[Ebook] The Art of Software Security Testing: Identifying Software Security Flaws
State-of-the-Art Software Security Testing: Expert, Up to Date, and Comprehensive
The Art of Software Security Testing
delivers in-depth, up-to-date, battle-tested techniques for
anticipating and identifying software security problems before the “bad
guys” do.
Drawing
on decades of experience in application and penetration testing, this
book’s authors can help you transform your approach from mere
“verification” to proactive “attack.” The authors begin by
systematically reviewing the design and coding vulnerabilities that can
arise in software, and offering realistic guidance in avoiding them.
Next, they show you ways to customize software debugging tools to test
the unique aspects of any program and then analyze the results to
identify exploitable vulnerabilities.
Coverage includes
- Tips on how to think the way software attackers think to strengthen your defense strategy
- Cost-effectively integrating security testing into your development lifecycle
- Using threat modeling to prioritize testing based on your top areas of risk
- Building testing labs for performing white-, grey-, and black-box software testing
- Choosing and using the right tools for each testing project
- Executing today’s leading attacks, from fault injection to buffer overflows
- Determining which flaws are most likely to be exploited by real-world attackers
This
book is indispensable for every technical professional responsible for
software security: testers, QA specialists, security professionals,
developers, and more. For IT managers and leaders, it offers a proven
blueprint for implementing effective security testing or strengthening
existing processes.
Foreword xiii
Preface xvii
Acknowledgments xxix
About the Authors xxxi
Part I: Introduction
Chapter 1: Case Your Own Joint: A Paradigm Shift from Traditional Software Testing 3
Chapter 2: How Vulnerabilities Get Into All Software 19
Chapter 3: The Secure Software Development Lifecycle 55
Chapter 4: Risk-Based Security Testing: Prioritizing Security Testing with Threat Modeling 73
Chapter 5: Shades of Analysis: White, Gray, and Black Box Testing 93
Part II: Performing the Attacks
Chapter 6: Generic Network Fault Injection 107
Chapter 7: Web Applications: Session Attacks 125
Chapter 8: Web Applications: Common Issues 141
Chapter 9: Web Proxies: Using WebScarab 169
Chapter 10: Implementing a Custom Fuzz Utility 185
Chapter 11: Local Fault Injection 201
Part III: Analysis
Chapter 12: Determining Exploitability 233
Index 251
the attached file contatins chapter 11 only. thanks.
| Number | Title | Author | Date | Votes | Views |
| 1424 |
Byte of Python
tanthanh
|
2020.05.28
|
Votes 0
|
Views 45535292
|
tanthanh | 2020.05.28 | 0 | 45535292 |
| 1423 |
Surviving the Top Ten Challenges of Software Testing: A People-Oriented Approach (2)
^Software^
|
2019.07.22
|
Votes 0
|
Views 45966221
|
^Software^ | 2019.07.22 | 0 | 45966221 |
| 1422 |
Jmeter Cookbook (1)
VTB
|
2019.06.27
|
Votes 0
|
Views 46398072
|
VTB | 2019.06.27 | 0 | 46398072 |
| 1421 |
Java Testing : Maven - Reference (315 Pages) (1)
IT-Tester
|
2019.06.26
|
Votes 0
|
Views 46267823
|
IT-Tester | 2019.06.26 | 0 | 46267823 |
| 1420 |
Java Testing : Maven Example (154 Pages)
IT-Tester
|
2019.06.26
|
Votes 0
|
Views 46268507
|
IT-Tester | 2019.06.26 | 0 | 46268507 |
| 1419 |
AGILE TESTING - EBOOK (2)
HenryChuks
|
2019.05.31
|
Votes 0
|
Views 45513381
|
HenryChuks | 2019.05.31 | 0 | 45513381 |
| 1418 |
“Software Testing Career Package – A Software Tester’s Journey from Getting a Job to Becoming a Test Leader!”
aiitistqb
|
2018.10.16
|
Votes 0
|
Views 45428101
|
aiitistqb | 2018.10.16 | 0 | 45428101 |
| 1417 |
Practical Software Testing – New FREE eBook [Download] (2)
aiitistqb
|
2018.10.16
|
Votes 0
|
Views 45459262
|
aiitistqb | 2018.10.16 | 0 | 45459262 |
| 1416 |
The Pathologies of Failed Test Automation Projects
aiitistqb
|
2018.10.16
|
Votes 0
|
Views 45318254
|
aiitistqb | 2018.10.16 | 0 | 45318254 |
| 1415 |
Selenium WebDriver Practical Guide (4)
meo meo con con
|
2018.06.16
|
Votes 0
|
Views 46094779
|
meo meo con con | 2018.06.16 | 0 | 46094779 |
| 1414 |
Python for Informatics
melassiri
|
2018.06.04
|
Votes 0
|
Views 45886570
|
melassiri | 2018.06.04 | 0 | 45886570 |
| 1413 |
Hacking - The Art of Exploitation (7)
ravisk
|
2018.03.25
|
Votes 0
|
Views 45487516
|
ravisk | 2018.03.25 | 0 | 45487516 |
| 1412 |
Instant Penetration Testing Setting Up a Test Lab How-to (1)
ravisk
|
2018.03.24
|
Votes 0
|
Views 44125169
|
ravisk | 2018.03.24 | 0 | 44125169 |
| 1411 |
Practical-Guide-to-Software-System-Testing (3)
ravisk
|
2018.03.24
|
Votes 1
|
Views 46954881
|
ravisk | 2018.03.24 | 1 | 46954881 |
| 1410 |
EFFORT estimation software (1)
ravisk
|
2018.03.24
|
Votes 0
|
Views 45784053
|
ravisk | 2018.03.24 | 0 | 45784053 |
| 1409 |
Lee Copeland. A Practitioner's Guide to Software Test Design (19)
Unbroken
|
2017.12.15
|
Votes 0
|
Views 45370130
|
Unbroken | 2017.12.15 | 0 | 45370130 |
| 1408 |
http response codes (3)
SV369
|
2017.12.14
|
Votes 0
|
Views 46303151
|
SV369 | 2017.12.14 | 0 | 46303151 |
| 1407 |
«Hacking Mobile Exposed, Security secrets and solutions» (5)
Unbroken
|
2017.12.08
|
Votes 0
|
Views 46089633
|
Unbroken | 2017.12.08 | 0 | 46089633 |
| 1406 |
James A. Whittaker «Exploratory software testing» (8)
Unbroken
|
2017.12.08
|
Votes 1
|
Views 45828590
|
Unbroken | 2017.12.08 | 1 | 45828590 |
| 1405 |
FOUNDATIONS OF SOFTWARE TESTING (6)
marklouis
|
2017.12.05
|
Votes 0
|
Views 45734753
|
marklouis | 2017.12.05 | 0 | 45734753 |
| 1404 |
Python for informatics (2)
TesterQA
|
2017.12.01
|
Votes 0
|
Views 45579877
|
TesterQA | 2017.12.01 | 0 | 45579877 |
| 1403 |
Selenium Testing Tool Cookbook (11)
liliam001
|
2017.11.14
|
Votes 0
|
Views 44990479
|
liliam001 | 2017.11.14 | 0 | 44990479 |
| 1402 |
What is SQL Injection? (4)
ArifBaba
|
2017.10.28
|
Votes 0
|
Views 45537468
|
ArifBaba | 2017.10.28 | 0 | 45537468 |
| 1401 |
Oracle Middleware Tuning (4)
gpratikg
|
2017.10.08
|
Votes 0
|
Views 45461053
|
gpratikg | 2017.10.08 | 0 | 45461053 |
| 1400 |
Microsoft SQL Server 2012 (3)
yoshiharra
|
2017.10.08
|
Votes 0
|
Views 45956390
|
yoshiharra | 2017.10.08 | 0 | 45956390 |
| 1399 |
visual studio c sharp
vikasrao
|
2017.09.24
|
Votes 0
|
Views 45570715
|
vikasrao | 2017.09.24 | 0 | 45570715 |
| 1398 |
How to Break Web Software: Functional and Security Testing of Web Applications and Web Services (7)
vikasrao
|
2017.09.24
|
Votes 0
|
Views 45376674
|
vikasrao | 2017.09.24 | 0 | 45376674 |
| 1397 |
The Art of Unit Testing with Examples in .NET
vikasrao
|
2017.09.24
|
Votes 0
|
Views 45474238
|
vikasrao | 2017.09.24 | 0 | 45474238 |
| 1396 |
Scrum (2)
dhoanglong91
|
2017.09.23
|
Votes 1
|
Views 44875386
|
dhoanglong91 | 2017.09.23 | 1 | 44875386 |
| 1395 |
Python for Unix and Linux System Administration
Crismachado
|
2017.09.22
|
Votes 0
|
Views 45274963
|
Crismachado | 2017.09.22 | 0 | 45274963 |
| 1394 |
Ruby Best Practices (3)
Crismachado
|
2017.09.22
|
Votes 0
|
Views 45096405
|
Crismachado | 2017.09.22 | 0 | 45096405 |
| 1393 |
Python in Practice (2)
ManhAnh
|
2017.09.05
|
Votes 0
|
Views 45633598
|
ManhAnh | 2017.09.05 | 0 | 45633598 |
| 1392 |
Practical Object-Oriented Design in Ruby (2)
ManhAnh
|
2017.09.05
|
Votes 0
|
Views 44350620
|
ManhAnh | 2017.09.05 | 0 | 44350620 |
| 1391 |
Practical Cassandra (2)
ManhAnh
|
2017.09.05
|
Votes 0
|
Views 46045541
|
ManhAnh | 2017.09.05 | 0 | 46045541 |
| 1390 |
Development with the Force.com Platform, 3rd Edition (2)
ManhAnh
|
2017.09.05
|
Votes 0
|
Views 46590575
|
ManhAnh | 2017.09.05 | 0 | 46590575 |
| 1389 |
Apache Cordova 3 Programming (2)
ManhAnh
|
2017.09.05
|
Votes 0
|
Views 45625962
|
ManhAnh | 2017.09.05 | 0 | 45625962 |
| 1388 |
Software Testing - Ron Patton (4)
bugdetective
|
2017.09.04
|
Votes 0
|
Views 46675236
|
bugdetective | 2017.09.04 | 0 | 46675236 |
| 1387 |
The Art of Software Testing, 2rd Edition (1)
bugdetective
|
2017.09.04
|
Votes 0
|
Views 45582351
|
bugdetective | 2017.09.04 | 0 | 45582351 |
| 1386 |
Explore It!
bugdetective
|
2017.09.04
|
Votes 1
|
Views 45092880
|
bugdetective | 2017.09.04 | 1 | 45092880 |
| 1385 |
NoSQl (1)
getmedude
|
2017.08.27
|
Votes 0
|
Views 46444391
|
getmedude | 2017.08.27 | 0 | 46444391 |
| 1384 |
Art of testing (10)
dktzm89
|
2017.08.16
|
Votes 0
|
Views 45789011
|
dktzm89 | 2017.08.16 | 0 | 45789011 |
| 1383 |
Perl Book (1)
Ravish24
|
2017.08.15
|
Votes 0
|
Views 45392232
|
Ravish24 | 2017.08.15 | 0 | 45392232 |
| 1382 |
Automation Testing (5)
Ravish24
|
2017.08.15
|
Votes 1
|
Views 47341069
|
Ravish24 | 2017.08.15 | 1 | 47341069 |
| 1381 |
Prince2 model chart
AllGreen
|
2017.08.09
|
Votes 0
|
Views 45116545
|
AllGreen | 2017.08.09 | 0 | 45116545 |
| 1380 |
Prince2 for Dummies
AllGreen
|
2017.08.09
|
Votes 0
|
Views 46363667
|
AllGreen | 2017.08.09 | 0 | 46363667 |
| 1379 |
Unix and Linux testing (2)
pavan765
|
2017.08.01
|
Votes 0
|
Views 46520167
|
pavan765 | 2017.08.01 | 0 | 46520167 |
| 1378 |
Practical Software Testing (6)
Administrator
|
2017.07.24
|
Votes 0
|
Views 45179652
|
Administrator | 2017.07.24 | 0 | 45179652 |
| 1377 |
Selenium Notes (1)
masterofall
|
2017.07.24
|
Votes 0
|
Views 46006363
|
masterofall | 2017.07.24 | 0 | 46006363 |
| 1376 |
Practical Software Testing
masterofall
|
2017.07.24
|
Votes 0
|
Views 46553369
|
masterofall | 2017.07.24 | 0 | 46553369 |
| 1375 |
Lead Generation for Dummies (2)
uday bhaskar
|
2017.07.20
|
Votes 0
|
Views 45835345
|
uday bhaskar | 2017.07.20 | 0 | 45835345 |
good book
good book
How to download this book? I don't fine any link....
please keep the book in downloads section, very good book.
Good work
How can I download this book? The link is missing. Please help. I really need this one. Thank you
only chapter 11?
Yes.It's mentioned in the article.
thanks
so great
Dear admin i have 750 points but i when i try to download this book then 100 point etc.. message is occur kindly help me
Very Good Books.
But There is only chapter 11.
Where can I get whole Books?
Help me.Please.
Thanks.
good book
nice book
very good
good
other chapters pls!