Better Software - September 2008 - (Page 12)

book reVIeW the art of software security assessment by: Mark Dowd, John McDonald, and Justin Schuh reviewed by: J.D. Kennedy This book is written by three experts in the field who have shared the depth of their security knowledge and experience in a readable and instructive format. The basic premise of the book is that while it is desirable to avoid security vulnerabilities, this isn’t always possible when you have software already in production. The experts start with the basics of software security assessment and make recommendations on how to “shortcut” the process when time or resources are limited. While the material is aimed at assessing the security of software, it also provides lessons in what to avoid when developing software. The writing style is easy to read considering that some might not find the topic riveting. This book is suitable for novices developing a knowledge-based foundation on these issues and for experienced developers who need a reference to remind them of things to look for. The book starts by covering the fundamentals of software vulnerabilities and then covers basic review methodologies. It goes into more depth by exploring specific vulnerabilities of both UNIX- and Windows-based systems. The final section deals with software vulnerability in practice. In the “How to Use This Book” section, the authors recommend that the book be read straight through “at least once” to get a feel for the material. Luckily they also recognize that this may not be feasible for readers who wish to put the principles into practice, so they organized the book so that specific topics and techniques are easy to find and use without having to read the entire book. I liked the simple yet powerful examples used and how the experts build on them to create more complex issues. The concept of userids and passwords is fundamental to most computer systems; the discussion of how either may be easily compromised by inappropriate communication responses should hit home with any developer. Regardless of how obvious this subject matter is to even moderately experienced programmers, basic errors are repeated time and again by novices. I will be taking this book off the shelf and handing it to developers on my team whenever they are working on a new application. Visit www.stickyMinds.com/bythebook10-7 to post your comments on this book. 12 BETTER SOFTWARE SEPTEMBER 2008 books Guide The stickyminds.com Books guidE is one of the most popular Every Monday we bring you fresh areas on our Web site. With ideas to jump-start your work week. more than 880 books—including This month we deliver thoughtmany that have been reviewed by thought leaders, talented provoking articles fromindustry experts, and Jeff Patton, Linda authors such asyour peers—make the StickyMinds.com Books Hayes, Bryan Sullivan, Naomi Karten, Guide your first stop for finding a and Payson Hall. good read. Not sure what you’re looking for? Browse books by topic, including: • Project & Team Management • Test & Evaluation • Requirements • Design & Architecture • Development & Deployment • Reviews • Process Improvement • Measurement & Reporting • Security • Defect Tracking • Configuration Management September Weekly ColumnS Every Monday we bring you fresh ideas to jump-start your work week. This month we deliver thought-provoking articles from talented authors such as Jeff Patton, Linda Hayes, Bryan Sullivan, Naomi Karten, and Payson Hall. www.StickyMinds.com http://StickyMinds.com http://StickyMinds.com http://www.StickyMinds.com/bythebook10-7 http://www.StickyMinds.com Table of Contents for the Digital Edition of Better Software - September 2008Better Software - September 2008ContentsMark Your CalendarContributorseLightenmentTechnically SpeakingCode CraftTest ConnectionManagement ChroniclesFrom Here to Acceptance Test-Driven DevelopmentSo, You've Got a Problem...A Culture of TrustProduct Announcements10 Things You Might Not Know About …The Last WordAd IndexAgile Conference BrochureBetter Software - September 2008Better Software - September 2008 - Better Software - September 2008 (Page Cover1)Better Software - September 2008 - Better Software - September 2008 (Page Cover2)Better Software - September 2008 - Better Software - September 2008 (Page 1)Better Software - September 2008 - Better Software - September 2008 (Page 2)Better Software - September 2008 - Contents (Page 3)Better Software - September 2008 - Mark Your Calendar (Page 4)Better Software - September 2008 - Mark Your Calendar (Page 5)Better Software - September 2008 - Contributors (Page 6)Better Software - September 2008 - Contributors (Page 7)Better Software - September 2008 - Contributors (Page 8)Better Software - September 2008 - Contributors (Page QA1)Better Software - September 2008 - Contributors (Page QA2)Better Software - September 2008 - eLightenment (Page 9)Better Software - September 2008 - eLightenment (Page 10)Better Software - September 2008 - eLightenment (Page 11)Better Software - September 2008 - eLightenment (Page 12)Better Software - September 2008 - eLightenment (Page 13)Better Software - September 2008 - eLightenment (Page 14)Better Software - September 2008 - Technically Speaking (Page 15)Better Software - September 2008 - Code Craft (Page 16)Better Software - September 2008 - Code Craft (Page 17)Better Software - September 2008 - Code Craft (Page 18)Better Software - September 2008 - Code Craft (Page 19)Better Software - September 2008 - Test Connection (Page 20)Better Software - September 2008 - Test Connection (Page 21)Better Software - September 2008 - Management Chronicles (Page 22)Better Software - September 2008 - Management Chronicles (Page 23)Better Software - September 2008 - From Here to Acceptance Test-Driven Development (Page 24)Better Software - September 2008 - From Here to Acceptance Test-Driven Development (Page 25)Better Software - September 2008 - From Here to Acceptance Test-Driven Development (Page 26)Better Software - September 2008 - From Here to Acceptance Test-Driven Development (Page 27)Better Software - September 2008 - From Here to Acceptance Test-Driven Development (Page 28)Better Software - September 2008 - From Here to Acceptance Test-Driven Development (Page 29)Better Software - September 2008 - So, You've Got a Problem... (Page 30)Better Software - September 2008 - So, You've Got a Problem... (Page 31)Better Software - September 2008 - So, You've Got a Problem... (Page 32)Better Software - September 2008 - So, You've Got a Problem... (Page 33)Better Software - September 2008 - So, You've Got a Problem... (Page 34)Better Software - September 2008 - So, You've Got a Problem... (Page 35)Better Software - September 2008 - A Culture of Trust (Page 36)Better Software - September 2008 - A Culture of Trust (Page 37)Better Software - September 2008 - A Culture of Trust (Page 38)Better Software - September 2008 - A Culture of Trust (Page 39)Better Software - September 2008 - A Culture of Trust (Page 40)Better Software - September 2008 - A Culture of Trust (Page 41)Better Software - September 2008 - Product Announcements (Page 42)Better Software - September 2008 - Product Announcements (Page 43)Better Software - September 2008 - Product Announcements (Page 44)Better Software - September 2008 - Product Announcements (Page 45)Better Software - September 2008 - 10 Things You Might Not Know About … (Page 46)Better Software - September 2008 - The Last Word (Page 47)Better Software - September 2008 - Ad Index (Page 48)Better Software - September 2008 - Ad Index (Page Cover3)Better Software - September 2008 - Ad Index (Page Cover4)Better Software - September 2008 - Agile Conference Brochure (Page ADP1)Better Software - September 2008 - Agile Conference Brochure (Page ADP2)Better Software - September 2008 - Agile Conference Brochure (Page ADP3)Better Software - September 2008 - Agile Conference Brochure (Page ADP4)Better Software - September 2008 - Agile Conference Brochure (Page ADP5)Better Software - September 2008 - Agile Conference Brochure (Page ADP6)Better Software - September 2008 - Agile Conference Brochure (Page ADP7)Better Software - September 2008 - Agile Conference Brochure (Page ADP8)Better Software - September 2008 - Agile Conference Brochure (Page ADP9)Better Software - September 2008 - Agile Conference Brochure (Page ADP10)Better Software - September 2008 - Agile Conference Brochure (Page ADP11)Better Software - September 2008 - Agile Conference Brochure (Page ADP12)Better Software - September 2008 - Agile Conference Brochure (Page ADP13)Better Software - September 2008 - Agile Conference Brochure (Page ADP14)Better Software - September 2008 - Agile Conference Brochure (Page ADP15)Better Software - September 2008 - Agile Conference Brochure (Page ADP16)Better Software - September 2008 - Agile Conference Brochure (Page ADP17)Better Software - September 2008 - Agile Conference Brochure (Page ADP18)Better Software - September 2008 - Agile Conference Brochure (Page ADP19)Better Software - September 2008 - Agile Conference Brochure (Page ADP20)Better Software - September 2008 - Agile Conference Brochure (Page ADP21)Better Software - September 2008 - Agile Conference Brochure (Page ADP22)Better Software - September 2008 - Agile Conference Brochure (Page ADP23)Better Software - September 2008 - Agile Conference Brochure (Page ADP24)Better Software - September 2008 - Agile Conference Brochure (Page ADP25)Better Software - September 2008 - Agile Conference Brochure (Page ADP26)Better Software - September 2008 - Agile Conference Brochure (Page ADP27)Better Software - September 2008 - Agile Conference Brochure (Page ADP28)http://www.nxtbook.com/nxtbooks/sqe/bettersoftware_1109http://www.nxtbook.com/nxtbooks/sqe/bettersoftware_0909http://www.nxtbook.com/nxtbooks/sqe/bettersoftware_0709http://www.nxtbook.com/nxtbooks/sqe/bettersoftware_0509http://www.nxtbook.com/nxtbooks/sqe/bettersoftware_0409http://www.nxtbook.com/nxtbooks/sqe/bettersoftware_0309http://www.nxtbook.com/nxtbooks/sqe/bettersoftware0109http://www.nxtbook.com/nxtbooks/sqe/bettersoftware1208http://www.nxtbook.com/nxtbooks/sqe/stf_spring08http://www.nxtbook.com/nxtbooks/sqe/bettersoftware1108_v2http://www.nxtbook.com/nxtbooks/sqe/bettersoftware1108http://www.nxtbook.com/nxtbooks/sqe/bettersoftware1008http://www.nxtbook.com/nxtbooks/sqe/agile08http://www.nxtbook.com/nxtbooks/sqe/bettersoftware0908http://www.nxtbook.com/nxtbooks/sqe/bettersoftware0708http://www.nxtbook.com/nxtbooks/sqe/sw08http://www.nxtbook.com/nxtbooks/sqe/bettersoftware0608http://www.nxtbook.com/nxtbooks/sqe/bettersoftware0408http://www.nxtbook.com/nxtbooks/sqe/bettersoftware-confexpo08http://www.nxtbook.com/nxtbooks/sqe/bettersoftware0308http://www.nxtbook.com/nxtbooks/sqe/bettersoftware0108http://www.nxtbook.com/nxtbooks/sqe/bettersoftware1207http://www.nxtbook.com/nxtbooks/sqe/bettersoftware1107http://www.nxtbook.com/nxtbooks/sqe/bettersoftware1007http://www.nxtbook.com/nxtbooks/sqe/bettersoftware0907http://www.nxtbook.com/nxtbooks/sqe/bettersoftware0807http://www.nxtbook.com/nxtbooks/sqe/bettersoftware0607http://www.nxtbook.com/nxtbooks/sqe/bettersoftware0507http://www.nxtbookMEDIA.com

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.