The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first.

The Virtual Bookcase Home
Recent reviews
Collected book news
Welcome to this site
Add your own book

Book details of 'The Software Vulnerability Guide (Programming Series) (Programming Series)'

Cover of The Software Vulnerability Guide (Programming Series) (Programming Series)
TitleThe Software Vulnerability Guide (Programming Series) (Programming Series)
Author(s)Herbert Thompson, Scott Chase, Scott G. Chase
ISBN1584503580
LanguageEnglish
PublishedJune 2005
PublisherCharles River Media
Web links for this book
Search at Bookcrossing.com
Wikipedia booksources
Shop for this book
At Amazon.com
At Amazon.co.uk

Back to shelf Computer programming
Amazon.com info for The Software Vulnerability Guide (Programming Series) (Programming Series)

Score:

Vote for this book

The Virtual Bookcase Reviews of 'The Software Vulnerability Guide (Programming Series) (Programming Series)':

Reviewer Rob Slade wrote:
As part one is an introduction to security and vulnerabilities, chapter one is what would normally be the introduction or preface to the book. The content is surprisingly vague about the intention of, and audience for, the text. A few security and network topics make up chapter two. Miscellaneous security utilities are listed in chapter three. Part two looks at system level attacks. Chapter four examines some issues with access control and privilege. Password strength is the topic of chapter five, but a lot of space is devoted to code for a cracking program. Scripts, and some of the ways they can be used maliciously, are mentioned in chapter six. Chapter seven examines some of the ways that the use of dynamic link libraries can affect security. Part three reviews data parsing. Chapter eight contains a clear explanation of buffer overflows, although it takes a great deal of space to convey relatively limited information. An unclear exposition on proprietary data formats and the corruption of files is in chapter nine. The material on format strings, in chapter ten, describes one particular case involving the lack of strong data typing, malformed input data, and buffer overflows. Chapter eleven remarks that integer overflows can be prevented by testing values at the extremes of expected ranges. Part four surveys information disclosure issues. Chapter twelve says that passwords should not be stored in plain text and notes some (rather complicated) ways to test for programs that do make this mistake. Dangers in the sloppy use of temporary files are addressed in chapter thirteen. The reuse of memory is covered in chapter fourteen, along with issues of garbage collection. Chapter fifteen is supposed to deal with finding memory traces left in the swap file, but really only searches for text from a deleted file on a floppy disk. Part five looks at network activity. Chapter sixteen discusses various versions of spoofing. Reducing the amount of information given in response to probes and errors is suggested in chapter seventeen. Part six turns specifically to Web sites. Chapter eighteen outlines cross-site scripting, although it does not do well at explaining how the attack would work in the real world. Careless programming of the Common Gateway Interface (CGI) is deplored in chapter nineteen, and a few other malicious possibilities are explored in twenty. SQL injection is outlined in chapter twenty-one. A grab bag of other Web issues is in chapter twenty-two. Part seven finishes off with chapter twenty-three encouraging the reader to learn from the mistakes of others. The chapters are very short, and so the material is quite terse. It is also poorly structured, and generally far from complete. In some cases the content deals at great length with one specific problem in one specific language, while other more sweeping issues are barely mentioned. The security literature is certainly deficient in titles dealing with the practice of secure programming and development, but this work, even though it does contain any number of valuable tips, does not deal with the need for application development security in a complete and straightforward fashion. copyright Robert M. Slade, 2005
Add my review for The Software Vulnerability Guide (Programming Series) (Programming Series)

Book description:

In today’s market, secure software is a must for consumers. Many developers, however, are not familiar with the techniques needed to produce secure code or detect existing vulnerabilities. The Software Vulnerability Guide focuses on the origin of most software vulnerabilities, including the bugs in the underlying software used to develop IT infrastructures and the Internet. Most of these security bugs (and the viruses, worms, and exploits that derive from them) started out as programmer mistakes. With this easy-to-use guide, professional programmers and testers will learn how to recognize and prevent these vulnerabilities before their software reaches the market. For each of the 30 common software vulnerabilities featured the authors provide a summary, description of how the vulnerability occurs, and famous examples of how it has been used. Tips on how to find and fix the vulnerability in software are also provided along with source code snippets, commentary, tools, and techniques in easy-to-read sidebars. This guide is a must-have for today’s software developers. KEY FEATURES * Includes coding examples in a variety of languages, including C, C++, Java, VB, .NET, scripting languages, and more * Provides tips for uncovering vulnerabilities in a diverse array of systems, including what it may look like in code, and how the offending code can be fixed * Covers vulnerabilities such as permitting default or weak passwords, cookie poisoning, exchanging sensitive data in plain text, leaving things in memory, and format string attacks * Includes a CD-ROM with all of the source code, as well as many freeware/shareware tools discussed in the bookAbout the AuthorHerbert Thomas is the Director of Security Technology at Security Innovation LLC and serves on the graduate faculty of the Florida Institute of Technology. He is the co-author of How to Break Sofware Security: Effective Techniques for Security Testing and is a frequent speaker at industry conferences. Scott Chase is a Security Architect at SI Government Solutions, where he manages key research projects for the US government. He has also worked as a university researcher in information security and as a software tester in industry.

Search The Virtual Bookcase

Enter a title word, author name or ISBN.

The shelves in The Virtual Bookcase

Arts and architecture (25)
Biography (24)
Business and Management (119)
Cars and driving (53)
Cartoons (45)
Children's books (179)
Computer (475)
Computer history/fun (111)
Computer networks (382)
Computer programming (215)
Computer security (269)
Cook books (89)
Fantasy (154)
Fiction (445)
Health and body (70)
History (135)
Hobby (37)
Horror (65)
Humorous books (52)
Literature (57)
Operating systems (94)
Outdoor camping (162)
Outdoors (236)
Politics (83)
Privacy (61)
Psychology (55)
Religion (17)
Science (113)
Science Fiction (156)
Self-help books (55)
Technology (12)
Travel guides (307)
War and weapons (29)
World Wide Web (211)
Zen (5)
Other books (88)
Mailing list
Subscribe to booktalk, the discussion list about books at The Virtual Bookcase.
Enter your e-mail address to subscribe (you will receive an e-mail to confirm your subscription):
The Virtual Bookcase is created and maintained by Koos van den Hout. Contact e-mail webmaster@virtualbookcase.com.
Site credits
Copyright © 2000-2008 Koos van den Hout / The Virtual Bookcase Copyright and privacy statement