- Shopping Bag ( 0 items )
From Barnes & NobleThe Barnes & Noble Review
Plenty of books tell you how to write more secure code. But what if you need to deal with a huge existing code base, and you can't start all over again? For that, you need The Art of Software Security Assessment. It'll show you exactly how to find and assess issues in your existing applications and gain reasonable confidence that your software is safe -- if, in fact, it is.
The authors begin by introducing code auditing, helping you integrate it into your development lifecycle, and presenting some high-level methods you can use to start reviewing your applications, whatever their role or size. Next, they turn to the specific categories of high-risk security flaws most likely to afflict applications these days: memory-related problems, C language issues, malformed data, synchronization, state, and beyond.
Much of this coverage is platform independent, but not all. For example, the authors present two chapters on problems arising from Unix privileges, files, and processes; and two more on Windows application flaws, including IPC and filesystem problems. There's a good deal of illustrative sample code: much of it in C, but some in Intel assembly language where that's needed to make a point.
Finally, in Part III, the authors identify the most common security flaws in network, firewall, and web applications, and show you how to reveal them in your applications.
This book addresses security flaws that arise throughout the software development lifecycle: at design (including requirements and architecture); at implementation (where the code's doing what it's supposed to, but there's a security problem in the way it's doing it); and in operations, including deployment and configuration. The authors' integrated, start-to-finish approach makes their book both unique and immensely valuable. Bill Camarda, from the January 2007 Read Only