Hunting Security Bugs

Your essential reference to software security testing - from the experts: Learn how to think like an attacker - and identify potential security issues in your software. In this essential guide, three security testing experts offer practical, hands-on guidance and code samples to help you find, classify, and assess security bugs before your software is released.

Discover how to:
- Identify high-risk entry points and create test cases
- Test clients and servers for malicious request/response bugs
- Use black box and white box approaches to help reveal security vulnerabilities
- Uncover spoofing issues, including identity and user interface spoofing
- Detect bugs that can take advantage of your program´s logic, such as SQL injection
- Test for XML, SOAP, and Web services vulnerabilities
- Recognize information disclosure and weak permissions issues
- Identify where attackers can directly manipulate memory
- Use alternate data representations to uncover canonicalization issues
- Expose COM and ActiveX repurposing attacks


About the Authors:
Tom Gallagher is the lead of the Microsoft Office Security Test team, where he focuses on penetration testing, writing security testing tools, and providing security education.
Bryan Jeffries is a software engineer responsible for driving security testing on Microsoft SharePoint Products and Technologies.
Lawrence Landauer is a software engineer at Microsoft where he works on coding, testing, and training projects related to security, personal productivity, and deployment.
Michael Howard, Series Consulting Editor, is a leading security expert and author.