How to Break Software Security

Paladion
By Paladion

November 15, 2004

We take a look at the "How to Break Software Security" book by James A. Whittaker & Herbert H. Thompson on software security testing and attack techniques

How to Break Software SecurityThis is the sequel to “How to Break Software: A Practical Guide to Testing”. In this book, James Whittaker and Herbert Thompson introduce software testers to security testing. The book is organized as a sequence of attack techniques like Force the application to use corrupt files and Fake the source of data. For each of the 19 attacks discussed, the authors explain when to apply the attack, the cause of the vulnerability, how to verify if security is compromised and how to perform the attack. The focus is on the hands-on attack itself, and the authors have bundled their testing tool Holodeck version 1.3 in the accompanying CD ROM. The emphasis on using Holodeck does tend to distract one from the underlying testing technique.

In its favor, the book is strong on screen shots and real world examples. The book has several nuggets for the experienced security tester too. For instance, the authors point out that unused command line options from older versions might still be active and vulnerable as they have probably not been tested in the newer versions. This book is a good introduction to security testing for professional software testers.


Tags: Review

About

Paladion

SUBSCRIBE TO OUR BLOG

Buyers-Guide-Collateral

WHITEPAPER

Buyer’s Guide to Managed Detection and Response

Download
MDR

Get AI Powered

Managed Detection and Response

MDR-learmore-btn

 

MDR-Guide-Collateral

REPORT

AI-Driven Managed Detection and Response

Download Report
Episode

EPISODE-25

Red-LineAsset-6

Why Your ‘Likes’ on Facebook May Be Revealing Far More than You Thought

Click URL in the Post for the Full Podacst
  • FacebookAsset
  • LinkedinAsset
  • TwitterAsset