What do you think?
Rate this book
The Art of Software Security Assessment 1st (first) edition Text Only
The definitive insider's guide to auditing software security is penned by leading security consultants who have personally uncovered vulnerabilities in applications ranging from "sendmail" to Microsoft Exchange, Check Point VPN to Internet Explorer. Drawing on their extraordinary experience, they introduce a start-to-finish methodology for "ripping apart" applications to reveal even the most subtle and well-hidden security flaws.
Unknown Binding
First published November 30, 2006
34 people are currently reading
793 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 12 of 12 reviews
March 21, 2013
It's somewhat like a horror story, except that instead of looking for monsters under the bed, every 20-30 pages you leave the book and go look for something in your code.
The book is a comprehensive reference for most of the issues and techniques needed to do security audits of source code. It's probably the best (and I think only) introductory and complete text you can find, is well written and systematical. The last chapter seems rushed, and I think there's more to be said about some of the web problems (notably it seems to be missing cross-site request forging), but the rest of the book was very good, especially the chapter on C.
The book is a comprehensive reference for most of the issues and techniques needed to do security audits of source code. It's probably the best (and I think only) introductory and complete text you can find, is well written and systematical. The last chapter seems rushed, and I think there's more to be said about some of the web problems (notably it seems to be missing cross-site request forging), but the rest of the book was very good, especially the chapter on C.
November 28, 2016
Great higher-level overview of application security and while it cannot get into all of the nitty-gritty, it gives enough that the reader would be able to identify and know how to seek out more detailed information on specific vulnerabilities.
This book is more focused on application security rather than network. You should definitely have a programming background but it's not a difficult read, moves at a nice pace and ramps well. I read the entire book in a couple of months and while it is 10 years old, it is general enough that I keep it as a reference.
This book is more focused on application security rather than network. You should definitely have a programming background but it's not a difficult read, moves at a nice pace and ramps well. I read the entire book in a couple of months and while it is 10 years old, it is general enough that I keep it as a reference.
April 12, 2021
Recommended by one of my heroes, Natalie Silvanovich - https://googleprojectzero.blogspot.co..., this book is a real goldmine.
Currently reading
January 3, 2023Re-reading
April 22, 2013
A comprehensive discussion of Software Security Assessment. While there are new things it doesn't cover the fundamentals are all there. The suggested tracks are a big help as well if you don't want to try and tackle the whole book at once.
March 16, 2013
there are many different techniques & strategies to write good codes, to test codes, or to review other people code. the book explains concepts & definitions very clear & easy to understand. it's definitely help me a lot.
September 30, 2015
A must-read for anyone involved in software security.
July 8, 2008
One of the best security books out there.
December 21, 2011
Seems to be great! Moving over to reference material.
November 17, 2012
This book is amazing. Between the abstract concepts and the comprehensive code examples, whether you're a developer or security professional, you must read this book.
Read
September 25, 2014i think this book is good
This entire review has been hidden because of spoilers.
May 6, 2016
This is a great book about security assurance and worth reading over and over again.
Displaying 1 - 12 of 12 reviews