Book: The Art of Software Security Assessment
Title: The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
Authors: Mark Dowd, John McDonald, and Justin Schuh
This book was written by some of the most respected people in their fields. Some of you might know them from their underground background in security from ADM, unfortunately I’m not that old. All of them are amazing security researchers and this book has so much information on vulnerability discovery and software security assessment in general that makes it look like a bible to me. Specifically, its 6th chapter which you can download it for free here is just awesome. I can’t wait for their next edition. Another great thing is that throughout the book, authors use real world examples to demonstrate different vulnerabilities. However, if you’re interested explicitly in exploitation then this is not the right book for you. This book assists in gaining knowledge in vulnerability discovery from basic level like common buffer overflows because of insecure library functions to advanced vulnerabilities like inconsistencies between pointers that can lead to code execution, network level bugs and design flaws in protocols etc.
Well, chapter six is a representative sample of the quality of the information provided by that book. Just read it and you will be amazed (well… you should). I’m sorry for not being strict and factual in this review but as I said, for me this is like a bible. I cannot be unbiased in my review.