This is a book that bestows words of security wisdom in a
platform-neutral, programming-language neutral way.
Think like an
intruder, is indeed good advice, but I was looking for something
I would have liked to see what they could have covered the cpu NX instruction (No eXecute: meaning the following bits are to be treated as data, not instructions), how to mitigate or prevent buffer overflows, etc. In other words, some of the technical aspects.
What was covered was things like,
an improperly-trained user is the
worst security vulnerability, and
assume the attacker knows the
system. I think maxims like this make for a good top 10 list, but
aren't enough for a book.
Something that would have also added some color to the book would have been more examples of security failures. They don't have to be spectacular, but they could show how lack of forethought or unexpected circumstances overcome security measures. Learning from past mistakes can be a great teacher.