Hunting Security Bugs - it's a good book that can help you improve the security of your code

Tom Gallagher, Bryan Jeffries and Lawrence Landauer have produced a very useful book that they describe as follows:

Learn how to think like an attacker—and identify potential security issues in your software. In this essential guide, security testing experts offer practical, hands-on guidance and code samples to help you find, classify, and assess security bugs before your software is released.

Chapter Listing:

General Approach to Security Testing
Using Threat Models for Security Testing
Finding Entry Points
Becoming a Malicious Client
Becoming a Malicious Server
Spoofing
Information Disclosure
Buffer Overruns and Stack and Heap Manipulation
Format String Attacks
HTML Scripting Attacks
XML Issues
Canonicalization Issues
Finding Weak Permissions
Denial of Service Attacks
Managed Code Issues
SQL Injection
Observation & Reverse Engineering
ActiveX Repurposing
Additional Repurposing Attacks
Reporting Security Bugs

Appendix A: Tools of the Trade

Appendix B: Security Test Case Cheat Sheet

Comments

• Anonymous
  January 01, 2003
  myITforum Daily Newsletter Daily Newsletter September 12, 2006 The myITforum.com newsletter is delivered