Hunting Security Bugs | |
by Tom Gallagher, Bryan Jeffries and Lawrence Landauer | |
Microsoft Press 2006 (586 pages) | |
ISBN:073562187X | |
Offering practical advice, hands-on guidance and code samples, this essential guide will help you to find, classify, and assess security bugs before your software is released. |
Table of Contents | |||
Hunting Security Bugs | |||
Foreword | |||
Introduction | |||
Chapter 1 | - | General Approach to Security Testing | |
Chapter 2 | - | Using Threat Models for Security Testing | |
Chapter 3 | - | Finding Entry Points | |
Chapter 4 | - | Becoming a Malicious Client | |
Chapter 5 | - | Becoming a Malicious Server | |
Chapter 6 | - | Spoofing | |
Chapter 7 | - | Information Disclosure | |
Chapter 8 | - | Buffer Overflows and Stack and Heap Manipulation | |
Chapter 9 | - | Format String Attacks | |
Chapter 10 | - | HTML Scripting Attacks | |
Chapter 11 | - | XML Issues | |
Chapter 12 | - | Canonicalization Issues | |
Chapter 13 | - | Finding Weak Permissions | |
Chapter 14 | - | Denial of Service Attacks | |
Chapter 15 | - | Managed Code Issues | |
Chapter 16 | - | SQL Injection | |
Chapter 17 | - | Observation and Reverse Engineering | |
Chapter 18 | - | ActiveX Repurposing Attacks | |
Chapter 19 | - | Additional Repurposing Attacks | |
Chapter 20 | - | Reporting Security Bugs | |
Appendix A | - | Tools of the Trade | |
Appendix B | - | Security Test Cases Cheat Sheet | |
List of Figures | |||
List of Tables |