Security Log - Security Bookshelf

from ComputerWorld; February 2, 2004

Exploiting Software: How to Break Code, by Greg Hoglund and Gary McGraw; Addison-Wesley, 2004.

This book has a black hat on the cover, and for good reason: It teaches readers how to exploit software and attack systems.

While it's great if you want to delve into the mind-set and tool kit of the black hats, the authors touch only lightly on defensive measures. For example, they repeatedly advise against relying on blacklists to stop bad inputs because they prefer whitelists. That may be good advice, but the authors give no details on how to implement the strategy.

Exploiting Software, clearly written by experts, is perfect for development teams that need to understand the scale of the shared experience ready to be leveled against their software. As a security manager, however, I'm not reassured about the state of my company's current defenses or software infrastructure, since Hoglund and McGraw have shown how to bypass even the most carefully designed security controls.

-- Vince Tuesday

Original Review