Posted by: kurtsh | September 11, 2006

BOOK: Hunting Security Bugs

We strongly suggest this as part of your corporate security planning.   Note the code samples and some of our internally developed tools will be available on September 15th at this site:


Learn how to think like an attacker — and identify potential security issues in your software. In this   essential guide, security testing experts offer practical, hands-on guidance and code samples to help you find, classify, and assess security bugs before your software is released.

Chapter Listing:

  1. General Approach to Security Testing
  2. Using Threat Models for Security Testing
  3. Finding Entry Points
  4. Becoming a Malicious Client
  5. Becoming a Malicious Server
  6. Spoofing
  7. Information Disclosure
  8. Buffer Overruns and Stack and Heap Manipulation
  9. Format String Attacks
  10. HTML Scripting Attacks
  11. XML Issues
  12. Canonicalization Issues
  13. Finding Weak Permissions
  14. Denial of Service Attacks
  15. Managed Code Issues
  16. SQL Injection
  17. Observation & Reverse Engineering
  18. ActiveX Repurposing
  19. Additional Repurposing Attacks
  20. Reporting Security Bugs

Appendix A: Tools of the Trade

Appendix B: Security Test Case Cheat Sheet


%d bloggers like this: