The Art of Software Security Testing: Identifying Software Security Flaws by Chris Wysopal

The Art of Software Security Testing: Identifying Software Security Flaws

byChris Wysopal, Lucas Nelson, Elfriede Dustin...

Kobo ebook | November 17, 2006

Pricing and Purchase Info

$58.69 online 
$73.26 list price save 19%

Available for download

Not available in stores

about

State-of-the-Art Software Security Testing: Expert, Up to Date, and Comprehensive

 

The Art of Software Security Testing delivers in-depth, up-to-date, battle-tested techniques for anticipating and identifying software security problems before the “bad guys” do.

 

Drawing on decades of experience in application and penetration testing, this book’s authors can help you transform your approach from mere “verification” to proactive “attack.” The authors begin by systematically reviewing the design and coding vulnerabilities that can arise in software, and offering realistic guidance in avoiding them. Next, they show you ways to customize software debugging tools to test the unique aspects of any program and then analyze the results to identify exploitable vulnerabilities.

 

Coverage includes

  • Tips on how to think the way software attackers think to strengthen your defense strategy
  • Cost-effectively integrating security testing into your development lifecycle
  • Using threat modeling to prioritize testing based on your top areas of risk
  • Building testing labs for performing white-, grey-, and black-box software testing
  • Choosing and using the right tools for each testing project
  • Executing today’s leading attacks, from fault injection to buffer overflows
  • Determining which flaws are most likely to be exploited by real-world attackers
  •  

     

     

Chris Wysopal is cofounder and CTO of Veracode, where he is responsible for the software security analysis capabilities of Veracode’s technology. Previously he was vice president of research and development at @stake. As a member of the groundbreaking security research think tank L0pht Heavy Industries, he and his colleagues testified...
The Art of Software Security Testing: Identifying Software Security Flaws
The Art of Software Security Testing: Identifying Software Security Flaws

by Chris Wysopal

$58.69$73.26

Available for download

Not available in stores

Title:The Art of Software Security Testing: Identifying Software Security FlawsFormat:Kobo ebookPublished:November 17, 2006Publisher:Pearson EducationLanguage:English

The following ISBNs are associated with this title:

ISBN - 10:0132715759

ISBN - 13:9780132715751

Customer Reviews of The Art of Software Security Testing: Identifying Software Security Flaws

Reviews

Table of Contents

Foreword xiii

Preface xvii

Acknowledgments xxix

About the Authors xxxi

 

Part I: Introduction

Chapter 1: Case Your Own Joint: A Paradigm Shift from Traditional Software Testing  3

Chapter 2: How Vulnerabilities Get Into All Software  19

Chapter 3: The Secure Software Development Lifecycle  55

Chapter 4: Risk-Based Security Testing: Prioritizing Security Testing with Threat Modeling  73

Chapter 5: Shades of Analysis: White, Gray, and Black Box Testing  93

 

Part II: Performing the Attacks

Chapter 6: Generic Network Fault Injection  107

Chapter 7: Web Applications: Session Attacks  125

Chapter 8: Web Applications: Common Issues  141

Chapter 9: Web Proxies: Using WebScarab  169

Chapter 10: Implementing a Custom Fuzz Utility  185

Chapter 11: Local Fault Injection  201

 

Part III: Analysis

Chapter 12: Determining Exploitability  233

 

Index  251