Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: My review of 19 Sins

from [Andrew van der Stock] Network Security [Permanent Link]
Subject: Re: My review of 19 Sins
Date: Fri, 29 Jul 2005 20:09:42 -0700
I got my copy from the book stall table near registration. They smell so fresh. They still have paper dust bunnies in many pages. ;)

The table of contents are Top 19-like, not Writing Secure Code-like. That's my disappointment as well and
influenced the thinking behind my review.

However, if you treat it as a Top 19 book, it's actually very good. Ditto if youIf you have a project which seems intractably bad from a security point of view, you can give copies of this book to the business folks and they'll understand what they need to fix. It's very good for that. It might even bring them into the 21st century.

However, if you're writing new code, or highly protected apps or high end e-commerce apps, you'll still need Writing Secure Code and the Guide 2.0.

After reading the book for a day and a bit now, I don't think new or highly protected apps were its target, nor is new code the target as the text strongly concentrates on sin patterns rather than "goodness" design patterns. The book will help them.

thanks,
Andrew

On 29/07/2005, at 12:02 PM, dinis_webappsec wrote:

Hey, where are you got your copy of the book? :)

I have mine on order from Amazon and It hasn't arrived :(

I have to say that I had a look at the table of contents and was not very impressed, but I will wait until the book is out (and I have it in my hands) to have a quick read before I review it.

Dinis Cruz
.Net Security Consultant
Owasp .Net Project Leader

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: My review of 19 Sins, dinis_webappsec
Next by Date:  My blogs of Black Hat and DefCon, Andrew van der Stock
Previous by Thread:  Re: My review of 19 Sins, dinis_webappsec
Next by Thread:  RE: My review of 19 Sins, Michael Howard
Indexes:  [Date] [Thread] [Top] [All Lists]