Hunting Security Bugs - Secure Software Deve

Learn how to think like an attacker—and identify potential security issues in your software. In this essential guide, security testing experts offer practical, hands-on guidance and code samples to help you find, classify, and assess security bugs before your software is released.

Discover how to:

• Identify high-risk entry points and create test cases
• Test clients and servers for malicious request/response bugs
• Use black box and white box approaches to help reveal security vulnerabilities
• Uncover spoofing issues, including identity and user interface spoofing
• Detect bugs that can take advantage of your program's logic, such as SQL injection
• Test for XML, SOAP, and Web services vulnerabilities
• Recognize information disclosure and weak permissions issues
• Identify where attackers can directly manipulate memory
• Test with alternate data representations to uncover canonicalization issues
• Expose COM and ActiveX repurposing attacks

PLUS—Get code samples and debugging tools on the Web]]>