review by
Steve Bitto, June 2004

This is a book that bestows words of security wisdom in a platform-neutral, programming-language neutral way. Think like an intruder, is indeed good advice, but I was looking for something meatier.

I would have liked to see what they could have covered the cpu NX instruction (No eXecute: meaning the following bits are to be treated as data, not instructions), how to mitigate or prevent buffer overflows, etc. In other words, some of the technical aspects.

What was covered was things like, an improperly-trained user is the worst security vulnerability, and assume the attacker knows the system. I think maxims like this make for a good top 10 list, but aren't enough for a book.

Something that would have also added some color to the book would have been more examples of security failures. They don't have to be spectacular, but they could show how lack of forethought or unexpected circumstances overcome security measures. Learning from past mistakes can be a great teacher.