Testing Code Security
The huge proliferation of security vulnerability exploits, worms, and viruses place an incredible drain on both cost and confidence for manufacturers and consumers. The release of trustworthy code requires a specific set of skills and techniques, but this information is often dispersed and decentral...
Đã lưu trong:
Tác giả chính: | |
---|---|
Định dạng: | Sách |
Ngôn ngữ: | English |
Được phát hành: |
CRC Press
2009
|
Truy cập trực tuyến: | http://scholar.dlu.edu.vn/thuvienso/handle/DLU123456789/1539 |
Các nhãn: |
Thêm thẻ
Không có thẻ, Là người đầu tiên thẻ bản ghi này!
|
Thư viện lưu trữ: | Thư viện Trường Đại học Đà Lạt |
---|
id |
oai:scholar.dlu.edu.vn:DLU123456789-1539 |
---|---|
record_format |
dspace |
institution |
Thư viện Trường Đại học Đà Lạt |
collection |
Thư viện số |
language |
English |
description |
The huge proliferation of security vulnerability exploits, worms, and viruses place an incredible drain on both cost and confidence for manufacturers and consumers. The release of trustworthy code requires a specific set of skills and techniques, but this information is often dispersed and decentralized, encrypted in its own jargon and terminology, and can take a colossal amount of time and data mining to find.
Written in simple, common terms, Testing Code Security is a consolidated resource designed to teach beginning and intermediate testers the software security concepts needed to conduct relevant and effective tests. Answering the questions pertinent to all testing procedures, the book considers the differences in process between security testing and functional testing, the creation of a security test plan, the benefits and pitfalls of threat-modeling, and the identification of root vulnerability problems and how to test for them. The book begins with coverage of foundation concepts, the process of security test planning, and the test pass. Offering real life examples, it presents various vulnerabilities and attacks and explains the testing techniques appropriate for each. It concludes with a collection of background overviews on related topics to fill common knowledge gaps. Filled with cases illustrating the most common classes of security vulnerabilities, the book is written for all testers working in any environment, and it gives extra insight to threats particular to Microsoft Windows® platforms.
Providing a practical guide on how to carry out the task of security software testing, Testing Code Security gives the reader the knowledge needed to begin testing software security for any project and become an integral part in the drive to produce better software security and safety. |
format |
Book |
author |
Linden, Maura van der |
spellingShingle |
Linden, Maura van der Testing Code Security |
author_facet |
Linden, Maura van der |
author_sort |
Linden, Maura van der |
title |
Testing Code Security |
title_short |
Testing Code Security |
title_full |
Testing Code Security |
title_fullStr |
Testing Code Security |
title_full_unstemmed |
Testing Code Security |
title_sort |
testing code security |
publisher |
CRC Press |
publishDate |
2009 |
url |
http://scholar.dlu.edu.vn/thuvienso/handle/DLU123456789/1539 |
_version_ |
1757678675203981312 |
spelling |
oai:scholar.dlu.edu.vn:DLU123456789-15392009-12-04T01:37:05Z Testing Code Security Linden, Maura van der The huge proliferation of security vulnerability exploits, worms, and viruses place an incredible drain on both cost and confidence for manufacturers and consumers. The release of trustworthy code requires a specific set of skills and techniques, but this information is often dispersed and decentralized, encrypted in its own jargon and terminology, and can take a colossal amount of time and data mining to find. Written in simple, common terms, Testing Code Security is a consolidated resource designed to teach beginning and intermediate testers the software security concepts needed to conduct relevant and effective tests. Answering the questions pertinent to all testing procedures, the book considers the differences in process between security testing and functional testing, the creation of a security test plan, the benefits and pitfalls of threat-modeling, and the identification of root vulnerability problems and how to test for them. The book begins with coverage of foundation concepts, the process of security test planning, and the test pass. Offering real life examples, it presents various vulnerabilities and attacks and explains the testing techniques appropriate for each. It concludes with a collection of background overviews on related topics to fill common knowledge gaps. Filled with cases illustrating the most common classes of security vulnerabilities, the book is written for all testers working in any environment, and it gives extra insight to threats particular to Microsoft Windows® platforms. Providing a practical guide on how to carry out the task of security software testing, Testing Code Security gives the reader the knowledge needed to begin testing software security for any project and become an integral part in the drive to produce better software security and safety. Introduction Why Is This Book Being Written? Why Am I Writing This Book Goals of This Book Intended Audience How This Book Is Organized Security Vocabulary Virus or Attack Naming Security Terminology Software Testing and Changes in the Security Landscape Software Testing as a Discipline Security Has Become More of a Priority Security Efforts Have Become More Visible Perimeter Security Just Isn't Enough All Trust Is Misplaced Security Testing Considerations Security Testing Versus Functional Testing Discovery of Software Vulnerabilities Assume Attackers Know Everything You Do Know Your Attackers Exploiting Software Vulnerabilities Common Security Hindering Phrases Software Development Life Cycle versus Security-Testing Life Cycle Black-Box versus White-Box Security Testing Guard Your Own Gates The Role of Security Testing Effectively Presenting Security Issues Threat Modeling and Risk Assessment Processes Threat Modeling Terms Initial Modeling of Threats Pitfalls of Threat Modeling Threat Trees DREAD STRIDE MERIT OCTAVE and OCTAVE-S Personas and Testing Creating Personas Using Personas Pitfalls of Personas Security Personas Security Test Planning Overview of the Process Start Drafting Your Test Documents Dissect the System Gather Information Develop Security Cases Prioritize Tests Develop a Test Plan of Attack Draft a Schedule Review the Plan and Test Cases Run Test Passes Postmortem the Results Sample Security Considerations Universal Stand-Alone Applications APIs Web Applications/Web Services/Distributed Applications Vulnerability Case Study - Brute Force Browsing Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Vulnerability Case Study - Buffer Overruns Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Vulnerability Case Study - Cookie Tampering Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Vulnerability Case Study: Cross-Site Scripting (XSS) Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Vulnerability Case Study: Denial of Service/Distributed Denial of Service Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Vulnerability Case Study: Format String Vulnerabilities Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Tools Vulnerability Case Study: Integer Overflows and Underflows Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Vulnerability Case Study: Man-in-the-Middle Attacks Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Vulnerability Case Study - Password Cracking Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Vulnerability Case Study - Session Hijacking Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Vulnerability Case Study - Spoofing Attacks Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Vulnerability Case Study - SQL Injection Pseudonyms Description Anatomy of an Exploit Real-World Examples Test Techniques Fuzz Testing Assumptions Process Steps Case Studies Background - Cryptography Encryption How Encryption Works Encryption Tools Crypto Is Not Always Secure The Future of Crypto Background - Firewalls TCP/IP Port Scanners Types of Firewalls Drawbacks to Using Firewalls Background - OSI Network Model Application Layer (Layer 7) Presentation Layer (Layer 6) Session Layer (Layer 5) Transport Layer (Layer 4) Network Layer (Layer 3) Data Link Layer (Layer 2) Physical Layer (Layer 1) Background - Proxy Servers Types of Proxy Servers Circumventor Anonymous Background - TCP/IP and Other Networking Protocols TCP IP UDP ICMP ARP RARP BOOTP DHCP Background - Test Case Outlining (TCO) Goals What Is (and Is Not) a TCO Benefits of a TCO Steps in Test Case Outlining TCO Formats TCO Maintenance TCO to Scenario Additional Sources of Information Recommended Reading Recommended Web Sites and Mailing Lists Index 2009-12-04T01:37:04Z 2009-12-04T01:37:04Z 2007 Book http://scholar.dlu.edu.vn/thuvienso/handle/DLU123456789/1539 en application/rar CRC Press |