|
List Info
Thread: good book on secure programming?
|
|
| good book on secure programming? |
|
2008-02-26 06:12:41 |
26Feb2008 (UTC +8)
Hello thought leaders,
I need to update myself. Anybody here that can recommend a
good book
on auditing or testing complex software applications?
Doesn't have to
be C/C++ centric, but it'll help.
Is this a good one? Nowadays I just have to ask because
O'Reilly books
haven't been consistent on quality.
ht
tp://www.oreilly.com/catalog/securecdng/toc.html
http://www.oreilly.com/catalog/secureprgckbk/toc.html
Drexx Laggui -- CISA, CISSP, CFE Associate, ISO27001 LA,
CCSI, CSA
http://www.laggui.com (
Singapore / Manila / California )
Computer forensics; Penetration testing; QMS & ISMS
developers; K-Transfer
PGP fingerprint = 6E62 A089 E3EA 1B93 BFB4 8363 FFEC 3976
FF31 8A4E
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
plug lists.linux.org.ph (#PLUG irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.
ph
|
|
| Re: good book on secure programming? |
|
2008-02-26 12:24:53 |
|
read the handbook, it recommends a couple of books (for GSSP cert) at the end:
http://www.sans.org/gssp/C_Handbook.pdf?portal=81ded623d3475d35339f9d2e3d2bc4bc
On Tue, Feb 26, 2008 at 4:12 AM, Drexx Laggui [personal] < drexxlgmail.com">drexxlgmail.com> wrote:
26Feb2008 (UTC +8)
Hello thought leaders,
I need to update myself. Anybody here that can recommend a good book
on auditing or testing complex software applications? Doesn't have to
be C/C++ centric, but it'll help.
Is this a good one? Nowadays I just have to ask because O'Reilly books
haven't been consistent on quality.
http://www.oreilly.com/catalog/securecdng/toc.html
http://www.oreilly.com/catalog/secureprgckbk/toc.html
|
| Re: good book on secure programming? |
|
2008-02-26 18:09:30 |
#1 on my list 'The Art of Software Security Assessment', a
sample
chapter [1]. The Addison-Wesley Software Security Series by
Greg
Hoglund follows.
[1] <http://www.awprofessional
.com/content/images/0321444426/samplechapter/Dowd_ch06.pdf&g
t;
Ed <Yey! for books> <http://blog.eonsec.com/&g
t;
On Tue, Feb 26, 2008 at 8:12 PM, Drexx Laggui [personal]
<drexxlgmail.com> wrote:
> 26Feb2008 (UTC +8)
>
>
> Hello thought leaders,
>
>
> I need to update myself. Anybody here that can
recommend a good book
> on auditing or testing complex software applications?
Doesn't have to
> be C/C++ centric, but it'll help.
>
> Is this a good one? Nowadays I just have to ask
because O'Reilly books
> haven't been consistent on quality.
> ht
tp://www.oreilly.com/catalog/securecdng/toc.html
> http://www.oreilly.com/catalog/secureprgckbk/toc.html
>
>
>
> Drexx Laggui -- CISA, CISSP, CFE Associate, ISO27001
LA, CCSI, CSA
> http://www.laggui.com (
Singapore / Manila / California )
> Computer forensics; Penetration testing; QMS &
ISMS developers; K-Transfer
> PGP fingerprint = 6E62 A089 E3EA 1B93 BFB4 8363 FFEC
3976 FF31 8A4E
> _________________________________________________
> Philippine Linux Users' Group (PLUG) Mailing List
> pluglists.linux.org.ph (#PLUG irc.free.net.ph)
> Read the Guidelines: http://linux.org.ph/lists
> Searchable Archives: http://archives.free.net.
ph
>
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
pluglists.linux.org.ph (#PLUG irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.
ph
|
|
| Re: good book on secure programming? |
|
2008-02-26 18:30:06 |
i think i missed your question. are you referring to code
audit?
and with regards to testing, are you referring to Unit, Fit
or
Software testing?
you might want to read the whitepapers from Coverity[1] and
the book series, How to Break Software (Security) [2].
[1]
http://www.coverity.com/html/library.php#whitepapers
[2]http://www.amazon.com/Break-Software-Security-James-Whitt
aker/dp/0321194330/ref=pd_bxgy_b_img_b/104-1098660-0618346
On Tue, Feb 26, 2008 at 10:24 AM, Ariz Jacinto
<acjacintogmail.com> wrote:
> read the handbook, it recommends a couple of books (for
GSSP cert) at the end:
>
> http://www.sans.org/gssp/C_Handbo
ok.pdf?portal=81ded623d3475d35339f9d2e3d2bc4bc
>
>
>
>
>
>
>
> On Tue, Feb 26, 2008 at 4:12 AM, Drexx Laggui
[personal] <drexxlgmail.com> wrote:
>
> > 26Feb2008 (UTC +8)
> >
> >
> > Hello thought leaders,
> >
> >
> > I need to update myself. Anybody here that can
recommend a good book
> > on auditing or testing complex software
applications? Doesn't have to
> > be C/C++ centric, but it'll help.
> >
> > Is this a good one? Nowadays I just have to ask
because O'Reilly books
> > haven't been consistent on quality.
> > ht
tp://www.oreilly.com/catalog/securecdng/toc.html
> > http://www.oreilly.com/catalog/secureprgckbk/toc.html
> >
>
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
pluglists.linux.org.ph (#PLUG irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.
ph
|
|
| good book on secure programming? |
|
2008-02-29 03:06:54 |
29Feb2008 (UTC +8)
Thanks to all that replied! Namely, but without any
particular order:
Ariz Jacinto <acjacintogmail.com>
Miguel Paraz <mparazgmail.com>
Eduardo Tongson <propolicegmail.com>
I couldn't make up my mind, so I went Amazon.com shopping
(lots of
great book excerpts there!), and these are some of what I
got:
http://ww
w.amazon.com/gp/product/0321444426
http://ww
w.amazon.com/gp/product/0321349989
http://ww
w.amazon.com/gp/product/0596002424
http://ww
w.amazon.com/gp/product/0764544683
http://ww
w.amazon.com/gp/product/1597491950
http://ww
w.amazon.com/gp/product/0131568191
http://ww
w.amazon.com/gp/product/0321335724
http://ww
w.amazon.com/gp/product/0321304861
And while waiting for those to arrive in a month or so, I'm
temporarily going though ISO/IEC 18045:2005 (free for
download from):
http://standards.iso.org/ittf/PubliclyAvailab
leStandards/index.html
On 2/26/08, Drexx Laggui [personal] wrote:
...
> I need to update myself. Anybody here that can
recommend a good book
> on auditing or testing complex software applications?
Doesn't have to
> be C/C++ centric, but it'll help.
>
> Is this a good one? Nowadays I just have to ask
because O'Reilly books
> haven't been consistent on quality.
> ht
tp://www.oreilly.com/catalog/securecdng/toc.html
> http://www.oreilly.com/catalog/secureprgckbk/toc.html
Drexx Laggui -- CISA, CISSP, CFE Associate, ISO27001 LA,
CCSI, CSA
http://www.laggui.com (
Singapore / Manila / California )
Computer forensics; Penetration testing; QMS & ISMS
developers; K-Transfer
PGP fingerprint = 6E62 A089 E3EA 1B93 BFB4 8363 FFEC 3976
FF31 8A4E
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
pluglists.linux.org.ph (#PLUG irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.
ph
|
|
| Re: good book on secure programming? |
|
2008-02-29 08:09:32 |
Wow! Geek porn! . Instead of that Fuzzing book you should
have
considered Sutton's Fuzzing.
Ed <I covet thy shelf> <http://blog.eonsec.com/&g
t;
On Fri, Feb 29, 2008 at 5:06 PM, Drexx Laggui [personal]
<drexxlgmail.com> wrote:
> 29Feb2008 (UTC +8)
>
> Thanks to all that replied! Namely, but without any
particular order:
>
> Ariz Jacinto <acjacintogmail.com>
> Miguel Paraz <mparazgmail.com>
> Eduardo Tongson <propolicegmail.com>
>
> I couldn't make up my mind, so I went Amazon.com
shopping (lots of
> great book excerpts there!), and these are some of
what I got:
> http://ww
w.amazon.com/gp/product/0321444426
> http://ww
w.amazon.com/gp/product/0321349989
> http://ww
w.amazon.com/gp/product/0596002424
> http://ww
w.amazon.com/gp/product/0764544683
> http://ww
w.amazon.com/gp/product/1597491950
> http://ww
w.amazon.com/gp/product/0131568191
> http://ww
w.amazon.com/gp/product/0321335724
> http://ww
w.amazon.com/gp/product/0321304861
>
> And while waiting for those to arrive in a month or
so, I'm
> temporarily going though ISO/IEC 18045:2005 (free for
download from):
> http://standards.iso.org/ittf/PubliclyAvailab
leStandards/index.html
>
>
> On 2/26/08, Drexx Laggui [personal] wrote:
> ...
>
>
> > I need to update myself. Anybody here that can
recommend a good book
> > on auditing or testing complex software
applications? Doesn't have to
> > be C/C++ centric, but it'll help.
> >
> > Is this a good one? Nowadays I just have to ask
because O'Reilly books
> > haven't been consistent on quality.
> > ht
tp://www.oreilly.com/catalog/securecdng/toc.html
> > http://www.oreilly.com/catalog/secureprgckbk/toc.html
>
>
> Drexx Laggui -- CISA, CISSP, CFE Associate, ISO27001
LA, CCSI, CSA
> http://www.laggui.com (
Singapore / Manila / California )
> Computer forensics; Penetration testing; QMS &
ISMS developers; K-Transfer
> PGP fingerprint = 6E62 A089 E3EA 1B93 BFB4 8363 FFEC
3976 FF31 8A4E
> _________________________________________________
> Philippine Linux Users' Group (PLUG) Mailing List
> pluglists.linux.org.ph (#PLUG irc.free.net.ph)
> Read the Guidelines: http://linux.org.ph/lists
> Searchable Archives: http://archives.free.net.
ph
>
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
pluglists.linux.org.ph (#PLUG irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.
ph
|
|
| Re: good book on secure programming? |
|
2008-02-29 08:28:06 |
29Feb2008 (UTC +8)
On 2/29/08, Eduardo Tongson <propolicegmail.com> wrote:
> Wow! Geek porn! . Instead of that Fuzzing book you
should have
> considered Sutton's Fuzzing.
>
> Ed <I covet thy shelf> <http://blog.eonsec.com/&g
t;
You're funny  You should
come and visit us sometime. In fact, we'll
have an exhibitor's booth in ISACA Manila's conference this
coming
March 10 & 11 (Monday & Tuesday; see also
http://ww
w.isacamanila.org/events.php?id=48). My crew will be
there,
and there will be several hours in which we will be really
bored.
In a small way, we contributed to the Metasploit project,
and HD Moore
sent me an e-mail if we were interested in having 'sploit
development
outsourced here in PH. But currently we're not ready because
we're
kinda distracted with client contracts right now. Interested
anyway?
HD Moore has a budget, but not very much --and that's why I
went for
lotsa books.
Drexx Laggui -- CISA, CISSP, CFE Associate, ISO27001 LA,
CCSI, CSA
http://www.laggui.com (
Singapore / Manila / California )
Computer forensics; Penetration testing; QMS & ISMS
developers; K-Transfer
PGP fingerprint = 6E62 A089 E3EA 1B93 BFB4 8363 FFEC 3976
FF31 8A4E
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
pluglists.linux.org.ph (#PLUG irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.
ph
|
|
| Re: good book on secure programming? |
|
2008-02-29 09:42:20 |
Really HD wanna setup a gig here? Some kind of pack for
Metasploit?
I'll need to revisit Metasploitin. My current job has little
to do
with sploitin but more on management, playing with web
applications
and networks.
Ed <Metasploitin fun begins> <http://blog.eonsec.com/&g
t;
On Fri, Feb 29, 2008 at 10:28 PM, Drexx Laggui [personal]
<drexxlgmail.com> wrote:
> 29Feb2008 (UTC +8)
>
>
> On 2/29/08, Eduardo Tongson <propolicegmail.com> wrote:
> > Wow! Geek porn! . Instead of that Fuzzing book
you should have
> > considered Sutton's Fuzzing.
> >
> > Ed <I covet thy shelf> <http://blog.eonsec.com/&g
t;
>
> You're funny You should
come and visit us sometime. In fact, we'll
> have an exhibitor's booth in ISACA Manila's conference
this coming
> March 10 & 11 (Monday & Tuesday; see also
> http://ww
w.isacamanila.org/events.php?id=48). My crew will be
there,
> and there will be several hours in which we will be
really bored.
>
> In a small way, we contributed to the Metasploit
project, and HD Moore
> sent me an e-mail if we were interested in having
'sploit development
> outsourced here in PH. But currently we're not ready
because we're
> kinda distracted with client contracts right now.
Interested anyway?
> HD Moore has a budget, but not very much --and that's
why I went for
> lotsa books.
>
>
>
>
>
> Drexx Laggui -- CISA, CISSP, CFE Associate, ISO27001
LA, CCSI, CSA
> http://www.laggui.com (
Singapore / Manila / California )
> Computer forensics; Penetration testing; QMS &
ISMS developers; K-Transfer
> PGP fingerprint = 6E62 A089 E3EA 1B93 BFB4 8363 FFEC
3976 FF31 8A4E
> _________________________________________________
> Philippine Linux Users' Group (PLUG) Mailing List
> pluglists.linux.org.ph (#PLUG irc.free.net.ph)
> Read the Guidelines: http://linux.org.ph/lists
> Searchable Archives: http://archives.free.net.
ph
>
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
pluglists.linux.org.ph (#PLUG irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.
ph
|
|
| Re: good book on secure programming? |
|
2008-02-29 18:46:40 |
|
you're not a compulsive shopper, are you?
try going to a HFB (half-prized bookstore) near you.
at HFB, you can resell the books after you're done
(speed)reading or after realizing that the content
doesn't have a long shelf life after all
or next time, try settling for the e-book version which
is way more cheaper, readily available, portable and
eco-friendly(?). i also like bringing books with me but
i hate traveling with them. that's why those portable
e-book readers are timely
|
| Re: good book on secure programming? |
|
2008-03-23 20:47:08 |
>
> or next time, try settling for the e-book version
which
> is way more cheaper, readily available, portable and
> eco-friendly(?). i also like bringing books with me
but
> i hate traveling with them. that's why those portable
> e-book readers are timely
So long its not DRMed e-book that requires a lot of trick
to be portable.
--
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
sometimes truth is stranger than fiction
-bad religion-
http://www.blog
lines.com/blog/mailist
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
I don't think the computers will take over the world. I have
a bucket of water.
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
pluglists.linux.org.ph (#PLUG irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.
ph
|
|
[1-10]
|
|