The Art of Software Security Testing
Identifying Software Security Flaws
(Sprache: Englisch)
Risk-based security testing, the important subject of this book, is one of seven software security touchpoints introduced in my book, Software Security: Building Security In . This book takes the basic idea several steps forward. Written by masters of...
Leider schon ausverkauft
versandkostenfrei
Buch
48.10 €
Produktdetails
Produktinformationen zu „The Art of Software Security Testing “
Klappentext zu „The Art of Software Security Testing “
Risk-based security testing, the important subject of this book, is one of seven software security touchpoints introduced in my book, Software Security: Building Security In . This book takes the basic idea several steps forward. Written by masters of software exploit, this book describes in very basic terms how security testing differs from standard software testing as practiced by QA groups everywhere. It unifies in one place ideas from Michael Howard, David Litchfield, Greg Hoglund, and me into a concise introductory package. Improve your security testing by reading this book today."- Gary McGraw , Ph.D., CTO, Cigital; Author, Software Security, Exploiting Software, Building Secure Software, and Software Fault Injection ; www.cigital.com/~gem
"As 2006 closes out, we will see over 5,000 software vulnerabilities announced to the public. Many of these vulnerabilities were, or will be, found in enterprise applications from companies who are staffed with large, professional, QA teams. How then can it be that these flaws consistently continue to escape even well-structured diligent testing? The answer, in part, is that testing still by and large only scratches the surface when validating the presence of security flaws. Books such as this hopefully will start to bring a more thorough level of understanding to the arena of security testing and make us all a little safer over time."
- Alfred Huger , Senior Director, Development, Symantec Corporation
"Software security testing may indeed be an art, but this book provides the paint-by-numbers to perform good, solid, and appropriately destructive security testing: proof that an ounce of creative destruction is worth a pound of patching later. If understanding how software can be broken is step one in every programmers' twelve-step program to defensible, secure, robust software, then knowledgeable security testing comprises at least steps two through six."
- Mary Ann Davidson , Chief Security Officer,
... mehr
Oracle
"Over the past few years, several excellent books have come out teaching developers how to write more secure software by describing common security failure patterns. However, none of these books have targeted the tester whose job it is to find the security problems before they make it out of the R&D lab and into customer hands. Into this void comes The Art of Software Security Testing: Identifying Software Security Flaws . The authors, all of whom have extensive experience in security testing, explain how to use free tools to find the problems in software, giving plenty of examples of what a software flaw looks like when it shows up in the test tool. The reader learns why security flaws are different from other types of bugs (we want to know not only that 'the program does what it's supposed to,' but also that 'the program doesn't do that which it's not supposed to'), and how to use the tools to find them. Examples are primarily based on C code, but some description of Java, C#, and scripting languages help for those environments. The authors cover both Windows and UNIX-based test tools, with plenty of screenshots to see what to expect. Anyone who's doing QA testing on software should read this book, whether as a refresher for finding security problems, or as a starting point for QA people who have focused on testing functionality."
- Jeremy Epstein , WebMethods
State-of-the-Art Software Security Testing: Expert, Up to Date, and Comprehensive
The Art of Software Security Testing delivers in-depth, up-to-date, battle-tested techniques for anticipating and identifying software security problems before the "bad guys" do.
Drawing on decades of experience in application and penetration testing, this book's authors can help you transform your approach from mere "verification" to pr
"Over the past few years, several excellent books have come out teaching developers how to write more secure software by describing common security failure patterns. However, none of these books have targeted the tester whose job it is to find the security problems before they make it out of the R&D lab and into customer hands. Into this void comes The Art of Software Security Testing: Identifying Software Security Flaws . The authors, all of whom have extensive experience in security testing, explain how to use free tools to find the problems in software, giving plenty of examples of what a software flaw looks like when it shows up in the test tool. The reader learns why security flaws are different from other types of bugs (we want to know not only that 'the program does what it's supposed to,' but also that 'the program doesn't do that which it's not supposed to'), and how to use the tools to find them. Examples are primarily based on C code, but some description of Java, C#, and scripting languages help for those environments. The authors cover both Windows and UNIX-based test tools, with plenty of screenshots to see what to expect. Anyone who's doing QA testing on software should read this book, whether as a refresher for finding security problems, or as a starting point for QA people who have focused on testing functionality."
- Jeremy Epstein , WebMethods
State-of-the-Art Software Security Testing: Expert, Up to Date, and Comprehensive
The Art of Software Security Testing delivers in-depth, up-to-date, battle-tested techniques for anticipating and identifying software security problems before the "bad guys" do.
Drawing on decades of experience in application and penetration testing, this book's authors can help you transform your approach from mere "verification" to pr
... weniger
Bibliographische Angaben
- 2006, 312 Seiten, mit Abbildungen, Maße: 23,4 cm, Kartoniert (TB), Englisch
- By Chris Wysopal, Lucas Nelson, Dino Dai Zovi and Elfriede Dustin
- Verlag: Addison-Wesley Longman, Amsterdam
- ISBN-10: 0321304861
- ISBN-13: 9780321304865
Sprache:
Englisch
Kommentar zu "The Art of Software Security Testing"
0 Gebrauchte Artikel zu „The Art of Software Security Testing“
Zustand | Preis | Porto | Zahlung | Verkäufer | Rating |
---|
Schreiben Sie einen Kommentar zu "The Art of Software Security Testing".
Kommentar verfassen