Table of Contents

Author Bios

Gary McGraw, Cigital's CTO, is a leading authority on software security. Dr. McGraw is coauthor of the groundbreaking books Building Secure Software and Exploiting Software (both from Addison-Wesley). While consulting for major software producers and consumers, he has published over ninety peer-reviewed technical publications, and functions as principal investigator on grants from DARPA, the National Science Foundation, and NIST's Advanced Technology Program. He serves on the advisory boards of Authentica, Counterpane, and Fortify Software. He is also an advisor to the computer science departments at University of California, Davis, and the University of Virginia, as well as the School of Informatics at Indiana University.

John Viega is the CTO of Secure Software Solutions (www.securesw.com) and a noted expert in the area of software security. He is responsible for numerous tools in this area, including code scanners (ITS4 and RATS), random number suites (EGADS), automated repair tools, and secure programming libraries. He is also the original author of Mailman, the GNU mailing list manager.

Greg Hoglund has been a pioneer in the area of software security. He is CEO of HBGary, Inc., a leading provider of software security verification services. After writing one of the first network vulnerability scanners (installed in over half of all Fortune 500 companies), he created and documented the first Windows NT-based rootkit, founding rootkit.com in the process. Greg is a frequent speaker at Black Hat, RSA, and other security conferences.

Backcover Copy

What is it about software that makes security such a problem? If you want to build secure software, how do you do it? These questions and the perseverance of three of the world's leading security experts, Gary McGraw, John Viega, and Greg Hoglund, led to the three books contained in this package.

Building Secure Software: How to Avoid Security Problems the Right Way, the white hat book, seems to have touched off a revolution. Security people who once relied solely on firewalls, intrusion detection, and anti-virus mechanisms came to understand and embrace the necessity of better software. This book provides a coherent and sensible philosophical foundation for the blossoming field of software security.

Exploiting Software: How to Break Code, the black hat book, provides a much needed balance, teaching how to break software and how malicious hackers write exploits. This book is meant as a reality check for software security, ensuring that the good guys address real attacks and invent and peddle solutions that actually work. Exploiting Software and Building Secure Software are in some senses mirror images.

Software Security: Building Security In unifies the two sides of software security--attack and defense, exploiting and designing, breaking and building--into a coherent whole. Like the yin and the yang, software security requires a careful balance.

This package contains:
•   Viega & McGraw, Building Secure Software (Paperback): How to Avoid Security Problems the Right Way (2006)
•   McGraw, Viega & Hoglund, Empty Box for Secure Software Boxed Set (2006)
•   Hoglund & McGraw, Exploiting Software: How to Break Code (2004)
•   McGraw, Software Security: Building Security In (2006)

Pearson Higher Education offers special pricing when you choose to package your text with other student resources. If you're interested in creating a cost-saving package for your students contact your Pearson Higher Education representative.