Sunday, September 25, 2011

Impressions: The Art of Software Security Testing

I'll be honest -- on the same trip on which I took The Art of Software Security Assessment, I took The Art of Software Security Testing (TAOSST) by Chris Wysopal, Lucas Nelson, Dino Dai Zovi, and Elfriede Dustin. After working with TAOSSO, I'm afraid TAOSST didn't have much of a chance.

TAOSST is a much shorter book, with more screen captures and less content. My impressions of TAOSST is that it is a good introduction to "identifying software security flaws" (as indicated by the subtitle), but if you want to truly learn how to accomplish that task you should read TAOSSA.

1 comment:

Pete said...

I like to think of this as TAOSSA light or TAOSSA for managers.

This is a great book for getting someone the gist of software vulns assuming they don't ever have to practically work with them.