Hunting security bugs
| Main Authors: | , , |
|---|---|
| Format: | Book |
| Language: | English |
| Published: |
Redmond, WA :
Microsoft Press ,
c2006
|
| Series: | Secure software development series
|
| Subjects: |
Table of Contents:
- 1. General approach to security testing
- 2. Using threat models for security testing
- 3. Finding entry points
- 4. Becoming a malicious client
- 5. Becoming a malicious server
- 6. Spoofing
- 7. Information disclosure
- 8. Buffer overflows and stack and heap manipulation
- 9. Format string attacks
- 10. HTML scripting attacks
- 11. XML issues
- 12. Canonicalization issues
- 13. Finding weak permissions
- 14. Denial of service attacks
- 15. Managed code issues
- 16. SQL injection
- 17. Observation and reserve engineering
- 18. ActiveX repurposing attacks
- 19. Additional repurposing attacks
- 20. Reporting security bugs