Tom Gallagher, Bryan Jeffries and Lawrence Landauer, «Hunting Security Bugs»

Your essential reference to software security testing – from the experts. Learn how to think like an attacker – and identify potential security issues in your software. In this essential guide, security testing experts offer practical, hands-on guidance and code samples to help you find, classify, and assess security bugs before your software is released.

Discover how to:
Identify high-risk entry points and create test cases
Test clients and servers for malicious request/response bugs
Use black box and white box approaches to help reveal security vulnerabilities
Uncover spoofing issues, including identity and user interface spoofing
Detect bugs that can take advantage of your program’s logic, such as SQL injection
Test for XML, SOAP, and Web services vulnerabilities
Recognize information disclosure and weak permissions issues
Identify where attackers can directly manipulate memory
Test with alternate data representations to uncover canonicalization issues
Expose COM and ActiveX repurposing attacks