The Art of Software Security Testing: Identifying Software Security Flaws
Writers: Elfriede Dustin, Lucas Nelson, Chris Wysopal, Dino Dai Zovi
Published: 27 November 2006The Art of Software Security Testing delivers in-depth, up-to-date, battle-tested techniques for anticipating and identifying software security problems before the "bad guys" do.
Drawing on decades of experience in application and penetration testing, this bookÂ?s authors can help you transform your approach from mere Â?verificationÂ? to proactive "attack". The authors begin by systematically reviewing the design and coding vulnerabilities that can arise in software, and offering realistic guidance in avoiding them. Next, they show you ways to customize software debugging tools to test the unique aspects of any program and then analyze the results to identify exploitable vulnerabilities.
Coverage includes
- Tips on how to think the way software attackers think to strengthen your defense strategy
- Cost-effectively integrating security testing into your development lifecycle
- Using threat modeling to prioritize testing based on your top areas of risk
- Building testing labs for performing white-, grey-, and black-box software testing
- Choosing and using the right tools for each testing project
- Executing todayÂ?s leading attacks, from fault injection to buffer overflows
- Determining which flaws are most likely to be exploited by real-world attackers
This book is indispensable for every technical professional responsible for software security: testers, QA specialists, security professionals, developers, and more. For IT managers and leaders, it offers a proven blueprint for implementing effective security testing or strengthening existing processes.Pages: 312
ISBN: 0321304861
ISBN-13: 978-0321304865
Buy at bookdepository.com free delivery worldwide.
