Hunting Security Bugs - Tom Gallagher , Bryan Jeffries , Lawrence... - Librairie Eyrolles
Tous nos rayons

Déjà client ? Identifiez-vous

Mot de passe oublié ?

Nouveau client ?

Hunting Security Bugs
Ajouter à une liste

Librairie Eyrolles - Paris 5e

Hunting Security Bugs

Hunting Security Bugs

Tom Gallagher, Bryan Jeffries, Lawrence Landauer, Michael Howard

600 pages, parution le 15/10/2006


Your essential reference to software security testing - from the experts.

Learn how to think like an attacker - and identify potential security issues in your software. In this essential guide, security testing experts offer practical, hands-on guidance and code samples to help you find, classify, and assess security bugs before your software is released.

Discover how to:

  • Identify high-risk entry points and create test cases
  • Test clients and servers for malicious request/response bugs
  • Use black box and white box approaches to help reveal security vulnerabilities
  • Uncover spoofing issues, including identity and user interface spoofing
  • Detect bugs that can take advantage of your program's logic, such as SQL injection
  • Test for XML, SOAP, and Web services vulnerabilities
  • Recognize information disclosure and weak permissions issues
  • Identify where attackers can directly manipulate memory
  • Test with alternate data representations to uncover canonicalization issues
  • Expose COM and ActiveX repurposing attacks

PLUS-Get code samples and debugging tools on the Web

L'auteur - Tom Gallagher

Tom Gallagher is the lead of the Microsoft Office Security Test team, where he focuses on penetration testing, writing security testing tools, and providing security education.

L'auteur - Bryan Jeffries

Bryan Jeffries is a software engineer responsible for driving security testing on Microsoft SharePoint Products and Technologies.

L'auteur - Lawrence Landauer

Lawrence Landauer is a software engineer at Microsoft where he works on coding, testing, and training projects related to security, personal productivity, and deployment.

L'auteur - Michael Howard

Michael Howard, currently a program manager on the Windows 2000 security team, has been at Microsoft for 8 years. Prior to working on Windows 2000 he was the security program manager for Internet Information Server 4.0 and 5.0. Michael has spoken about security-related issues at many events such as Microsoft TechEd, Microsoft Professional Developer's Conferences and numerous industry gatherings. He hails from New Zealand, where he worked with banking and government clients helping them design, develop and deploy Windows NT-based security solutions. Currently, Michael lives 10 miles from the Microsoft Redmond campus in sunny Bellevue with his wife, Cheryl and two Yorkshire Terriers; Squirt and Major.


  • General Approach to Security Testing
  • Using Threat Models for Security Testing
  • Finding Entry Points
  • Becoming a Malicious Client
  • Becoming a Malicious Server
  • Spoofing
  • Information Disclosure
  • Buffer Overflows and Stack and Heap Manipulation
  • Format String Attacks
  • HTML Scripting Attacks
  • XML Issues
  • Canonicalization Issues
  • Finding Weak Permissions
  • Denial of Service Attacks
  • Managed Code Issues
  • SQL Injection
  • Observation and Reverse Engineering
  • ActiveX Repurposing Attacks
  • Additional Repurposing Attacks
  • Reporting Security Bugs
  • A. Tools of the Trade
  • B. Security Test Cases Cheat Sheet
Voir tout

Caractéristiques techniques

Éditeur(s) Microsoft Press
Auteur(s) Tom Gallagher, Bryan Jeffries, Lawrence Landauer, Michael Howard
Parution 15/10/2006
Nb. de pages 600
Format 19 x 23
Couverture Broché
Poids 700g
Intérieur Noir et Blanc
EAN13 9780735621879
ISBN13 978-0-7356-2187-9


Livraison à partir de 0,01 en France métropolitaine
Paiement en ligne SÉCURISÉ
Livraison dans le monde
Retour sous 15 jours
+ d'un million et demi de livres disponibles
satisfait ou remboursé
Satisfait ou remboursé
Paiement sécurisé
modes de paiement
Paiement à l'expédition
partout dans le monde
Livraison partout dans le monde
Service clients
librairie française
Librairie française depuis 1925
Recevez nos newsletters
Vous serez régulièrement informé(e) de toutes nos actualités.