Chapter 19: Security Testing

Part IV

Special Topics

Chapter 19

Security Testing

The designers, program managers, and architects have designed a good, secure product, and the developers have written great code now it's time for the testers to keep everyone honest! It's unfortunate, but many testers think they are the tail of the development process, cleaning up the mess left by developers. Nothing could be further from the truth; security testing is an important part of the overall process. In this chapter, I'll describe the important role testers play when delivering secure products, including being part of the entire process from the design phase to the ship phase. I'll also discuss how testers should approach security testing it's different from normal testing. This is a pragmatic chapter, full of information you can really use rather than theories of security testing.

The information in this chapter is based on an analysis of over 100 security vulnerabilities across multiple applications and operating systems, including Microsoft Windows, Linux, UNIX, and MacOS. After analyzing the bugs, I spent time working out how each bug could be caught during testing, the essence of which is captured herein.

At the end of the chapter I describe a new technique for determining the relative attack surface of an application; this can be used to help drive the attack points of an application down.



Writing Secure Code
Writing Secure Code, Second Edition
ISBN: 0735617228
EAN: 2147483647
Year: 2001
Pages: 286

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net