Hunting Security Bugs (Paperback)

Tom Gallagher, Lawrence Landauer, Bryan Jeffries

  • 出版商: MicroSoft
  • 出版日期: 2006-06-09
  • 定價: $1,750
  • 售價: 5.0$875
  • 語言: 英文
  • 頁數: 592
  • 裝訂: Paperback
  • ISBN: 073562187X
  • ISBN-13: 9780735621879
  • 相關分類: 資訊安全
  • 立即出貨(限量) (庫存=2)




Your essential reference to software security testing—from the experts.

Learn how to think like an attacker—and identify potential security issues in your software. In this essential guide, security testing experts offer practical, hands-on guidance and code samples to help you find, classify, and assess security bugs before your software is released.

Discover how to:
•Identify high-risk entry points and create test cases
•Test clients and servers for malicious request/response bugs
•Use black box and white box approaches to help reveal security vulnerabilities
•Uncover spoofing issues, including identity and user interface spoofing
•Detect bugs that can take advantage of your program’s logic, such as SQL injection
•Test for XML, SOAP, and Web services vulnerabilities
•Recognize information disclosure and weak permissions issues
•Identify where attackers can directly manipulate memory
•Test with alternate data representations to uncover canonicalization issues
•Expose COM and ActiveX repurposing attacks

PLUS—Get code samples and debugging tools on the Web





- 識別高風險入口點並建立測試案例
- 測試客戶端和伺服器的惡意請求/回應漏洞
- 使用黑盒和白盒方法來揭示安全漏洞
- 揭示欺騙問題,包括身份和使用者介面欺騙
- 檢測可以利用程式邏輯的錯誤,例如 SQL 注入
- 測試 XML、SOAP 和 Web 服務的漏洞
- 辨識資訊洩漏和弱權限問題
- 識別攻擊者可以直接操縱記憶體的地方
- 使用替代的資料表示方式進行測試,以揭示規範化問題
- 揭露 COM 和 ActiveX 的重新用途攻擊