Hunting Security Bugs

Hunting Security Bugs

5.0 1
by Tom Gallagher, Bryan Jeffries, Lawrence Landauer
     
 

Learn how to think like an attacker—and identify potential security issues in your software. In this essential guide, security testing experts offer practical, hands-on guidance and code samples to help you find, classify, and assess security bugs before your software is released.

Discover how to:

  • Identify high-risk entry points and create

…  See more details below

Overview

Learn how to think like an attacker—and identify potential security issues in your software. In this essential guide, security testing experts offer practical, hands-on guidance and code samples to help you find, classify, and assess security bugs before your software is released.

Discover how to:

  • Identify high-risk entry points and create test cases
  • Test clients and servers for malicious request/response bugs
  • Use black box and white box approaches to help reveal security vulnerabilities
  • Uncover spoofing issues, including identity and user interface spoofing
  • Detect bugs that can take advantage of your program’s logic, such as SQL injection
  • Test for XML, SOAP, and Web services vulnerabilities
  • Recognize information disclosure and weak permissions issues
  • Identify where attackers can directly manipulate memory
  • Test with alternate data representations to uncover canonicalization issues
  • Expose COM and ActiveX repurposing attacks

PLUS—Get code samples and debugging tools on the Web

Read More

Product Details

ISBN-13:
9780735621879
Publisher:
Microsoft Press
Publication date:
08/30/2006
Series:
PRO-Developer
Edition description:
REV
Pages:
590
Product dimensions:
7.38(w) x 9.00(h) x 1.25(d)

Meet the Author

Tom Gallagher is the lead of the Microsoft® Office Security Test team, where he focuses on penetration testing, writing security testing tools, and providing security education.

Bryan Jeffries is a software engineer responsible for driving security testing on Microsoft® SharePoint® Products and Technologies.

Lawrence Landauer is a software engineer at Microsoft® where he works on coding, testing, and training projects related to security, personal productivity, and deployment.

Customer Reviews

Average Review:

Write a Review

and post it to your social network

     

Most Helpful Customer Reviews

See all customer reviews >