We strongly suggest this as part of your corporate security planning. Note the code samples and some of our internally developed tools will be available on September 15th at this site:
http://www.microsoft.com/mspress/companion/0-7356-2187-X/
———-
Learn how to think like an attacker — and identify potential security issues in your software. In this essential guide, security testing experts offer practical, hands-on guidance and code samples to help you find, classify, and assess security bugs before your software is released.
Chapter Listing:
- General Approach to Security Testing
- Using Threat Models for Security Testing
- Finding Entry Points
- Becoming a Malicious Client
- Becoming a Malicious Server
- Spoofing
- Information Disclosure
- Buffer Overruns and Stack and Heap Manipulation
- Format String Attacks
- HTML Scripting Attacks
- XML Issues
- Canonicalization Issues
- Finding Weak Permissions
- Denial of Service Attacks
- Managed Code Issues
- SQL Injection
- Observation & Reverse Engineering
- ActiveX Repurposing
- Additional Repurposing Attacks
- Reporting Security Bugs
Appendix A: Tools of the Trade
Appendix B: Security Test Case Cheat Sheet
kurtsh
