Your essential reference to software security testing—from the experts.
Learn how to think like an attacker—and identify potential security issues in your software. In this essential guide, security testing experts offer practical, hands-on guidance and code samples to help you find, classify, and assess security bugs before your software is released.
Discover how to:
- Identify high-risk entry points and create test cases
- Test clients and servers for malicious request/response bugs
- Use black box and white box approaches to help reveal security vulnerabilities
- Uncover spoofing issues, including identity and user interface spoofing
- Detect bugs that can take advantage of your program’s logic, such as SQL injection
- Test for XML, SOAP, and Web services vulnerabilities
- Recognize information disclosure and weak permissions issues
- Identify where attackers can directly manipulate memory
- Test with alternate data representations to uncover canonicalization issues
- Expose COM and ActiveX repurposing attacks
About the Authors
Tom Gallagher has been intrigued with both physical and computer security from a young age. In 1999, Tom graduated from Loyola University of New Orleans and was hired to work as a penetration tester for Microsoft SharePoint. Since then, he has continued to work on the security of different parts of Microsoft Office and is currently the lead of the Office Security Test team. This team is primarily focused on penetration testing, writing security testing tools, and educating program managers, developers, and testers about security issues.
Bryan Jeffries has been interested in computers for as long as he can remember. Upon graduating from North Carolina State University in 2001 with a BS degree in Computer Science, he left his home state of North Carolina to work for Microsoft Corporation in Redmond, Washington. He has been working as a software engineer in Microsoft SharePoint Products and Technologies for the past five years and is responsible for driving security testing across Microsoft Office Server System.
Lawrence Landauer's first interest in computers was as a hobby. After graduating from Montana State University in 1995 with a BS degree in Industrial and Management Engineering, he has since worked for Microsoft Corporation as a software engineer working on coding, testing, and training projects related to security, personal productivity, and deployment.