Developer's Reading List, January 24, 2012 The latest books off the press cover code readability, Java performance, hunting for and prying open security defects, game testing, architecture, and even OpenVMS.
No Starch Press
This book, presented in true diary form, aims to show how the author found security exploits in software and hardware. The principal approach he uses is manual static analysis of the code. He reads the source code, as he states, at the point "where user-influenced input data enters the software through an interface to the outside world." He then shows seven defects he found in various operating systems, software, and some hardware (a Tivo player and an iPhone). The explanations are lucid and accompanied by diagrams that give the necessary background to understand exactly why the defect is exploitable and how to do so.
The examples are in C and require you to follow the author carefully through hex address-level discussions to grok the problem. If this is your cup of tea, this will be an entertaining, even fascinating, spelunking through the wilds of low-level, slightly flawed code. Recommended. — Andrew Binstock