Browse / Computers
The Art of Software Security Testing 9780321304865

The Art of Software Security Testing

Identifying Software Security Flaws

ISBN-10: 0321304861
ISBN-13: 9780321304865
AUTHOR:
PUBLISHER: Addison Wesley Professional
Also available at Amazon.com
Note: Not guaranteed to come with supplemental materials (access codes, CDs, DVDs)
Product Description:

Risk-based security testing, the important subject of this book, is one of seven software security touchpoints introduced in my book, Software Security: Building Security In. This book takes the basic idea several steps forward. Written by masters of software exploit, this book describes in very basic terms how security testing differs from standard software testing as practiced by QA groups everywhere. It unifies in one place ideas from Michael Howard, David Litchfield, Greg Hoglund, and me into a concise introductory package. Improve your security testing by reading this book today."

-Gary McGraw, Ph.D., CTO, Cigital; Author, Software Security, Exploiting Software, Building Secure Software, and Software Fault Injection; www.cigital.com/~gem

nbsp;

"As 2006 closes out, we will see over 5,000 software vulnerabilities announced to the public. Many of these vulnerabilities were, or will be, found in enterprise applications from companies who are staffed with large, professional, QA teams. How then can it be that these flaws consistently continue to escape even well-structured diligent testing? The answer, in part, is that testing still by and large only scratches the surface when validating the presence of security flaws. Books such as this hopefully will start to bring a more thorough level of understanding to the arena of security testing and make us all a little safer over time."

-Alfred Huger, Senior Director, Development, Symantec Corporation

nbsp;

"Software security testing may indeed be an art, but this book provides the paint-by-numbers to perform good, solid, and appropriately destructive security testing: proof that an ounce of creative destruction is worth a pound of patching later. If understanding how software can be broken is step one in every programmers'' twelve-step program to defensible, secure, robust software, then knowledgeable security testing comprises at least steps two through six."

-Mary Ann Davidson, Chief Security Officer, Oracle

nbsp;

"Over the past few years, several excellent books have come out teaching developers how to write more secure software by describing common security failure patterns. However, none of these books have targeted the tester whose job it is to find the security problems before they make it out of the R&D lab and into customer hands. Into this void comes The Art of Software Security Testing: Identifying Software Security Flaws. The authors, all of whom have extensive experience in security testing, explain how to use free tools to find the problems in software, giving plenty of examples of what a software flaw looks like when it shows up in the test tool. The reader learns why security flaws are different from other types of bugs (we want to know not only that ''the program does what it''s supposed to,'' but also that ''the program doesn''t do that which it''s not supposed to''), and how to use the tools to find them. Examples are primarily based on C code, but some description of Java, C#, and scripting languages help for those environments. The authors cover both Windows and UNIX-based test tools, with plenty of screenshots to see what to expect. Anyone who''s doing QA testing on software should read this book, whether as a refresher for finding security problems, or as a starting point for QA people who have focused on testing functionality."

-Jeremy Epstein, WebMethods

nbsp;

State-of-the-Art Software Security Testing: Expert, Up to Date, and Comprehensive

nbsp;

The Art of Software Security Testing delivers in-depth, up-to-date, battle-tested techniques for anticipating and identifying software security problems before the "bad guys" do.

nbsp;

Drawing on decades of experience in application and penetration testing, this book''s authors can help you transform your approach from mere "verification" to proactive "attack." The authors begin by systematically reviewing the design and coding vulnerabilities that can arise in software, and offering realistic guidance in avoiding them. Next, they show you ways to customize software debugging tools to test the unique aspects of any program and then analyze the results to identify exploitable vulnerabilities.

nbsp;

Coverage includes

  • Tips on how to think the way software attackers think to strengthen your defense strategy
  • Cost-effectively integrating security testing into your development lifecycle
  • Using threat modeling to prioritize testing based on your top areas of risk
  • Building testing labs for performing white-, grey-, and black-box software testing
  • Choosing and using the right tools for each testing project
  • Executing today''s leading attacks, from fault injection to buffer overflows
  • Determining which flaws are most likely to be exploited by real-world attackers

nbsp;

This book is indispensable for every technical professional responsible for software security: testers, QA specialists, security professionals, developers, and more. For IT managers and leaders, it offers a proven blueprint for implementing effective security testing or strengthening existing processes.

nbsp;

Foreword xiii

Preface xvii

Acknowledgments xxix

About the Authors xxxi

nbsp;

Part I: Introduction

Chapter 1: Case Your Own Joint: A Paradigm Shift from Traditional Software Testingnbsp; 3

Chapter 2: How Vulnerabilities Get Into All Softwarenbsp; 19

Chapter 3: The Secure Software Development Lifecyclenbsp; 55

Chapter 4: Risk-Based Security Testing: Prioritizing Security Testing with Threat Modelingnbsp; 73

Chapter 5: Shades of Analysis: White, Gray, and Black Box Testingnbsp; 93

nbsp;

Part II: Performing the Attacks

Chapter 6: Generic Network Fault Injectionnbsp; 107

Chapter 7: Web Applications: Session Attacksnbsp; 125

Chapter 8: Web Applications: Common Issuesnbsp; 141

Chapter 9: Web Proxies: Using WebScarab nbsp;169

Chapter 10: Implementing a Custom Fuzz Utilitynbsp; 185

Chapter 11: Local Fault Injectionnbsp; 201

nbsp;

Part III: Analysis

Chapter 12: Determining Exploitabilitynbsp; 233

nbsp;

Indexnbsp; 251

Additional Details


PUBLICATION DATE:
PAGES: 312
CATEGORY: Computers
Star

21 Day Unconditional Guarantee

any book, any reason

Rent This Book Now:

Price guaranteed for 45:00 longer
Due May 15 $35.99
130 days (due Jul 6) $39.96
85 days (due May 22) $36.36
55 days (due Apr 22) $34.76
Select Your Own Date
--

Buy this book used:

$49.96

List Price: $60.00
Your Savings:
Total Price:
 

REVIEWS for The Art of Software Security Testing


Select a star rating

FAQ'S

1. How do textbook rentals work?
It’s simple. Begin by searching for your textbook by ISBN (10 or 13-digit number that can be found on the back cover of each book), title, author or keyword. Next select how long you would like to rent the book then add it to your cart. Repeat for each book you’re looking for. After completing the order we’ll ship them to you and you’ll also receive a prepaid mailer. Return your books in the mailer by your rental due date.
2. Is renting a textbook better than purchasing it?
We offer both! You can buy or rent the book through Campus Book Rentals. It’s up to you to decide which option best meets your educational needs.
3. How do I track my order?
Login to your account here, you’ll see your current rentals listed textbook rentals listed with a yellow box that says “track”. Click the box to view the tracking number. *Not all books will have a tracking number since they may be sent from one of our partners. Tracking numbers will be updated as they become available.
4. How do I return my books?
When you rent textbooks from Campus Book Rentals you’ll receive a prepaid mailer. When it’s nearing your due date you’ll place your books inside the mailer and take it to the nearest USPS drop box or Post Office. If you don’t receive a mailer you can print a return label from your account. Return shipping is prepaid so please use either of the two methods to ensure they arrive at the correct facility.
5. Can I write or highlight in my book?
Of course! Just remember that future students will rent the same book after you, so please be respectful.
6. How much money can renting my books save?
It depends on the book. Generally renting textbooks can save you up to 80% compared to a new textbook.
7. Are Campus Book Rentals’ books the same as my bookstore’s?
Yes! We only ship US edition textbooks, which are the same as your campus bookstore.
8. Do access codes or other supplements come with a textbook rental?
One time use access codes and other supplemental materials are NOT included with rental books and must be purchased separately.
9. What if I don’t return my rental?
If your book rental is not returned by the due date, your credit card will be charged a non-return fee, equal to the replacement value for the book.
10. Can I purchase my book after I rent it?
Certainty! You’re only charged the difference between what you already paid and the value of the book at the time you initially rented. Login to your account and choose to purchase your book and it’ll walk you through the checkout process.

Textbook Rentals

We know that textbook rentals are the best way currently to distribute high quality textbooks, and we want to have you on board! Join over a million students that have saved money by renting! Not only is it better for you, but when you return it that book can go on to help even more students access affordable education. We're confident we offer the best value in rentals, but if you're not a believer you can always return your book for a no questions asked refund within 21 days.

Why Choose Us?

1. Campus Book Rentals pioneered the idea of textbook rentals, making prices significantly cheaper for every student while still maintaining the highest quality. We've been at it since 2007 and the entire industry has had to adapt to keep up.

2. Though keeping prices low has always been the goal, we can boast an excellent support team that has helped thousands of students get the best value for their education. Chat with them at 855-200-0021 or use our chat box.

3. We practice what we preach. We routinely read our own textbooks to further our own education while at work. We know that only with a well-educated team of individuals can we continue to change the industry for the better.

Make A Difference

At Campus Book Rentals our company is guided by a single question, "How are we making education more affordable?" We know that getting a college education is quickly becoming a rite of passage for students and is becoming more important every year. In order to make education more attainable for the 99%, we started renting textbooks so students could avoid high purchase prices and buyback programs. We know it's a better way, and we're going to show everyone how to make a college education affordable again.