Hunting Security Bugs

Hunting Security Bugs
Published:August 30, 2006Language:English
Author:Tom Gallagher; Bryan Jeffries; Lawrence LandauerTechnology:Security
Length:592 PagesISBN 13:9780735621879

List Price:

$ 49.99
About The BookYour essential reference to software security testing—from the experts.

Learn how to think like an attacker—and identify potential security issues in your software. In this essential guide, security testing experts offer practical, hands-on guidance and code samples to help you find, classify, and assess security bugs before your software is released. Discover how to:
  • Identify high-risk entry points and create test cases
  • Test clients and servers for malicious request/response bugs
  • Use black box and white box approaches to help reveal security vulnerabilities
  • Uncover spoofing issues, including identity and user interface spoofing
  • Detect bugs that can take advantage of your program’s logic, such as SQL injection
  • Test for XML, SOAP, and Web services vulnerabilities
  • Recognize information disclosure and weak permissions issues
  • Identify where attackers can directly manipulate memory
  • Test with alternate data representations to uncover canonicalization issues
  • Expose COM and ActiveX repurposing attacksPLUS—Get code samples and debugging tools on the Web
  • About Tom Gallagher; Bryan Jeffries; Lawrence LandauerTom Gallagher is the lead of the Microsoft Office Security Test team, where he focuses on penetration testing, writing security testing tools, and providing security education.

    Bryan Jeffries is a software engineer responsible for driving security testing on Microsoft SharePoint Products and Technologies.

    Lawrence Landauer is a software engineer at Microsoft where he works on coding, testing, and training projects related to security, personal productivity, and deployment.

    Michael Howard, Series Consulting Editor, is a leading security expert and author
    Looking for training resources, events and advice from peers? Join the Microsoft Training and Certification Community. Preparing for an exam now? Find your Microsoft Certification Study Group. Talk to us on these social networks:
    What do you think of this book? Your feedback is important in helping us create books that serve your needs and meet your expectations.Please take our survey at

    Note: You will need this book's 13-digit International Standard Book Number (ISBN) to take the survey.The ISBN 13 can be found above.
    To report or search for corrections in this book or its companion content,
    search for the title in our online store and then check the Errata & Updates tab. To report errors, please go to our Submit errata page.