Working Effectively with Legacy Code

Michael C. Feathers

The average book on Agile software development describes a fairyland of greenfield projects, with wall-to-wall tests that run after every few edits, and clean & simple source code.


The average software project, in our industry, was written under some aspect of code-and-fix, and without automated unit tests. And we can't just throw this code away; it represents a significant effort debugging and maintaining. It contains many latent requirements decisions. Just as Agile processes are incremental, Agile adoption must be incremental too. No more throwing away code just because it looked at us funny.


Mike begins his book with a very diplomatic definition of "Legacy". I'l skip ahead to the undiplomatic version: Legacy code is code without unit tests.


Before cleaning that code up, and before adding new features and removing bugs, such code must be de-legacified. It needs unit tests.


To add unit tests, you must change the code. To change the code, you need unit tests to show how safe your change was.


The core of the book is a cookbook of recipes to conduct various careful attacks. Each presents a particular problem, and a relatively safe way to migrate the code towards tests.


Code undergoing this migration will begin to experience the benefits of unit tests, and these benefits will incrementally make new tests easier to write. These efforts will make aspects of a legacy codebase easy to change.


It's an unfortunate commentary on the state of our programming industry how much we need this book.

More on Amazon.com

Reversing

Eldad Eilam, Elliot J. Chikofsky

Beginning with a basic primer on reverse engineering-including computer internals, operating systems, and assembly language-and then discussing the various applications of reverse engineering, this book provides readers with practical, in-depth techniques for software reverse engineering. The book is broken into two parts, the first deals with security-related reverse engineering and the second explores the more practical aspects of reverse engineering. In addition, the author explains how to reverse engineer a third-party software library to improve interfacing and how to reverse engineer a competitor's software to build a better product. * The first popular book to show how software reverse engineering can help defend against security threats, speed up development, and unlock the secrets of competitive products * Helps developers plug security holes by demonstrating how hackers exploit reverse engineering techniques to crack copy-protection schemes and identify software targets for viruses and other malware * Offers a primer on advanced reverse-engineering, delving into "disassembly"-code-level reverse engineering-and explaining how to decipher assembly language

More on Amazon.com

Advanced .NET Debugging

Mario Hewardt

The only complete, pragmatic guide to the advanced CLR debugging techniques developers need to find and fix the toughest .NET software bugs. • •By Mario Hewardt, co-author of the best-selling, widely-praised Advanced Windows Debugging.. •Shows how to use .NET's powerful native CLR debugging tools to track down challenging bugs far more quickly. •Includes the best coverage of .NET memory debugging available anywhere. •Illuminates the debugging implications of the latest .NET 4.0 runtime changes. Advanced .NET Debugging is the definitive guide to tracking down the most complex and challenging bugs in today's .NET application code. Authored by Mario Hewardt, co-author of the widely-praised Advanced Windows Debugging this is the only book to focus entirely on .NET's immensely powerful native debuggers: the Debugging Tools for Windows, including WinDBG and SoS. Using this book, experienced .NET programmers will be able to analyze problematic code and identify the root causes of problems far more quickly than they ever could with visual tools. Hewardt begins by introducing the essential concepts developers must master in order to debug code with the native debuggers, including the tools available, the core fundamentals of the .NET CLR runtime, and essential debugging tasks. Next, he turns to sophisticated debugging techniques, teaching through real-world examples that demonstrate a broad spectrum of common C# programming errors. Hewardt thoroughly covers postmortem debugging without access to the physical machine; PowerDBG and other .NET debugging 'power tools'; and, finally, the debugging implications of the brandnew .NET CLR 4.0.

More on Amazon.com

Code Reading

Diomidis Spinellis

* *600 real-world examples that teach you how to identify good (and bad!) code *Identifies what exactly to look for when reading code, and how to improve code based on what you read *The latest in the excellent tradition of Addison-Wesley "programmer self help" books!

More on Amazon.com

The Code Book

Simon Singh

Includes a history of how codes have affected the world, from the World Wars to the death of Mary, Queen of Scots, and also looks at what the future holds for the field of cryptography.

More on Amazon.com

Programming for the Java Virtual Machine

Joshua Engel

A Java expert shows programmers how to write programs for the Java Virtual Machine, creating more efficient, faster running and more secure Java applications. Readers will learn how to write JVM programs directly without use of a compiler.

More on Amazon.com

Exploiting Software

Greg Hoglund, Gary MacGraw

A guide to secure software covers such topics as rootkits, buffer overflows, reverse engineering tools, and locating bugs.

More on Amazon.com

Undocumented Windows

Andrew Schulman, David Maxey, Matt Pietrek

More on Amazon.com

Object-oriented Reengineering Patterns

Serge Demeyer, Stéphane Ducasse, Oscar Marius Nierstrasz

A guide on how to reverse engineer legacy systems to understand their problems, and then reengineer those systems to meet new demands. It uses patterns to clarify and explain the process of understanding large code bases, hence transforming them to meet new requirements.

More on Amazon.com

Applied cryptography

Bruce Schneier

". . .the best introduction to cryptography I've ever seen. . . . The book the National Security Agency wanted never to be published. . . ." -Wired Magazine ". . .monumental . . . fascinating . . . comprehensive . . . the definitive work on cryptography for computer programmers . . ." -Dr. Dobb's Journal ". . .easily ranks as one of the most authoritative in its field." -PC Magazine ". . .the bible of code hackers." -The Millennium Whole Earth Catalog This new edition of the cryptography classic provides you with a comprehensive survey of modern cryptography. The book details how programmers and electronic communications professionals can use cryptography-the technique of enciphering and deciphering messages-to maintain the privacy of computer data. It describes dozens of cryptography algorithms, gives practical advice on how to implement them into cryptographic software, and shows how they can be used to solve security problems. Covering the latest developments in practical cryptographic techniques, this new edition shows programmers who design computer applications, networks, and storage systems how they can build security into their software and systems. What's new in the Second Edition? * New information on the Clipper Chip, including ways to defeat the key escrow mechanism * New encryption algorithms, including algorithms from the former Soviet Union and South Africa, and the RC4 stream cipher * The latest protocols for digital signatures, authentication, secure elections, digital cash, and more * More detailed information on key management and cryptographic implementations

More on Amazon.com

Security in Computing

Charles P. Pfleeger, Shari Lawrence Pfleeger

A thorough update of the classic computer security text.

More on Amazon.com

Reverse Engineering Code with IDA Pro

Justin Ferguson, Dan Kaminsky

Teaches security professionals to identify, reverse engineer, and prevent malicious internet attacks. In 2006, the number of computer attacks also increased as traditional hacking for fun has been replaced by criminal attacks to steal confidential data and money.

More on Amazon.com

The Mac Hacker's Handbook

Charles Miller, Dino Dai Zovi

As more and more vulnerabilities are found in the Mac OS X (Leopard) operating system, security researchers are realizing the importance of developing proof-of-concept exploits for those vulnerabilities. This unique tome is the first book to uncover the flaws in the Mac OS X operating system—and how to deal with them. Written by two white hat hackers, this book is aimed at making vital information known so that you can find ways to secure your Mac OS X systems, and examines the sorts of attacks that are prevented by Leopard’s security defenses, what attacks aren’t, and how to best handle those weaknesses.

More on Amazon.com