Testing Code Security: 1st Edition (Paperback) book cover

Testing Code Security

1st Edition

By Maura A. van der Linden

Auerbach Publications

328 pages

Purchasing Options:$ = USD
Paperback: 9780367389017
pub: 2019-12-20
SAVE ~$14.99
Available for pre-order. Item will ship after 20th December 2019
$74.95
$59.96
x
Hardback: 9780849392511
pub: 2007-06-07
SAVE ~$24.00
$120.00
$96.00
x
eBook (VitalSource) : 9780429186035
pub: 2007-06-07
from $37.48


FREE Standard Shipping!

Description

The huge proliferation of security vulnerability exploits, worms, and viruses place an incredible drain on both cost and confidence for manufacturers and consumers. The release of trustworthy code requires a specific set of skills and techniques, but this information is often dispersed and decentralized, encrypted in its own jargon and terminology, and can take a colossal amount of time and data mining to find.

Written in simple, common terms, Testing Code Security is a consolidated resource designed to teach beginning and intermediate testers the software security concepts needed to conduct relevant and effective tests. Answering the questions pertinent to all testing procedures, the book considers the differences in process between security testing and functional testing, the creation of a security test plan, the benefits and pitfalls of threat-modeling, and the identification of root vulnerability problems and how to test for them. The book begins with coverage of foundation concepts, the process of security test planning, and the test pass. Offering real life examples, it presents various vulnerabilities and attacks and explains the testing techniques appropriate for each. It concludes with a collection of background overviews on related topics to fill common knowledge gaps. Filled with cases illustrating the most common classes of security vulnerabilities, the book is written for all testers working in any environment, and it gives extra insight to threats particular to Microsoft Windows® platforms.

Providing a practical guide on how to carry out the task of security software testing, Testing Code Security gives the reader the knowledge needed to begin testing software security for any project and become an integral part in the drive to produce better software security and safety.

Table of Contents

Introduction, Security Vocabulary, Software Testing and Changes in the Security Landscape, All Trust Is Misplaced, Security Testing Considerations, Threat Modeling and Risk Assessment Processes, Personas and Testing, Security Test Planning, Sample Security Considerations, Vulnerability Case Study - Brute Force Browsing, Vulnerability Case Study - Buffer Overruns, Vulnerability Case Study - Cookie Tampering, Vulnerability Case Study: Cross-Site Scripting (XSS), Vulnerability Case Study: Denial of Service/Distributed Denial of Service, Vulnerability Case Study: Format String Vulnerabilities, Vulnerability Case Study: Integer Overflows and Underflows, Vulnerability Case Study: Man-in-the-Middle Attacks, Vulnerability Case Study - Password Cracking, Vulnerability Case Study - Session Hijacking, Vulnerability Case Study - Spoofing Attacks, Vulnerability Case Study - SQL Injection, Fuzz Testing, Background - Cryptography, Background - Firewalls, Background - OSI Network Model, Background - Proxy Servers, Background - TCP/IP and Other Networking Protocols, Background - Test Case Outlining (TCO), Additional Sources of Information, Index

About the Author

van der Linden, Maura A.

Subject Categories

BISAC Subject Codes/Headings:
COM032000
COMPUTERS / Information Technology
COM051010
COMPUTERS / Programming Languages / General
COM051230
COMPUTERS / Software Development & Engineering / General
COM053000
COMPUTERS / Security / General