[Ebook] The Art of Software Security Testing: Identifying Software Security Flaws
State-of-the-Art Software Security Testing: Expert, Up to Date, and Comprehensive
The Art of Software Security Testing
delivers in-depth, up-to-date, battle-tested techniques for
anticipating and identifying software security problems before the “bad
guys” do.
Drawing
on decades of experience in application and penetration testing, this
book’s authors can help you transform your approach from mere
“verification” to proactive “attack.” The authors begin by
systematically reviewing the design and coding vulnerabilities that can
arise in software, and offering realistic guidance in avoiding them.
Next, they show you ways to customize software debugging tools to test
the unique aspects of any program and then analyze the results to
identify exploitable vulnerabilities.
Coverage includes
- Tips on how to think the way software attackers think to strengthen your defense strategy
- Cost-effectively integrating security testing into your development lifecycle
- Using threat modeling to prioritize testing based on your top areas of risk
- Building testing labs for performing white-, grey-, and black-box software testing
- Choosing and using the right tools for each testing project
- Executing today’s leading attacks, from fault injection to buffer overflows
- Determining which flaws are most likely to be exploited by real-world attackers
This
book is indispensable for every technical professional responsible for
software security: testers, QA specialists, security professionals,
developers, and more. For IT managers and leaders, it offers a proven
blueprint for implementing effective security testing or strengthening
existing processes.
Foreword xiii
Preface xvii
Acknowledgments xxix
About the Authors xxxi
Part I: Introduction
Chapter 1: Case Your Own Joint: A Paradigm Shift from Traditional Software Testing 3
Chapter 2: How Vulnerabilities Get Into All Software 19
Chapter 3: The Secure Software Development Lifecycle 55
Chapter 4: Risk-Based Security Testing: Prioritizing Security Testing with Threat Modeling 73
Chapter 5: Shades of Analysis: White, Gray, and Black Box Testing 93
Part II: Performing the Attacks
Chapter 6: Generic Network Fault Injection 107
Chapter 7: Web Applications: Session Attacks 125
Chapter 8: Web Applications: Common Issues 141
Chapter 9: Web Proxies: Using WebScarab 169
Chapter 10: Implementing a Custom Fuzz Utility 185
Chapter 11: Local Fault Injection 201
Part III: Analysis
Chapter 12: Determining Exploitability 233
Index 251
the attached file contatins chapter 11 only. thanks.
| Number | Title | Author | Date | Votes | Views |
| 1424 |
Byte of Python
tanthanh
|
2020.05.28
|
Votes 0
|
Views 55925153
|
tanthanh | 2020.05.28 | 0 | 55925153 |
| 1423 |
Surviving the Top Ten Challenges of Software Testing: A People-Oriented Approach (2)
^Software^
|
2019.07.22
|
Votes 0
|
Views 56682976
|
^Software^ | 2019.07.22 | 0 | 56682976 |
| 1422 |
Jmeter Cookbook (1)
VTB
|
2019.06.27
|
Votes 0
|
Views 57313612
|
VTB | 2019.06.27 | 0 | 57313612 |
| 1421 |
Java Testing : Maven - Reference (315 Pages) (1)
IT-Tester
|
2019.06.26
|
Votes 0
|
Views 57010427
|
IT-Tester | 2019.06.26 | 0 | 57010427 |
| 1420 |
Java Testing : Maven Example (154 Pages)
IT-Tester
|
2019.06.26
|
Votes 0
|
Views 56808838
|
IT-Tester | 2019.06.26 | 0 | 56808838 |
| 1419 |
AGILE TESTING - EBOOK (2)
HenryChuks
|
2019.05.31
|
Votes 0
|
Views 56030460
|
HenryChuks | 2019.05.31 | 0 | 56030460 |
| 1418 |
“Software Testing Career Package – A Software Tester’s Journey from Getting a Job to Becoming a Test Leader!”
aiitistqb
|
2018.10.16
|
Votes 0
|
Views 55915254
|
aiitistqb | 2018.10.16 | 0 | 55915254 |
| 1417 |
Practical Software Testing – New FREE eBook [Download] (2)
aiitistqb
|
2018.10.16
|
Votes 0
|
Views 56149807
|
aiitistqb | 2018.10.16 | 0 | 56149807 |
| 1416 |
The Pathologies of Failed Test Automation Projects
aiitistqb
|
2018.10.16
|
Votes 0
|
Views 56095402
|
aiitistqb | 2018.10.16 | 0 | 56095402 |
| 1415 |
Selenium WebDriver Practical Guide (4)
meo meo con con
|
2018.06.16
|
Votes 0
|
Views 56511077
|
meo meo con con | 2018.06.16 | 0 | 56511077 |
| 1414 |
Python for Informatics
melassiri
|
2018.06.04
|
Votes 0
|
Views 57118350
|
melassiri | 2018.06.04 | 0 | 57118350 |
| 1413 |
Hacking - The Art of Exploitation (7)
ravisk
|
2018.03.25
|
Votes 0
|
Views 56776325
|
ravisk | 2018.03.25 | 0 | 56776325 |
| 1412 |
Instant Penetration Testing Setting Up a Test Lab How-to (1)
ravisk
|
2018.03.24
|
Votes 0
|
Views 54927786
|
ravisk | 2018.03.24 | 0 | 54927786 |
| 1411 |
Practical-Guide-to-Software-System-Testing (3)
ravisk
|
2018.03.24
|
Votes 1
|
Views 57582473
|
ravisk | 2018.03.24 | 1 | 57582473 |
| 1410 |
EFFORT estimation software (1)
ravisk
|
2018.03.24
|
Votes 0
|
Views 55862337
|
ravisk | 2018.03.24 | 0 | 55862337 |
| 1409 |
Lee Copeland. A Practitioner's Guide to Software Test Design (19)
Unbroken
|
2017.12.15
|
Votes 0
|
Views 56357584
|
Unbroken | 2017.12.15 | 0 | 56357584 |
| 1408 |
http response codes (3)
SV369
|
2017.12.14
|
Votes 0
|
Views 57122521
|
SV369 | 2017.12.14 | 0 | 57122521 |
| 1407 |
«Hacking Mobile Exposed, Security secrets and solutions» (5)
Unbroken
|
2017.12.08
|
Votes 0
|
Views 56901149
|
Unbroken | 2017.12.08 | 0 | 56901149 |
| 1406 |
James A. Whittaker «Exploratory software testing» (8)
Unbroken
|
2017.12.08
|
Votes 1
|
Views 56540430
|
Unbroken | 2017.12.08 | 1 | 56540430 |
| 1405 |
FOUNDATIONS OF SOFTWARE TESTING (6)
marklouis
|
2017.12.05
|
Votes 0
|
Views 55883762
|
marklouis | 2017.12.05 | 0 | 55883762 |
| 1404 |
Python for informatics (2)
TesterQA
|
2017.12.01
|
Votes 0
|
Views 56482117
|
TesterQA | 2017.12.01 | 0 | 56482117 |
| 1403 |
Selenium Testing Tool Cookbook (11)
liliam001
|
2017.11.14
|
Votes 0
|
Views 55770651
|
liliam001 | 2017.11.14 | 0 | 55770651 |
| 1402 |
What is SQL Injection? (4)
ArifBaba
|
2017.10.28
|
Votes 0
|
Views 56915436
|
ArifBaba | 2017.10.28 | 0 | 56915436 |
| 1401 |
Oracle Middleware Tuning (4)
gpratikg
|
2017.10.08
|
Votes 0
|
Views 56107328
|
gpratikg | 2017.10.08 | 0 | 56107328 |
| 1400 |
Microsoft SQL Server 2012 (3)
yoshiharra
|
2017.10.08
|
Votes 0
|
Views 56613385
|
yoshiharra | 2017.10.08 | 0 | 56613385 |
| 1399 |
visual studio c sharp
vikasrao
|
2017.09.24
|
Votes 0
|
Views 56552395
|
vikasrao | 2017.09.24 | 0 | 56552395 |
| 1398 |
How to Break Web Software: Functional and Security Testing of Web Applications and Web Services (7)
vikasrao
|
2017.09.24
|
Votes 0
|
Views 55935611
|
vikasrao | 2017.09.24 | 0 | 55935611 |
| 1397 |
The Art of Unit Testing with Examples in .NET
vikasrao
|
2017.09.24
|
Votes 0
|
Views 56523649
|
vikasrao | 2017.09.24 | 0 | 56523649 |
| 1396 |
Scrum (2)
dhoanglong91
|
2017.09.23
|
Votes 1
|
Views 55372856
|
dhoanglong91 | 2017.09.23 | 1 | 55372856 |
| 1395 |
Python for Unix and Linux System Administration
Crismachado
|
2017.09.22
|
Votes 0
|
Views 55660027
|
Crismachado | 2017.09.22 | 0 | 55660027 |
| 1394 |
Ruby Best Practices (3)
Crismachado
|
2017.09.22
|
Votes 0
|
Views 55941948
|
Crismachado | 2017.09.22 | 0 | 55941948 |
| 1393 |
Python in Practice (2)
ManhAnh
|
2017.09.05
|
Votes 0
|
Views 56736063
|
ManhAnh | 2017.09.05 | 0 | 56736063 |
| 1392 |
Practical Object-Oriented Design in Ruby (2)
ManhAnh
|
2017.09.05
|
Votes 0
|
Views 54804157
|
ManhAnh | 2017.09.05 | 0 | 54804157 |
| 1391 |
Practical Cassandra (2)
ManhAnh
|
2017.09.05
|
Votes 0
|
Views 57017567
|
ManhAnh | 2017.09.05 | 0 | 57017567 |
| 1390 |
Development with the Force.com Platform, 3rd Edition (2)
ManhAnh
|
2017.09.05
|
Votes 0
|
Views 57308000
|
ManhAnh | 2017.09.05 | 0 | 57308000 |
| 1389 |
Apache Cordova 3 Programming (2)
ManhAnh
|
2017.09.05
|
Votes 0
|
Views 56236917
|
ManhAnh | 2017.09.05 | 0 | 56236917 |
| 1388 |
Software Testing - Ron Patton (4)
bugdetective
|
2017.09.04
|
Votes 0
|
Views 57227158
|
bugdetective | 2017.09.04 | 0 | 57227158 |
| 1387 |
The Art of Software Testing, 2rd Edition (1)
bugdetective
|
2017.09.04
|
Votes 0
|
Views 55873101
|
bugdetective | 2017.09.04 | 0 | 55873101 |
| 1386 |
Explore It!
bugdetective
|
2017.09.04
|
Votes 1
|
Views 55893445
|
bugdetective | 2017.09.04 | 1 | 55893445 |
| 1385 |
NoSQl (1)
getmedude
|
2017.08.27
|
Votes 0
|
Views 57331701
|
getmedude | 2017.08.27 | 0 | 57331701 |
| 1384 |
Art of testing (10)
dktzm89
|
2017.08.16
|
Votes 0
|
Views 56809727
|
dktzm89 | 2017.08.16 | 0 | 56809727 |
| 1383 |
Perl Book (1)
Ravish24
|
2017.08.15
|
Votes 0
|
Views 55750998
|
Ravish24 | 2017.08.15 | 0 | 55750998 |
| 1382 |
Automation Testing (5)
Ravish24
|
2017.08.15
|
Votes 1
|
Views 58499267
|
Ravish24 | 2017.08.15 | 1 | 58499267 |
| 1381 |
Prince2 model chart
AllGreen
|
2017.08.09
|
Votes 0
|
Views 55526320
|
AllGreen | 2017.08.09 | 0 | 55526320 |
| 1380 |
Prince2 for Dummies
AllGreen
|
2017.08.09
|
Votes 0
|
Views 56994140
|
AllGreen | 2017.08.09 | 0 | 56994140 |
| 1379 |
Unix and Linux testing (2)
pavan765
|
2017.08.01
|
Votes 0
|
Views 57402861
|
pavan765 | 2017.08.01 | 0 | 57402861 |
| 1378 |
Practical Software Testing (6)
Administrator
|
2017.07.24
|
Votes 0
|
Views 55860896
|
Administrator | 2017.07.24 | 0 | 55860896 |
| 1377 |
Selenium Notes (1)
masterofall
|
2017.07.24
|
Votes 0
|
Views 56283933
|
masterofall | 2017.07.24 | 0 | 56283933 |
| 1376 |
Practical Software Testing
masterofall
|
2017.07.24
|
Votes 0
|
Views 57536559
|
masterofall | 2017.07.24 | 0 | 57536559 |
| 1375 |
Lead Generation for Dummies (2)
uday bhaskar
|
2017.07.20
|
Votes 0
|
Views 56490147
|
uday bhaskar | 2017.07.20 | 0 | 56490147 |
good book
good book
How to download this book? I don't fine any link....
please keep the book in downloads section, very good book.
Good work
How can I download this book? The link is missing. Please help. I really need this one. Thank you
only chapter 11?
Yes.It's mentioned in the article.
thanks
so great
Dear admin i have 750 points but i when i try to download this book then 100 point etc.. message is occur kindly help me
Very Good Books.
But There is only chapter 11.
Where can I get whole Books?
Help me.Please.
Thanks.
good book
nice book
very good
good
other chapters pls!