eBook Details
Author:Tom Gallagher, Lawrence Landauer, and Bryan Jeffries
No of Pages: 592 pages
Press: Microsoft Press;
Edition:1 edition
Dated:June 9, 2006
Language: English
ISBN-10: 073562187X
ISBN-13: 978-0735621879
eBook Description
Finding security flaws is now a fundamental development task, yet there has not been adequate documentation of the process used to find security bugs—until now. Before the Internet, computers were deployed in trusted environments and software development and testing practices emphasized functionality over security. As networking technologies emerged, though, times changed and people began to connect their computers together, instead of deploying in silos. However, development and testing practices did not account for attacks that could be mounted over networks.
The material currently available does not provide much practical guidance and the instructions given often fail to cultivate the right mindset and approach to enable people to successfully identify security issues before the software is published. This in-depth, technical reference highlights up-to-date tools, technologies, and techniques for helping find and eliminate vulnerabilities in software. Written for testers by testers, it delivers practical, hands-on guidance on how to find, classify, and assess bugs. In addition, this book covers the thought process behind security testing, use of source code to help in testing, and ways to spot security design flaws.
Keywords
Internet Explorer, Microsoft Windows, Web Proxy Editor, Next Steps, Process Explorer, Visual Studio, Server Profiler, File Edit View Favorites Tools Help, Search Favorites, Windows Media Player, Finding Entry Points, Local Service, Service Pack, Control Test Container, Internet Protocol, Launch External Editor, Log Viewer, Windows Server, Attacker Text, Code Red, Disassembly Address, Finding Weak Permissions, Object Browser, Pickle Result, Secure Sockets Layer,canonicalization issues, other stack variables, injection bug, using threat models, format string specifiers, untrusted data, disclosure bugs, spoofing issues, security testers, script injection attacks, weak permissions, validation form field, malicious responses, scripting bugs, scripting protocol, attacker data, format string attacks, scripting attacks, static code analysis tool, reverse lookup information, functionality testers, untrusted input, malicious data, heap overruns, printf call
Download Links
http://hotfile.com/dl/35298226/84c498d/073562187X_security_bugs.rar.html
0 comments:
Post a Comment