Hunting Security Bugs
Learn how to think like an attacker—and identify potential security issues in your software. In this essential guide, security testing experts offer practical, hands-on guidance and code samples to help you find, classify, and assess security bugs before your software is released.\ Discover how to:\ \ Identify high-risk entry points and create test cases\ Test clients and servers for malicious request/response bugs\ Use black box and white box approaches to help reveal security...
Search in google:
In this essential guide, security testing experts offer practical, hands-on guidance and code samples to help find, classify, and assess security bugs before software is released.
DedicationForewordIntroduction Chapter 1: General Approach to Security TestingChapter 2: Using Threat Models for Security TestingChapter 3: Finding Entry PointsChapter 4: Becoming a Malicious ClientChapter 5: Becoming a Malicious ServerChapter 6: SpoofingChapter 7: Information DisclosureChapter 8: Buffer Overflows and Stack and Heap ManipulationChapter 9: Format String AttacksChapter 10: HTML Scripting AttacksChapter 11: XML IssuesChapter 12: Canonicalization IssuesChapter 13: Finding Weak PermissionsChapter 14: Denial of Service AttacksChapter 15: Managed Code IssuesChapter 16: SQL InjectionChapter 17: Observation and Reverse EngineeringChapter 18: ActiveX Repurposing AttacksChapter 19: Additional Repurposing AttacksChapter 20: Reporting Security BugsTools of the TradeSecurity Test Cases Cheat Sheet
