The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities (Volume 1 of 2) 1st Edition

This book is by far the most detailed and example heavy book on the topic I've read. The main book is about 1123 pages, but once go get into the meat of the book, there's examples and diagrams on almost every other page, sometimes even every page. The great thing about this is if you're impatient, you could skip examples. However, I wouldn't recommend this because every example goes into some new level of depth, and they often come from real software. The only thing you need to be aware of is you should have moderate understanding of C programming, and basic knowledge of ASM. If you don't, they do a good job to explain it, but it might be difficult to follow.

Very interesting text that works through the steps in software vulnerability analysis. Not good for a beginner as it assumes proficiency with programming, but that's to be expected for the subject matter. Having developed code for in-house use, I haven't been too concerned with secure coding in the past. This was very interesting reading, IMO. By the way, I ordered it from Amazon directly first. The recent version is broken up into two volumes of about 600 pages each. I received only volume 2 first round and was told my best option was to return it and buy from another seller as they couldn't ship me just the first volume. Good luck.

The book is without a doubt crucial for anyone doing software security audits. The binding was horrible and started falling apart on the bottom 2 inches of both books. I used glue to fix it. But seriously fix your binding. There's no good reason for bad binding like this coming from a major publisher like AW.

The book itself is great. However, when I ordered this book on amazon, I only received 1 of 2 volumes. In addition, the cover suggested it was the first volume but the book was actually volume 2. Appears that the publisher messed up when they printed the book leading to overall chaos and confusion.

I bought the Kindle version of this so that I could read on-the-go, and I have to say that in some places the formatting makes it hard to follow in the examples. The hard copy is much better, although significantly less portable. I'd recommend the hard copy, given the choice between the two.

I also only received the 1st volume. I am super disappointed because the book is great but it seems the publisher really messed up on a recent publication.

This book is still one of the best books on the subject, and you won't regret buying it if you work with information security or cares about secure development.

The book this big and the texts are clear. There are good reviews about this book and was recommended in the Blackhat course.

Great

Je ne vais pas commenter le contenu du livre qui est au demeurant une référence dans le contenu pour le public cible, mais cette édition. Le livre a été découpé en 2 volumes par Addison-Wesley, mais il semblerait que certains livres estampillés "Volume 1 of 2" soit en fait... complet.Pour preuve, j'en ai fait la commande, j'ai reçu le "Volume 2 of 2" qui commence à la page 559 (chapitre 10), puis après un retour et une nouvelle commande, j'ai cette fois reçu le "Volume 1 of 2", qui commence bien par le début et qui contient l'intégralité du contenu (donc environ 1200 pages). Les 2 volumes ont le même ISBN.Le problème a bien été remonté à Amazon. Donc attention !

Great content consolidated together in two volumes.Examples are based on conventional technologies which are easy to relate with. I liked the Threat Modelling section particularly.

Not so objective, too open, wide, slow, big, confuse, repetitive etc, do you know what am I saying? Oh Yes?

As I work in the software security industry I took it upon myself to get this book and go through it thoroughly, what an experience. This book will both scare you and reassure you. Scare you with just how insecure software can be and the ramifications of such software. Reassure you that it is indeed possible to build robust and secure software, or more secure software :)If you are in any way linked to the software security industry, i.e. work in it or just have an interest, then I can't recommend this book highly enough, I could go into details of each chapter, but you're better getting it and reading it for yourself. Be warned though, it is a mighty tome and requires time and effort, but you will be richly rewarded and much better off for the experience.