps organizations bring strategies to life by engaging the hearts and minds of their people.”-Marcus Buckingham, bestselling author of Go Put Your Strengths ...
The Art of Computer Virus Research and Defense
$15.55 - $70.90Peter Szor takes you behind the scenes of anti-virus research, showing howthey are analyzed, how they spread, and--most importantly--how to effectivelydefend against them. This book offers an ...
The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers
$3.15 - $27.50Hacker extraordinaire Kevin Mitnick delivers the explosive encore to his bestselling The Art of Deception Kevin Mitnick, the world's most celebrated hacker, now devotes his ...
