{"id":3279,"date":"2006-08-14T03:41:00","date_gmt":"2006-08-14T08:41:00","guid":{"rendered":"http:\/\/brianjnoggle.com\/blog\/?p=3279"},"modified":"2010-04-20T22:11:06","modified_gmt":"2010-04-21T03:11:06","slug":"book-report-how-to-break-software-security-by-james-a-whittaker-and-herbert-h-thompson-2003","status":"publish","type":"post","link":"https:\/\/brianjnoggle.com\/blog\/2006\/08\/14\/book-report-how-to-break-software-security-by-james-a-whittaker-and-herbert-h-thompson-2003\/","title":{"rendered":"Book Report: How to Break Software Security by James A. Whittaker and Herbert H. Thompson (2003)"},"content":{"rendered":"<p>After I read <i>How to Break Software<\/i> (which a quick Google check indicates I have not reviewed, gentle reader, but most of you wouldn&#8217;t have read it anyway), I bought the companion volumes.  This book, which I bought off of Amazon.com at its retail price, disappointed me where <i>How to Break Software<\/i> did not.<\/p>\n<p>Both books run off of a quick list of fault-model testing (a term I learned from the first book).  I had a ball with the first book, laughing at seeing some of my favorite dirty tricks encapsulated in someone definitive&#8217;s book.  This book, however, didn&#8217;t hold the same glee for me.<\/p>\n<p>The first book dealt with a broad subject and offered some very concrete things to try to attack software.  This second book deals with a similarly broad subject (security testing), but is more abstract.  The attacks it discusses aren&#8217;t as narrow and easy to recreate; they&#8217;re more methods and abstract ideas to try rather than concrete shortcuts to finding issues.  I know, there&#8217;s something to be said for a broad, ranging methodology, but the first book wasn&#8217;t that way, and I didn&#8217;t expect this one to be that way.  Additionally, the book is sized similarly to the first, which doesn&#8217;t allow it to go into a lot of detail for each of the abstract things it talks about.<\/p>\n<p>Finally, I don&#8217;t know that the book focuses enough on actual <i>security<\/i> attacks; rather, it focuses on attacks that could be construed as security breaches.  However, in many cases, they&#8217;re not specifically security attacks, but rather regular tests that could, if applied to applications needing security, be security attacks.<\/p>\n<p>Maybe that&#8217;s all security testing is, but this book wasn&#8217;t different enough from the first book to make me wonder if it wasn&#8217;t really a sequel given a better title.<\/p>\n<p>On the other hand, it does come with a CD and a tool which looks to be pretty cool, if I could get some professional time to play with it.<\/p>\n<p>So buy the first book, <i>How to Break Software<\/i>, and apply its attacks to secure software.  Buy this book if you&#8217;re really into it or if the company is buying it for you.<\/p>\n<p><center><b>Books mentioned in this review:<\/b><\/p>\n<p><iframe src=\"http:\/\/rcm.amazon.com\/e\/cm?t=stlbrianj-20&#038;o=1&#038;p=8&#038;l=as1&#038;asins=0321194330&#038;fc1=000000&#038;IS2=1&#038;lt1=_blank&#038;lc1=0000ff&#038;bc1=000000&#038;bg1=ffffff&#038;f=ifr\" style=\"width:120px;height:240px;\" scrolling=\"no\" marginwidth=\"0\" marginheight=\"0\" frameborder=\"0\"><\/iframe><br \/>\n&nbsp;<br \/>\n<iframe src=\"http:\/\/rcm.amazon.com\/e\/cm?t=stlbrianj-20&#038;o=1&#038;p=8&#038;l=as1&#038;asins=0201796198&#038;fc1=000000&#038;IS2=1&#038;lt1=_blank&#038;lc1=0000ff&#038;bc1=000000&#038;bg1=ffffff&#038;f=ifr\" style=\"width:120px;height:240px;\" scrolling=\"no\" marginwidth=\"0\" marginheight=\"0\" frameborder=\"0\"><\/iframe><\/center><\/p>\n","protected":false},"excerpt":{"rendered":"<p>After I read How to Break Software (which a quick Google check indicates I have not reviewed, gentle reader, but most of you wouldn&#8217;t have read it anyway), I bought the companion volumes. This book, which I bought off of Amazon.com at its retail price, disappointed me where How to Break Software did not. Both [&hellip;]<\/p>\n","protected":false},"author":3334,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20,11],"tags":[],"class_list":["post-3279","post","type-post","status-publish","format-standard","hentry","category-book-report","category-books"],"_links":{"self":[{"href":"https:\/\/brianjnoggle.com\/blog\/wp-json\/wp\/v2\/posts\/3279","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/brianjnoggle.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/brianjnoggle.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/brianjnoggle.com\/blog\/wp-json\/wp\/v2\/users\/3334"}],"replies":[{"embeddable":true,"href":"https:\/\/brianjnoggle.com\/blog\/wp-json\/wp\/v2\/comments?post=3279"}],"version-history":[{"count":1,"href":"https:\/\/brianjnoggle.com\/blog\/wp-json\/wp\/v2\/posts\/3279\/revisions"}],"predecessor-version":[{"id":6118,"href":"https:\/\/brianjnoggle.com\/blog\/wp-json\/wp\/v2\/posts\/3279\/revisions\/6118"}],"wp:attachment":[{"href":"https:\/\/brianjnoggle.com\/blog\/wp-json\/wp\/v2\/media?parent=3279"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/brianjnoggle.com\/blog\/wp-json\/wp\/v2\/categories?post=3279"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/brianjnoggle.com\/blog\/wp-json\/wp\/v2\/tags?post=3279"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}