The Art of Software Security Testing: Identifying Software Security Flaws

Kobo ebook | November 17, 2006

byChris Wysopal, Lucas Nelson, Elfriede Dustin...

not yet rated|write a review

State-of-the-Art Software Security Testing: Expert, Up to Date, and Comprehensive

 

The Art of Software Security Testing delivers in-depth, up-to-date, battle-tested techniques for anticipating and identifying software security problems before the “bad guys” do.

 

Drawing on decades of experience in application and penetration testing, this book’s authors can help you transform your approach from mere “verification” to proactive “attack.” The authors begin by systematically reviewing the design and coding vulnerabilities that can arise in software, and offering realistic guidance in avoiding them. Next, they show you ways to customize software debugging tools to test the unique aspects of any program and then analyze the results to identify exploitable vulnerabilities.

 

Coverage includes

  • Tips on how to think the way software attackers think to strengthen your defense strategy
  • Cost-effectively integrating security testing into your development lifecycle
  • Using threat modeling to prioritize testing based on your top areas of risk
  • Building testing labs for performing white-, grey-, and black-box software testing
  • Choosing and using the right tools for each testing project
  • Executing today’s leading attacks, from fault injection to buffer overflows
  • Determining which flaws are most likely to be exploited by real-world attackers
  •  

     

     

Pricing and Purchase Info

$55.59 online
$72.17 list price (save 22%)
Available for download
Not available in stores

From the Publisher

State-of-the-Art Software Security Testing: Expert, Up to Date, and Comprehensive   The Art of Software Security Testing delivers in-depth, up-to-date, battle-tested techniques for anticipating and identifying software security problems before the “bad guys” do.   Drawing on decades of experience in application and penetration testi...

From the Jacket

Risk-based security testing, the important subject of this book, is one of seven software security touchpoints introduced in my book, Software Security: Building Security In. This book takes the basic idea several steps forward. Written by masters of software exploit, this book describes in very basic terms how security testing differs...

Chris Wysopal is cofounder and CTO of Veracode, where he is responsible for the software security analysis capabilities of Veracode’s technology. Previously he was vice president of research and development at @stake. As a member of the groundbreaking security research think tank L0pht Heavy Industries, he and his colleagues testified...

other books by Chris Wysopal

The Art of Software Security Testing: Identifying Software Security Flaws
The Art of Software Security Testing: Identifying Softw...

Kobo ebook|Nov 17 2006

$55.59 online$72.17list price(save 22%)
Format:Kobo ebookPublished:November 17, 2006Publisher:Pearson EducationLanguage:English

The following ISBNs are associated with this title:

ISBN - 10:0132715759

ISBN - 13:9780132715751

Customer Reviews of The Art of Software Security Testing: Identifying Software Security Flaws

Reviews

Extra Content

Table of Contents

Foreword xiii

Preface xvii

Acknowledgments xxix

About the Authors xxxi

 

Part I: Introduction

Chapter 1: Case Your Own Joint: A Paradigm Shift from Traditional Software Testing  3

Chapter 2: How Vulnerabilities Get Into All Software  19

Chapter 3: The Secure Software Development Lifecycle  55

Chapter 4: Risk-Based Security Testing: Prioritizing Security Testing with Threat Modeling  73

Chapter 5: Shades of Analysis: White, Gray, and Black Box Testing  93

 

Part II: Performing the Attacks

Chapter 6: Generic Network Fault Injection  107

Chapter 7: Web Applications: Session Attacks  125

Chapter 8: Web Applications: Common Issues  141

Chapter 9: Web Proxies: Using WebScarab  169

Chapter 10: Implementing a Custom Fuzz Utility  185

Chapter 11: Local Fault Injection  201

 

Part III: Analysis

Chapter 12: Determining Exploitability  233

 

Index  251