Impressions: The Art of Software Security Testing

I'll be honest -- on the same trip on which I took The Art of Software Security Assessment, I took The Art of Software Security Testing (TAOSST) by Chris Wysopal, Lucas Nelson, Dino Dai Zovi, and Elfriede Dustin. After working with TAOSSO, I'm afraid TAOSST didn't have much of a chance.

TAOSST is a much shorter book, with more screen captures and less content. My impressions of TAOSST is that it is a good introduction to "identifying software security flaws" (as indicated by the subtitle), but if you want to truly learn how to accomplish that task you should read TAOSSA.

Comments

Pete said…
I like to think of this as TAOSSA light or TAOSSA for managers.

This is a great book for getting someone the gist of software vulns assuming they don't ever have to practically work with them.

Popular posts from this blog

Zeek in Action Videos

MITRE ATT&CK Tactics Are Not Tactics

New Book! The Best of TaoSecurity Blog, Volume 4