How to Break Software Security: Effective Techniques for Security Testing / Edition 1

Paperback (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $45.90
Usually ships in 1-2 business days
(Save 1%)
Other sellers (Paperback)
  • All (10) from $45.90   
  • New (2) from $116.13   
  • Used (8) from $45.90   
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any coupons and promotions
Seller since 2008

Feedback rating:



New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.


Ships from: Chicago, IL

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
Seller since 2015

Feedback rating:


Condition: New
Brand new.

Ships from: acton, MA

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
Page 1 of 1
Showing All
Sort by


Intended for software testers, this guide presents testing techniques that expose security holes caused by software dependencies, data-dependent weaknesses in software, application design flaws, and implementation-related vulnerabilities. The last chapter applies the techniques to Windows media player 9.0, Mozilla web browser 1.2.1, and 1.0.2 (Linux). The CD-ROM contains two testing tools written at the Florida Institute of Technology. Annotation ©2004 Book News, Inc., Portland, OR
Read More Show Less

Product Details

  • ISBN-13: 9780321194336
  • Publisher: Addison Wesley
  • Publication date: 4/4/2003
  • Edition description: New Edition
  • Edition number: 1
  • Pages: 185
  • Product dimensions: 6.96 (w) x 9.06 (h) x 0.48 (d)

Table of Contents

(Chapters 1-6 conclude with a “Conclusion,” “Exercises,” and “References.” Chapter 7 concludes with a “Conclusion” and “References” and the Appendices conclude with only “References.”)



Chapter Summaries.


1. A Fault Model for Software Security Testing.

Why Security Testing is Different.

A Fault Model for Security Vulnerabilities.

Security Concerns and the How to Break Software Fault Model.

Creating an Attack Plan.

A Note on Format.


2. Attacking Software Dependencies.

First Attack: Block access to libraries.

Second Attack: Manipulate the application's registry values.

Third Attack: Force the application to use corrupt files.

Fourth Attack: Manipulate and replace files that the application creates, reads from, writes to or executes.

Fifth Attack: Force the application to operate in low memory, disk space and network availability conditions.

Summary: A Checklist for Battle.

3. Breaking Security through the User Interface.

First Attack: Overflow input buffers.

Second Attack: Examine all common switches and options.

Third Attack: Explore escape characters, character sets and commands.

Summary: A Checklist for Battle.


4. Attacking Design.

First Attack: Try common default and test account names and passwords.

Second Attack: Use Holodeck to expose unprotected test APIs.

Third Attack: Connect to all ports.

Fourth Attack: Fake the source of data.

Fifth Attack: Create loop conditions in any application that interprets script, code or other user supplied logic.

Sixth Attack: Use alternate routes to accomplish the same task.

Seventh Attack: Force the system to reset values.

Summary: A Checklist for Battle.

5. Attacking Implementation.

First Attack: Get between time of check and time of use.

Second Attack: Create files with the same name as files protected with a higher classification.

Third Attack: Force all error messages.

Fourth Attack: Use Holodeck to look for temporary files and screen their contents for sensitive information.

Summary: A Checklist for Battle.


6. Putting it All Together.

Pre-Attack Preparations.

Opponent#1: Microsoft Windows Media Player 9.0 (Windows).

Opponent#2: Mozilla 1.2.1 (Windows).

Opponent#3: 1.0.2 (Linux).


7. Some Parting Advice.

How Secure is Secure?

Mining Gold from Bug Databases.

Final Words of Wisdom.


Glossary of Coding, Testing, and Software Security Terms.

Appendix A. Using the Tools on the Accompanying CD.

Surveying the Tools.


Port Scanner.

Appendix B. Software's Invisible Users.

Where Errors Slip In.

The Human User.

The Operating System User.

The API User.

The File System User.


Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Anonymous

    Posted October 24, 2008

    No text was provided for this review.

Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)