Home | Amazing | Today | Tags | Publishers | Years | Account | Search 
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

Buy

 

“There are a number of secure programming books on the market, but none that go as deep as this one. The depth and detail exceeds all books that I know about by an order of magnitude.”

Halvar Flake, CEO and head of research, SABRE Security GmbH

 

The Definitive Insider’s Guide to Auditing Software Security

 

This is one of the most detailed, sophisticated, and useful guides to software security auditing ever written. The authors are leading security consultants and researchers who have personally uncovered vulnerabilities in applications ranging from sendmail to Microsoft Exchange, Check Point VPN to Internet Explorer. Drawing on their extraordinary experience, they introduce a start-to-finish methodology for “ripping apart” applications to reveal even the most subtle and well-hidden security flaws.

 

The Art of Software Security Assessment covers the full spectrum of software vulnerabilities in both UNIX/Linux and Windows environments. It demonstrates how to audit security in applications of all sizes and functions, including network and Web software. Moreover, it teaches using extensive examples of real code drawn from past flaws in many of the industry's highest-profile applications.

 

Coverage includes

 

• Code auditing: theory, practice, proven methodologies, and secrets of the trade

• Bridging the gap between secure software design and post-implementation review

• Performing architectural assessment: design review, threat modeling, and operational review

• Identifying vulnerabilities related to memory management, data types, and malformed data

• UNIX/Linux assessment: privileges, files, and processes

• Windows-specific issues, including objects and the filesystem

• Auditing interprocess communication, synchronization, and state

• Evaluating network software: IP stacks, firewalls, and common application protocols

• Auditing Web applications and technologies

 

This book is an unprecedented resource for everyone who must deliver secure software or assure the safety of existing software: consultants, security specialists, developers, QA staff, testers, and administrators alike.

 

About the Author

Mark Dowd is a principal security architect at McAfee, Inc. and an established expert in the field of application security. His professional experience includes several years as a senior researcher at Internet Security Systems (ISS) X-Force, and the discovery of a number of high-profile vulnerabilities in ubiquitous Internet software. He is responsible for identifying and helping to address critical flaws in Sendmail, Microsoft Exchange Server, OpenSSH, Internet Explorer, Mozilla (Firefox), Checkpoint VPN, and Microsoft’s SSL implementation. In addition to his research work, Mark presents at industry conferences, including Black Hat and RUXCON.

 

John McDonald is a senior consultant with Neohapsis, where he specializes in advanced application security assessment across a broad range of technologies and platforms. He has an established reputation in software security, including work in security architecture and vulnerability research for NAI (now McAfee), Data Protect GmbH, and Citibank. As a vulnerability researcher, John has identified and helped resolve numerous critical vulnerabilities, including issues in Solaris, BSD, Checkpoint FireWall-1, OpenSSL, and BIND.

 

Justin Schuh is a senior consultant with Neohapsis, where he leads the Application Security Practice. As a senior consultant and practice lead, he performs software security assessments across a range of systems, from embedded device firmware to distributed enterprise web applications. Prior to his employment with Neohapsis, Justin spent nearly a decade in computer security activities at the Department of Defense (DoD) and related agencies. His government service includes a role as a lead researcher with the National Security Agency (NSA) penetration testing team–the Red Team.

(HTML tags aren't allowed.)

Windows Presentation Foundation Unleashed (WPF)
Windows Presentation Foundation Unleashed (WPF)
Thank you for picking up Windows Presentation Foundation Unleashed! To avoid unsatisfied customers, I want to clarify that this is not a book about Microsoft PowerPoint (which many people consider to be the foundation of Windows presentations)! Windows Presentation Foundation (WPF) is Microsoft’s latest technology for creating graphical user...
Automatic Fingerprint Recognition Systems
Automatic Fingerprint Recognition Systems
Advances in automatic fingerprint recognition are driven by improved fingerprint sensing and advancements in areas such as computer architecture, pattern recognition, image processing, and computer vision. In addition to the new developments in science and technology, several recent social and political events have increased the level of interest...
Mathematics: A Discrete Introduction
Mathematics: A Discrete Introduction

Master the fundamentals of discrete mathematics and proof-writing with MATHEMATICS: A DISCRETE INTRODUCTION! With a clear presentation, the mathematics text teaches you not only how to write proofs, but how to think clearly and present cases logically beyond this course. Though it is presented from a mathematician's perspective, you will...


Learning Android: Develop Mobile Apps Using Java and Eclipse
Learning Android: Develop Mobile Apps Using Java and Eclipse
Want to build apps for Android devices? This book is the perfect way to master the fundamentals. Written by experts who have taught this mobile platform to hundreds of developers in large organizations and startups alike, this gentle introduction shows experienced object-oriented programmers how to use Android’s basic building blocks...
The AI Business: The Commercial Uses of Artificial Intelligence
The AI Business: The Commercial Uses of Artificial Intelligence

What is the bottom line on Artificial Intelligence? The AI Business offers a comprehensive summary of the commercial picture, present and future, for Artificial Intelligence in the computer industry, medicine, the oil industry, and electronic design. AI's brightest and best - financiers, researchers, and users - analyze current...

Cisco Unity Deployment and Solutions Guide
Cisco Unity Deployment and Solutions Guide

Design, install, and manage a complete unified communications solution with this definitive guide.

  • Gain an in-depth understanding of the Cisco Unity architecture and feature set

  • Plan, design, and install a complete unified messaging...

©2021 LearnIT (support@pdfchm.net) - Privacy Policy