| Finding security flaws is now a fundamental development task, yet there has not been adequate documentation of the process used to find security bugs until now. Before the Internet, computers were deployed in trusted environments and software development and testing practices emphasized functionality over security. As networking technologies emerged, though, times changed and people began to connect their computers together, instead of deploying in silos. However, development and testing practices did not account for attacks that could be mounted over networks.
This technical reference highlights up to date tools, technologies, and techniques for helping find & eliminate vulnerabilities in software. Written for testers by testers, it delivers guidance on how to find, classify, and assess bugs. Key book benefits:
- Delivers guidance on security bugs, how to find them, and how to help prevent them;
- Provides specific, actionable technical details about security testing;
- Covers these subjects, among others: The thought process behind security testing; Research & experience on how to find security bugs; How to classify the bugs you've found; What to do when you've found a bug; How to tell if a bug is serious and whether it is a security bug; Use of source code to help in security testing; Ways to spot security design flaws. | |
