[Ebook] The Art of Software Security Testing: Identifying Software Security Flaws
State-of-the-Art Software Security Testing: Expert, Up to Date, and Comprehensive
The Art of Software Security Testing
delivers in-depth, up-to-date, battle-tested techniques for
anticipating and identifying software security problems before the “bad
guys” do.
Drawing
on decades of experience in application and penetration testing, this
book’s authors can help you transform your approach from mere
“verification” to proactive “attack.” The authors begin by
systematically reviewing the design and coding vulnerabilities that can
arise in software, and offering realistic guidance in avoiding them.
Next, they show you ways to customize software debugging tools to test
the unique aspects of any program and then analyze the results to
identify exploitable vulnerabilities.
Coverage includes
- Tips on how to think the way software attackers think to strengthen your defense strategy
- Cost-effectively integrating security testing into your development lifecycle
- Using threat modeling to prioritize testing based on your top areas of risk
- Building testing labs for performing white-, grey-, and black-box software testing
- Choosing and using the right tools for each testing project
- Executing today’s leading attacks, from fault injection to buffer overflows
- Determining which flaws are most likely to be exploited by real-world attackers
This
book is indispensable for every technical professional responsible for
software security: testers, QA specialists, security professionals,
developers, and more. For IT managers and leaders, it offers a proven
blueprint for implementing effective security testing or strengthening
existing processes.
Foreword xiii
Preface xvii
Acknowledgments xxix
About the Authors xxxi
Part I: Introduction
Chapter 1: Case Your Own Joint: A Paradigm Shift from Traditional Software Testing 3
Chapter 2: How Vulnerabilities Get Into All Software 19
Chapter 3: The Secure Software Development Lifecycle 55
Chapter 4: Risk-Based Security Testing: Prioritizing Security Testing with Threat Modeling 73
Chapter 5: Shades of Analysis: White, Gray, and Black Box Testing 93
Part II: Performing the Attacks
Chapter 6: Generic Network Fault Injection 107
Chapter 7: Web Applications: Session Attacks 125
Chapter 8: Web Applications: Common Issues 141
Chapter 9: Web Proxies: Using WebScarab 169
Chapter 10: Implementing a Custom Fuzz Utility 185
Chapter 11: Local Fault Injection 201
Part III: Analysis
Chapter 12: Determining Exploitability 233
Index 251
the attached file contatins chapter 11 only. thanks.
| Number | Title | Author | Date | Votes | Views |
| 1424 |
Byte of Python
tanthanh
|
2020.05.28
|
Votes 0
|
Views 51094806
|
tanthanh | 2020.05.28 | 0 | 51094806 |
| 1423 |
Surviving the Top Ten Challenges of Software Testing: A People-Oriented Approach (2)
^Software^
|
2019.07.22
|
Votes 0
|
Views 51549413
|
^Software^ | 2019.07.22 | 0 | 51549413 |
| 1422 |
Jmeter Cookbook (1)
VTB
|
2019.06.27
|
Votes 0
|
Views 52415907
|
VTB | 2019.06.27 | 0 | 52415907 |
| 1421 |
Java Testing : Maven - Reference (315 Pages) (1)
IT-Tester
|
2019.06.26
|
Votes 0
|
Views 51994097
|
IT-Tester | 2019.06.26 | 0 | 51994097 |
| 1420 |
Java Testing : Maven Example (154 Pages)
IT-Tester
|
2019.06.26
|
Votes 0
|
Views 51856803
|
IT-Tester | 2019.06.26 | 0 | 51856803 |
| 1419 |
AGILE TESTING - EBOOK (2)
HenryChuks
|
2019.05.31
|
Votes 0
|
Views 50987451
|
HenryChuks | 2019.05.31 | 0 | 50987451 |
| 1418 |
“Software Testing Career Package – A Software Tester’s Journey from Getting a Job to Becoming a Test Leader!”
aiitistqb
|
2018.10.16
|
Votes 0
|
Views 51244436
|
aiitistqb | 2018.10.16 | 0 | 51244436 |
| 1417 |
Practical Software Testing – New FREE eBook [Download] (2)
aiitistqb
|
2018.10.16
|
Votes 0
|
Views 50768087
|
aiitistqb | 2018.10.16 | 0 | 50768087 |
| 1416 |
The Pathologies of Failed Test Automation Projects
aiitistqb
|
2018.10.16
|
Votes 0
|
Views 50951447
|
aiitistqb | 2018.10.16 | 0 | 50951447 |
| 1415 |
Selenium WebDriver Practical Guide (4)
meo meo con con
|
2018.06.16
|
Votes 0
|
Views 51603015
|
meo meo con con | 2018.06.16 | 0 | 51603015 |
| 1414 |
Python for Informatics
melassiri
|
2018.06.04
|
Votes 0
|
Views 51959061
|
melassiri | 2018.06.04 | 0 | 51959061 |
| 1413 |
Hacking - The Art of Exploitation (7)
ravisk
|
2018.03.25
|
Votes 0
|
Views 51649904
|
ravisk | 2018.03.25 | 0 | 51649904 |
| 1412 |
Instant Penetration Testing Setting Up a Test Lab How-to (1)
ravisk
|
2018.03.24
|
Votes 0
|
Views 49826629
|
ravisk | 2018.03.24 | 0 | 49826629 |
| 1411 |
Practical-Guide-to-Software-System-Testing (3)
ravisk
|
2018.03.24
|
Votes 1
|
Views 52419878
|
ravisk | 2018.03.24 | 1 | 52419878 |
| 1410 |
EFFORT estimation software (1)
ravisk
|
2018.03.24
|
Votes 0
|
Views 51264787
|
ravisk | 2018.03.24 | 0 | 51264787 |
| 1409 |
Lee Copeland. A Practitioner's Guide to Software Test Design (19)
Unbroken
|
2017.12.15
|
Votes 0
|
Views 50984608
|
Unbroken | 2017.12.15 | 0 | 50984608 |
| 1408 |
http response codes (3)
SV369
|
2017.12.14
|
Votes 0
|
Views 52156302
|
SV369 | 2017.12.14 | 0 | 52156302 |
| 1407 |
«Hacking Mobile Exposed, Security secrets and solutions» (5)
Unbroken
|
2017.12.08
|
Votes 0
|
Views 51701064
|
Unbroken | 2017.12.08 | 0 | 51701064 |
| 1406 |
James A. Whittaker «Exploratory software testing» (8)
Unbroken
|
2017.12.08
|
Votes 1
|
Views 51368789
|
Unbroken | 2017.12.08 | 1 | 51368789 |
| 1405 |
FOUNDATIONS OF SOFTWARE TESTING (6)
marklouis
|
2017.12.05
|
Votes 0
|
Views 51188690
|
marklouis | 2017.12.05 | 0 | 51188690 |
| 1404 |
Python for informatics (2)
TesterQA
|
2017.12.01
|
Votes 0
|
Views 51342791
|
TesterQA | 2017.12.01 | 0 | 51342791 |
| 1403 |
Selenium Testing Tool Cookbook (11)
liliam001
|
2017.11.14
|
Votes 0
|
Views 50749154
|
liliam001 | 2017.11.14 | 0 | 50749154 |
| 1402 |
What is SQL Injection? (4)
ArifBaba
|
2017.10.28
|
Votes 0
|
Views 51506850
|
ArifBaba | 2017.10.28 | 0 | 51506850 |
| 1401 |
Oracle Middleware Tuning (4)
gpratikg
|
2017.10.08
|
Votes 0
|
Views 51050425
|
gpratikg | 2017.10.08 | 0 | 51050425 |
| 1400 |
Microsoft SQL Server 2012 (3)
yoshiharra
|
2017.10.08
|
Votes 0
|
Views 51582248
|
yoshiharra | 2017.10.08 | 0 | 51582248 |
| 1399 |
visual studio c sharp
vikasrao
|
2017.09.24
|
Votes 0
|
Views 51247002
|
vikasrao | 2017.09.24 | 0 | 51247002 |
| 1398 |
How to Break Web Software: Functional and Security Testing of Web Applications and Web Services (7)
vikasrao
|
2017.09.24
|
Votes 0
|
Views 50635725
|
vikasrao | 2017.09.24 | 0 | 50635725 |
| 1397 |
The Art of Unit Testing with Examples in .NET
vikasrao
|
2017.09.24
|
Votes 0
|
Views 51367655
|
vikasrao | 2017.09.24 | 0 | 51367655 |
| 1396 |
Scrum (2)
dhoanglong91
|
2017.09.23
|
Votes 1
|
Views 50618430
|
dhoanglong91 | 2017.09.23 | 1 | 50618430 |
| 1395 |
Python for Unix and Linux System Administration
Crismachado
|
2017.09.22
|
Votes 0
|
Views 50895412
|
Crismachado | 2017.09.22 | 0 | 50895412 |
| 1394 |
Ruby Best Practices (3)
Crismachado
|
2017.09.22
|
Votes 0
|
Views 50960418
|
Crismachado | 2017.09.22 | 0 | 50960418 |
| 1393 |
Python in Practice (2)
ManhAnh
|
2017.09.05
|
Votes 0
|
Views 51630544
|
ManhAnh | 2017.09.05 | 0 | 51630544 |
| 1392 |
Practical Object-Oriented Design in Ruby (2)
ManhAnh
|
2017.09.05
|
Votes 0
|
Views 49604057
|
ManhAnh | 2017.09.05 | 0 | 49604057 |
| 1391 |
Practical Cassandra (2)
ManhAnh
|
2017.09.05
|
Votes 0
|
Views 51841504
|
ManhAnh | 2017.09.05 | 0 | 51841504 |
| 1390 |
Development with the Force.com Platform, 3rd Edition (2)
ManhAnh
|
2017.09.05
|
Votes 0
|
Views 52258486
|
ManhAnh | 2017.09.05 | 0 | 52258486 |
| 1389 |
Apache Cordova 3 Programming (2)
ManhAnh
|
2017.09.05
|
Votes 0
|
Views 51311532
|
ManhAnh | 2017.09.05 | 0 | 51311532 |
| 1388 |
Software Testing - Ron Patton (4)
bugdetective
|
2017.09.04
|
Votes 0
|
Views 52273786
|
bugdetective | 2017.09.04 | 0 | 52273786 |
| 1387 |
The Art of Software Testing, 2rd Edition (1)
bugdetective
|
2017.09.04
|
Votes 0
|
Views 50896005
|
bugdetective | 2017.09.04 | 0 | 50896005 |
| 1386 |
Explore It!
bugdetective
|
2017.09.04
|
Votes 1
|
Views 50889861
|
bugdetective | 2017.09.04 | 1 | 50889861 |
| 1385 |
NoSQl (1)
getmedude
|
2017.08.27
|
Votes 0
|
Views 52171114
|
getmedude | 2017.08.27 | 0 | 52171114 |
| 1384 |
Art of testing (10)
dktzm89
|
2017.08.16
|
Votes 0
|
Views 51620995
|
dktzm89 | 2017.08.16 | 0 | 51620995 |
| 1383 |
Perl Book (1)
Ravish24
|
2017.08.15
|
Votes 0
|
Views 50986032
|
Ravish24 | 2017.08.15 | 0 | 50986032 |
| 1382 |
Automation Testing (5)
Ravish24
|
2017.08.15
|
Votes 1
|
Views 53217771
|
Ravish24 | 2017.08.15 | 1 | 53217771 |
| 1381 |
Prince2 model chart
AllGreen
|
2017.08.09
|
Votes 0
|
Views 50646443
|
AllGreen | 2017.08.09 | 0 | 50646443 |
| 1380 |
Prince2 for Dummies
AllGreen
|
2017.08.09
|
Votes 0
|
Views 52185179
|
AllGreen | 2017.08.09 | 0 | 52185179 |
| 1379 |
Unix and Linux testing (2)
pavan765
|
2017.08.01
|
Votes 0
|
Views 52314820
|
pavan765 | 2017.08.01 | 0 | 52314820 |
| 1378 |
Practical Software Testing (6)
Administrator
|
2017.07.24
|
Votes 0
|
Views 50626787
|
Administrator | 2017.07.24 | 0 | 50626787 |
| 1377 |
Selenium Notes (1)
masterofall
|
2017.07.24
|
Votes 0
|
Views 51315800
|
masterofall | 2017.07.24 | 0 | 51315800 |
| 1376 |
Practical Software Testing
masterofall
|
2017.07.24
|
Votes 0
|
Views 52426335
|
masterofall | 2017.07.24 | 0 | 52426335 |
| 1375 |
Lead Generation for Dummies (2)
uday bhaskar
|
2017.07.20
|
Votes 0
|
Views 51357402
|
uday bhaskar | 2017.07.20 | 0 | 51357402 |
good book
good book
How to download this book? I don't fine any link....
please keep the book in downloads section, very good book.
Good work
How can I download this book? The link is missing. Please help. I really need this one. Thank you
only chapter 11?
Yes.It's mentioned in the article.
thanks
so great
Dear admin i have 750 points but i when i try to download this book then 100 point etc.. message is occur kindly help me
Very Good Books.
But There is only chapter 11.
Where can I get whole Books?
Help me.Please.
Thanks.
good book
nice book
very good
good
other chapters pls!