Learn how to think like an attacker-and identify potential security issues in your software. In this essential guide, security testing experts offer practical, hands-on guidance and code samples to help you find, classify, and assess security bugs before your software is released.
Discover how to:
Identify high-risk entry points and create test cases
Test clients and servers for malicious request/response bugs
Use black box and white box approaches to help reveal security vulnerabilities
Uncover spoofing issues, including identity and user interface spoofing
Detect bugs that can take advantage of your program's logic, such as SQL injection
Test for XML, SOAP, and Web services vulnerabilities
Recognize information disclosure and weak permissions issues
Identify where attackers can directly manipulate memory
Test with alternate data representations to uncover canonicalization issues
Expose COM and ActiveX repurposing attacks
PLUS-Get code samples and debugging tools on the Web
Sprache
Verlagsort
Maße
Höhe: 229 mm
Breite: 187 mm
Gewicht
ISBN-13
978-0-7356-2187-9 (9780735621879)
Copyright in bibliographic data is held by Nielsen Book Services Limited or its licensors: all rights reserved.
Schweitzer Klassifikation
Bryan Jeffries is a software engineer responsible for driving security testing on Microsoft SharePoint Products and Technologies.
General approach to security testing Using threat models for security testing Finding entry points Becoming a malicious client Becoming a malicious server Spoofing Information disclosure Buffer overflows Format string attacks HTML scripting attacks XML issues Canonicalization issues Finding weak permissions Denial of service attacks Managed code issues Observation & reverse engineering ActiveX repurposing attacks Reporting security bugs
