Hunting Security Bugs

Tom Gallagher, Bryan Jeffries, Lawrence Landauer, Michael Howard

600 pages, parution le 15/10/2006

Ajouter à une liste

Indisponible

Résumé

Your essential reference to software security testing - from the experts.

Learn how to think like an attacker - and identify potential security issues in your software. In this essential guide, security testing experts offer practical, hands-on guidance and code samples to help you find, classify, and assess security bugs before your software is released.

Discover how to:

Identify high-risk entry points and create test cases
Test clients and servers for malicious request/response bugs
Use black box and white box approaches to help reveal security vulnerabilities
Uncover spoofing issues, including identity and user interface spoofing
Detect bugs that can take advantage of your program's logic, such as SQL injection
Test for XML, SOAP, and Web services vulnerabilities
Recognize information disclosure and weak permissions issues
Identify where attackers can directly manipulate memory
Test with alternate data representations to uncover canonicalization issues
Expose COM and ActiveX repurposing attacks

PLUS-Get code samples and debugging tools on the Web

L'auteur - Tom Gallagher

Tom Gallagher is the lead of the Microsoft Office Security Test team, where he focuses on penetration testing, writing security testing tools, and providing security education.

L'auteur - Bryan Jeffries

Bryan Jeffries is a software engineer responsible for driving security testing on Microsoft SharePoint Products and Technologies.

L'auteur - Lawrence Landauer

Lawrence Landauer is a software engineer at Microsoft where he works on coding, testing, and training projects related to security, personal productivity, and deployment.

L'auteur - Michael Howard

Michael Howard, currently a program manager on the Windows 2000 security team, has been at Microsoft for 8 years. Prior to working on Windows 2000 he was the security program manager for Internet Information Server 4.0 and 5.0. Michael has spoken about security-related issues at many events such as Microsoft TechEd, Microsoft Professional Developer's Conferences and numerous industry gatherings. He hails from New Zealand, where he worked with banking and government clients helping them design, develop and deploy Windows NT-based security solutions. Currently, Michael lives 10 miles from the Microsoft Redmond campus in sunny Bellevue with his wife, Cheryl and two Yorkshire Terriers; Squirt and Major.

Sommaire

General Approach to Security Testing
Using Threat Models for Security Testing
Finding Entry Points
Becoming a Malicious Client
Becoming a Malicious Server
Spoofing
Information Disclosure
Buffer Overflows and Stack and Heap Manipulation
Format String Attacks
HTML Scripting Attacks
XML Issues
Canonicalization Issues
Finding Weak Permissions
Denial of Service Attacks
Managed Code Issues
SQL Injection
Observation and Reverse Engineering
ActiveX Repurposing Attacks
Additional Repurposing Attacks
Reporting Security Bugs

A. Tools of the Trade
B. Security Test Cases Cheat Sheet

Voir tout

Replier

Caractéristiques techniques

	PAPIER
Éditeur(s)	Microsoft Press
Auteur(s)	Tom Gallagher, Bryan Jeffries, Lawrence Landauer, Michael Howard
Parution	15/10/2006
Nb. de pages	600
Format	19 x 23
Couverture	Broché
Poids	700g
Intérieur	Noir et Blanc
EAN13	9780735621879
ISBN13	978-0-7356-2187-9