The Art of Software Security Testing
Identifying Software Security Flaws
Nonfiction, Computers, Networking & Communications
| Author: | Chris Wysopal, Lucas Nelson, Elfriede Dustin, Dino Dai Zovi | ISBN: | 9780132715751 |
| Publisher: | Pearson Education | Publication: | November 17, 2006 |
| Imprint: | Addison-Wesley Professional | Language: | English |
| Author: | Chris Wysopal, Lucas Nelson, Elfriede Dustin, Dino Dai Zovi |
| ISBN: | 9780132715751 |
| Publisher: | Pearson Education |
| Publication: | November 17, 2006 |
| Imprint: | Addison-Wesley Professional |
| Language: | English |
State-of-the-Art Software Security Testing: Expert, Up to Date, and Comprehensive
The Art of Software Security Testing delivers in-depth, up-to-date, battle-tested techniques for anticipating and identifying software security problems before the “bad guys” do.
Drawing on decades of experience in application and penetration testing, this book’s authors can help you transform your approach from mere “verification” to proactive “attack.” The authors begin by systematically reviewing the design and coding vulnerabilities that can arise in software, and offering realistic guidance in avoiding them. Next, they show you ways to customize software debugging tools to test the unique aspects of any program and then analyze the results to identify exploitable vulnerabilities.
Coverage includes
- Tips on how to think the way software attackers think to strengthen your defense strategy
- Cost-effectively integrating security testing into your development lifecycle
- Using threat modeling to prioritize testing based on your top areas of risk
- Building testing labs for performing white-, grey-, and black-box software testing
- Choosing and using the right tools for each testing project
- Executing today’s leading attacks, from fault injection to buffer overflows
- Determining which flaws are most likely to be exploited by real-world attackers
State-of-the-Art Software Security Testing: Expert, Up to Date, and Comprehensive
The Art of Software Security Testing delivers in-depth, up-to-date, battle-tested techniques for anticipating and identifying software security problems before the “bad guys” do.
Drawing on decades of experience in application and penetration testing, this book’s authors can help you transform your approach from mere “verification” to proactive “attack.” The authors begin by systematically reviewing the design and coding vulnerabilities that can arise in software, and offering realistic guidance in avoiding them. Next, they show you ways to customize software debugging tools to test the unique aspects of any program and then analyze the results to identify exploitable vulnerabilities.
Coverage includes
- Tips on how to think the way software attackers think to strengthen your defense strategy
- Cost-effectively integrating security testing into your development lifecycle
- Using threat modeling to prioritize testing based on your top areas of risk
- Building testing labs for performing white-, grey-, and black-box software testing
- Choosing and using the right tools for each testing project
- Executing today’s leading attacks, from fault injection to buffer overflows
- Determining which flaws are most likely to be exploited by real-world attackers
