Hunting Security Bugs
Seiten
2006
Microsoft Press,U.S. (Verlag)
978-0-7356-2187-9 (ISBN)
Microsoft Press,U.S. (Verlag)
978-0-7356-2187-9 (ISBN)
- Titel ist leider vergriffen;
keine Neuauflage - Artikel merken
"Finding Security Bugs" deals with computers/software.
Learn how to think like an attacker—and identify potential security issues in your software. In this essential guide, security testing experts offer practical, hands-on guidance and code samples to help you find, classify, and assess security bugs before your software is released.
Discover how to:
Identify high-risk entry points and create test cases
Test clients and servers for malicious request/response bugs
Use black box and white box approaches to help reveal security vulnerabilities
Uncover spoofing issues, including identity and user interface spoofing
Detect bugs that can take advantage of your program’s logic, such as SQL injection
Test for XML, SOAP, and Web services vulnerabilities
Recognize information disclosure and weak permissions issues
Identify where attackers can directly manipulate memory
Test with alternate data representations to uncover canonicalization issues
Expose COM and ActiveX repurposing attacks
PLUS—Get code samples and debugging tools on the Web
Learn how to think like an attacker—and identify potential security issues in your software. In this essential guide, security testing experts offer practical, hands-on guidance and code samples to help you find, classify, and assess security bugs before your software is released.
Discover how to:
Identify high-risk entry points and create test cases
Test clients and servers for malicious request/response bugs
Use black box and white box approaches to help reveal security vulnerabilities
Uncover spoofing issues, including identity and user interface spoofing
Detect bugs that can take advantage of your program’s logic, such as SQL injection
Test for XML, SOAP, and Web services vulnerabilities
Recognize information disclosure and weak permissions issues
Identify where attackers can directly manipulate memory
Test with alternate data representations to uncover canonicalization issues
Expose COM and ActiveX repurposing attacks
PLUS—Get code samples and debugging tools on the Web
Bryan Jeffries is a software engineer responsible for driving security testing on Microsoft SharePoint Products and Technologies.
General approach to security testing Using threat models for security testing Finding entry points Becoming a malicious client Becoming a malicious server Spoofing Information disclosure Buffer overflows Format string attacks HTML scripting attacks XML issues Canonicalization issues Finding weak permissions Denial of service attacks Managed code issues Observation & reverse engineering ActiveX repurposing attacks Reporting security bugs
| Erscheint lt. Verlag | 30.8.2006 |
|---|---|
| Reihe/Serie | secure software Development Series |
| Verlagsort | Redmond |
| Sprache | englisch |
| Maße | 187 x 229 mm |
| Gewicht | 1000 g |
| Themenwelt | Informatik ► Theorie / Studium ► Kryptologie |
| ISBN-10 | 0-7356-2187-X / 073562187X |
| ISBN-13 | 978-0-7356-2187-9 / 9780735621879 |
| Zustand | Neuware |
| Haben Sie eine Frage zum Produkt? |
Mehr entdecken
aus dem Bereich
aus dem Bereich
Geschichte, Techniken, Anwendungen
Buch | Softcover (2022)
C.H.Beck (Verlag)
CHF 13,90
