Full Text

The Art of Software Security Assessment: Identifying and Avoiding Software Vulnerabilities Mark Dowd and John McDonald. 2006. Addison-Wesley Professional (www.pearsonhighered.com). 1200 pages. ISBN-13: 978-0321444424; ISBN-10: 0321444426

CSQE Body of Knowledge areas: HI. E Software analysis, design, and development

This book is not for the fainthearted. Starting with its size and breadth, reading this also requires an ability to read and understand code, especially in C, as the book is rife with examples and listings, both created by the authors as well as taken from real applications (mostly open source). However, the authors reach out to the reader by providing an introduction of each covered subject, as well as by discussing the examples line by line, when needed.

"Part I: Introduction to Software Security Assessment" opens up with definitions and explanations for common terms. This is not new stuff to anyone involved in software security (and shouldn't be to anyone involved in software development). The author continues by presenting an...