Hunting Security Bugs

Your in-depth, hands-on, technical security-testing reference. Written for testers by testers, this guide highlights up-to-date tools, technologies, and techniques for helping find and eliminate security vulnerabilities in software. Learn how to think like an attacker—and identify potential security issues in your software. In this essential guide, security testing experts offer practical, hands-on guidance and code samples to help you find, classify, and assess security bugs before your software is released. Discover how to:Identify high-risk entry points and create test casesTest clients and servers for malicious request/response bugsUse black box and white box approaches to help reveal security vulnerabilitiesUncover spoofing issues, including identity and user interface spoofingDetect bugs that can take advantage of your program's logic, such as SQL injectionTest for XML, SOAP, and Web services vulnerabilitiesRecognize information disclosure and weak permissions issuesIdentify where attackers can directly manipulate memory Test with alternate data representations to uncover canonicalization issuesExpose COM and ActiveX repurposing attacksPLUS—Get code samples and debugging tools on the Web