The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations have been printed with initial capital letters or in all capitals.

The authors and publisher have taken care in the preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein.

The publisher offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales, which may include electronic versions and/or custom covers and content particular to your business, training goals, marketing focus, and branding interests. For more information, please contact:

   U.S. Corporate and Government Sales   (800) 382-3419

   corpsales@pearsontechgroup.com

For sales outside the United States please contact:

   International Sales   international@pearsoned.com

Visit us on the Web: www.awprofessional.com

Copyright © 2007 Pearson Education, Inc.

All rights reserved. Printed in the United States of America. This publication is protected by copyright, and permission must be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical, photocopying, recording, or likewise. For information regarding permissions, write to:

   Pearson Education, Inc.

   Rights and Contracts Department

   75 Arlington Street, Suite 300   Boston, MA 02116   Fax: (617) 848-7047

Text printed in the United States on recycled paper at Edwards Brothers in Ann Arbor, Michigan. First printing, November 2006

                                        Library of Congress Cataloging-in-Publication Data

Dowd, Mark.

 The art of software security assessment : identifying and preventing software vulnerabilities / Mark Dowd,John McDonald, and Justin Schuh.

    p. cm. ISBN 0-321-44442-6 (pbk. : alk. paper) 1. Computer security. 2. Computer softwareDevelopment.

3. Computer networksSecurity measures. I. McDonald, John, 1977- II. Schuh, Justin. III. Title. QA76.9.A25D75 2006

 005.8dc22                                                                      2006023446

Категории